我的linux版本是ubuntu7.04
1。首先安装shorewall:sudo apt-get install shorewall
2。然后拷贝配置文件:
sudo cp /usr/share/shorewall/modules /etc/shorewall
sudo cp /usr/share/doc/shorewall/default-config/policy /etc/shorewall/
sudo cp /usr/share/doc/shorewall/default-config/nat /etc/shorewall/
sudo cp /usr/share/doc/shorewall/default-config/zones /etc/shorewall/
sudo cp /usr/share/doc/shorewall/default-config/maclist /etc/shorewall/
sudo cp /usr/share/doc/shorewall/default-config/blacklist /etc/shorewall/
sudo cp /usr/share/doc/shorewall/default-config/interfaces /etc/shorewall/interfaces
sudo cp /usr/share/doc/shorewall/default-config/rules /etc/shorewall/rules
sudo cp /usr/share/doc/shorewall/default-config/hosts /etc/shorewall/hosts
sudo cp /usr/share/doc/shorewall/default-config/masq /etc/shorewall/masq
3。然后cd /etc/shorewall 进入配置目录。
4。配置网卡 vi interface
只要再最后一行加上 net eth0 detect
5..配置IP伪装 vi masq
只要在最后一行加上 eth0
6。配置策略vi policy
最后一行加上 fw net ACCEPT
net all DROP info
all all REJECT info
7.配置网络别名 vi zones
最后一行加上 net ipv4
loc ipv4
dmz ipv4
8.配置防火墙规则 vi rules
仍然最后一行加上ACCEPT net fw tcp 22
ACCEPT net fw tcp 8000
ACCEPT net fw tcp 8089
ACCEPT net fw tcp 20068
ACCEPT net fw tcp 8090
ACCEPT net fw tcp 8191
ACCEPT net fw tcp 8088
ACCEPT net fw tcp 80
(以上是我自己应用端口,可以自己根据需要改动)
9。修改 shorewall.conf 自动开启 IP 转发vi shorewall.conf
查找到:
IP_FORWARDING=Keep
修改为:
IP_FORWARDING=On
10。开启防火墙 cd /etc /default 然后vi shorewall 找到start=0 把0改为1
11。开启防火墙:shorewall start 任务完成[em11]
阅读(269) | 评论(0) | 转发(0) |