需求说明:此服务器用作网关、MAIL(开启web、smtp、pop3)、FTP、DHCP服务器,内部一台机器(192.168.0.254)对外提供dns服务,为了不让无意者轻易看出此服务器开启了ssh服务器,故把ssh端口改为2018.另把proxy的端口改为60080
eth0:218.28.20.253,外网口
eth1:192.168.0.1/24,内网口
[jackylau@proxyserver init.d]$cat /etc/squid/squid.conf(部份如下)
http_port 192.168.0.1:60080
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl allow_lan src 192.168.0.0/24
http_access allow allow_lan
visible_hostname proxyserver
[jackylau@proxyserver init.d]$ cat firewall
#!/bin/sh
# Author: jackylau ;
# chkconfig: 2345 08 92
# description: firewall
# Time on 2005.08.02
# killproc
# Set ENV
INET_IP="218.28.20.253"
INET_IFACE="eth0"
LAN_IP="192.168.0.1"
LAN_IP_RANGE="192.168.0.0/24"
LAN_BROADCAST_ADDRESS="192.168.0.255"
LAN_IFACE="eth1"
LO_IFACE="lo"
LO_IP="127.0.0.1"
IPTABLES="/sbin/iptables"
start(){
echo -n $"Starting firewall:"
/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state
echo "1" >; /proc/sys/net/ipv4/ip_forward