我用ADSL上网 eth0接外网
eth1接lan
[root@www waker]# /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:BA:5F:55:AB
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:239097 errors:0 dropped:0 overruns:0 frame:0
TX packets:225234 errors:0 dropped:0 overruns:0 carrier:0
collisions:102
RX bytes:220362259 (210.1 Mb) TX bytes:31432172 (29.9 Mb)
eth1 Link encap:Ethernet HWaddr 00:50:BA:5F:A0:F2
inet addr:192.168.1.251 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:158144 errors:0 dropped:0 overruns:0 frame:0
TX packets:215948 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:23543732 (22.4 Mb) TX bytes:210344944 (200.6 Mb)
lo Link encap
ocal Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:29037 errors:0 dropped:0 overruns:0 frame:0
TX packets:29037 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:11247744 (10.7 Mb) TX bytes:11247744 (10.7 Mb)
ppp0 Link encap
oint-to-Point Protocol
inet addr:218.2.158.7 P-t-P:218.2.158.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:227 (227.0 b) TX bytes:124 (124.0 b)
修改你的例子代码为
#!/bin/sh
#edit by waterbird, 2002.4.4
echo "starting the firewall..."
##Ismod the firewall modules
#modprobe ip_tables
##Enable the ip_forward
echo "1" > /proc/sys/net/ipv4/ip_forward
##clear the chains
iptables -F
iptables -X
iptables -F -t nat
##Define the policy
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
##Define the IP and Interface
LAN_IP="192.168.1.251"
LAN_IFACE="eth1"
ADSL_IFACE="ppp+"
IPTABLES="/sbin/iptables"
#########################POSTROUTING chain
#MASQUERADE
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -o ppp+ -j MASQUERADE
##########################FORWARD rules
#accept LAN IP go out
$IPTABLES -A FORWARD -i $LAN_IFACE -s 192.168.1.0/24 -j ACCEPT
#accept come back packets from INTERNET
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
###########################INPUT chain
#for come back from this adsl-server packets
$IPTABLES -A INPUT -i $ADSL_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
echo "firewall started! :-D"
结果客户机上不了
而且TELNET不到192.168.1.251
客户机DNS为192.168.1.251
网关为192.168.1.251
什么地方错了
--------------------next---------------------
想把web访问定向到squid
iptables -t nat -A PREROUTING -i $LAN_IFACE -p tcp --dport www -j REDIRECT --to-
port 3128
结果
ERROR
The requested URL could not be retrieved
--------------------------------------------------------------------------------
While trying to retrieve the URL: /
The following error was encountered:
Invalid URL
Some aspect of the requested URL is incorrect. Possible problems:
Missing or incorrect access protocol (should be `'' or similar)
Missing hostname
Illegal double-escape in the URL-Path
Illegal character in hostname; underscores are not allowed
Your cache administrator is root.
--------------------------------------------------------------------------------
Generated Tue, 09 Apr 2002 08:27:51 GMT by (Squid/2.4.STABLE1)
--------------------next---------------------
