1. iptables -P FORWARD DROP
2. iptables -A FORWARD -P tcp -i eth1 -m state --state ESTABLISHED -j ACCEPT
3. iptables -A FORWARD -P tcp -i eth2 -m state --state ESTABLISHED -j ACCEPT
4. iptables -A FORWARD -P udp -i eth1 -m state --state ESTABLISHED -j ACCEPT
5. iptables -A FORWARD -P udp -i eth2 -m state --state ESTABLISHED -j ACCEPT
6. iptables -t nat -PREROUTING -p tcp -i eth2 -d 1.1.1.1 --dport 80 -j DNAT --to-destination 10.1.1.2
7. iptables -A FORWARD -p tcp -d 10.1.1.2 --dport 80 -j ACCEPT
8. iptables -A FORWARD -p udp -d 10.1.1.2 --dport 53 -j ACCEPT
9. iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth2 MASQUERADE
10.iptables -A FORWARD -p tcp -s 192.168.1.0/24 --dport 80 -j ACCEPT
11.iptables -A FORWARD -p udp -s 192.168.1.0/24 --dport 53 -j ACCEPT
留着自用:
iptables -P FORWARD DROP
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth2 -j MASQUERADE(内访外)
iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -p tcp -i eth2 -m state --state ESTABLISHED -j ACCEPT
iptables -A FORWARD -p udp -i eth2 -m state --state ESTABLISHED -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -i eth2 -d 1.1.1.1 --dport 80 -j DNAT --to-destination 10.1.1.1(DMZ区域)(外访问内)
vi /etc/sysctl.conf
sysctl -p
1.1.1.1外网 10.1.1.1DMZ 192.168.1.1内网。
阅读(6624) | 评论(0) | 转发(1) |
