Squid加IpTables实现网关防火墙的方法

需求说明:此服务器用作网关、MAIL(开启web、smtp、pop3)、FTP、DHCP服务器,内部一台机器(192.168.0.254)对外提供dns服务,为了不让无意者轻易看出此服务器开启了ssh服务器,故把ssh端口改为2018.另把proxy的端口改为60080

eth0:218.28.20.253,外网口

eth1:192.168.0.1/24,内网口

[jackylau@proxyserver init.d]$cat /etc/squid/squid.conf(部份如下)

http_port 192.168.0.1:60080

httpd_accel_port 80

httpd_accel_host virtual

httpd_accel_with_proxy on

httpd_accel_uses_host_header on

acl allow_lan src 192.168.0.0/24

http_access allow allow_lan

visible_hostname proxyserver

[jackylau@proxyserver init.d]$ cat firewall

#!/bin/sh

# Author: jackylau ;

# chkconfig: 2345 08 92

# description: firewall

# Time on 2005.08.02

# killproc

# Set ENV

INET_IP="218.28.20.253"

INET_IFACE="eth0"

LAN_IP="192.168.0.1"

LAN_IP_RANGE="192.168.0.0/24"

LAN_BROADCAST_ADDRESS="192.168.0.255"

LAN_IFACE="eth1"

LO_IFACE="lo"

LO_IP="127.0.0.1"

IPTABLES="/sbin/iptables"

start(){

echo -n $"Starting firewall:"

/sbin/depmod -a

/sbin/modprobe ip_tables

/sbin/modprobe ip_conntrack

/sbin/modprobe iptable_filter

/sbin/modprobe iptable_mangle

/sbin/modprobe iptable_nat

/sbin/modprobe ipt_LOG

/sbin/modprobe ipt_limit

/sbin/modprobe ipt_state

echo "1" >; /proc/sys/net/ipv4/ip_forward

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/bedec58a6400c3b155e36a0db9165be9.html