vi /etc/ipnat.rules
代碼如下:
#連接外網IP 192.168.10.10
#連接內網網段IP1 192.168.15.0/24內網網段IP2 192.168.16.0/24
#服務器IP地址 192.168.10.200
#把所有的內部網絡IP偽裝成外網IP
map net0 192.168.15.0/24 -> 192.168.10.10/32 portmap tcp/udp auto
map net0 192.168.15.0/24 -> 192.168.10.10/32
map net0 192.168.16.0/24 -> 192.168.10.10/32 portmap tcp/udp auto
map net0 192.168.16.0/24 -> 192.168.10.10/32
#把對連接外網IP的FTP服務映射到服務網絡的FTP服務器上
rdr net0 192.168.10.0/24 port 20 -> 192.168.15.200 port 20
rdr net0 192.168.10.0/24 port 21 -> 192.168.15.200 port 21
vi /etc/ipf.rules
代碼如下:
#阻塞所有存在安全問題的數據包
block in log quick all with short
block in log quick all with ipopts
block in log quick all with frag
block in log quick all with opt lsrr
block in log quick all with opt ssrr
#外部網絡的數據只有FTP(使用20和21端口)
pass in quick on 192.168.10.10 proto tcp from any to any port = 20 keep state
pass in quick on 192.168.10.10 proto tcp from any to any port = 21 keep state
#內部網絡可以訪問外部網絡
pass out log on net0 proto icmp all keep state
pass out log on net0 proto tcp/udp from any to any keep state
#阻塞外部網絡的其它請求'
block return-rst in log on net0 proto tcp from any to 192.168.10.10 flags S/SA
block return-icmp(net-unr) in log on net0 proto udp from any to 192.168.10.10
block in log on net0 all
以上我加 規則 能達到代理目的 更多規則可以自己添加
vi /etc/rc2.d/S99ipnat
#加載規則
/etc/ipf -Fa -f /etc/ipf.rules
/etc/ipnat -CF -f /etc/ipnat.rules
sco 5.07 已經提供ipnat ipf ipstat ipmon (ipstat ipmon 查看規則命令)
5.07以下 我沒測試不知道有沒有
如果沒有 到官方ftp下載一個 安裝就行了
安裝我說下
uncompress tls709.tar.Z
tar xvf tls709.tar
cp -r /etc/conf/pack.d/ip /usr/ 備份
cp -r /etc/conf/pack.d/tcp /usr/ 備份
cp * /tmp/ipfilter/ipl-driver/ip (解壓目錄) /etc/conf/pack.d/ip
cp * /tmp/ipfilter/ipl-driver/tcp (解壓目錄) /etc/conf/pack.d/tcp
cd /tmp/ipfilter/ipl-driver
/etc/conf/bin/idinstall -k -a ipl
cp /tmp/ipfilter/ipl-bin/* /etc
/etc/conf/cf.d/link_unix -y 連接核心
