需求說明:此服務器用作網關、MAIL(開啟web、smtp、pop3)、FTP、DHCP服務器,內部一台機器(192.168.0.254)對外提供dns服務,為了不讓無意者輕易看出此服務器開啟了ssh服務器,故把ssh端口改為2018.另把proxy的端口改為60080
eth0:218.28.20.253,外網口
eth1:192.168.0.1/24,內網口
[jackylau@proxyserver init.d]$cat /etc/squid/squid.conf(部份如下)
http_port 192.168.0.1:60080
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl allow_lan src 192.168.0.0/24
http_access allow allow_lan
visible_hostname proxyserver
[jackylau@proxyserver init.d]$ cat firewall
#!/bin/sh
# Author: jackylau # chkconfig: 2345 08 92
# description: firewall
# Time on 2005.08.02
# killproc
# Set ENV
INET_IP="218.28.20.253"
INET_IFACE="eth0"
LAN_IP="192.168.0.1"
LAN_IP_RANGE="192.168.0.0/24"
LAN_BROADCAST_ADDRESS="192.168.0.255"
LAN_IFACE="eth1"
LO_IFACE="lo"
LO_IP="127.0.0.1"
IPTABLES="/sbin/iptables"
start(){
echo -n $"Starting firewall:"
/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state
echo "1" >; /proc/sys/net/ipv4/ip_forward