网络环境,一台Ubuntu服务器三个网卡,其中eth0,eth1 针对不同的内部网段,eth2连接adsl,使用PPPOE拨号。
# pwd
代码:
/etc/shorewall
# cat interfaces
代码:
net ppp0 detect
loc1 eth0 detect dhcp
loc2 eth1 detect dhcp
# cat masq
代码:
eth0 eth1
ppp0 eth0
ppp0 eth1
# cat modules
代码:
loadmodule ip_tables
loadmodule iptable_filter
loadmodule ip_conntrack
loadmodule ip_conntrack_ftp
loadmodule ip_conntrack_tftp
loadmodule ip_conntrack_irc
loadmodule iptable_nat
loadmodule ip_nat_ftp
loadmodule ip_nat_tftp
loadmodule ip_nat_irc
loadmodule ip_conntrack_proto_gre
loadmodule ip_conntrack_pptp
loadmodule ip_nat_pptp
loadmodule ip_nat_proto_gre
# cat policy
代码:
loc1 fw ACCEPT
loc2 fw ACCEPT
fw all ACCEPT
net all DROP info
all all REJECT info
# cat zones
代码:
net Internet 0.0.0.0/24
loc2 Local 192.168.2.0/24
loc1 Local 192.168.1.0/24
# cat rules
代码:
#tarGET SOURCE DEST PROTO DEST SOURCE RATE USER/
# PORT PORT(S) LIMIT GROUP
AllowDNS all net
AllowSMTP loc1 net
AllowSMTP loc2 net
AllowIMAP loc1 net
AllowIMAP loc2 net
AllowPOP3 loc1 net
AllowPOP3 loc2 net
AllowFTP all fw
AllowPing all fw
AllowSMB loc1 fw
AllowSMB loc2 fw
AllowSSH all fw
AllowSSH loc1 fw
AllowSVN loc1 fw
AllowSVN loc2 fw
AllowWeb all fw
AllowVNC all all
AllowVNCL all all
AllowBitTorrent all all
AllowCVS loc1 net
ACCEPT loc1 loc2:192.168.2.3 all
ACCEPT loc1 loc2:192.168.2.6 all
#admin
ACCEPT loc1:~00-50-BA-69-A3-6D all all
#UC
ACCEPT all fw tcp 3001
ACCEPT all net tcp 3001
#msn
ACCEPT all net tcp 1863
ACCEPT all net tcp 443
ACCEPT all net:65.54.239.211 all
ACCEPT all net udp 9
ACCEPT all net udp 7001