iptables-save > ipt.v1.0
iptables-save > ipt.v1.1
iptables-restore < ipt.v1.0
cp /etc/sysconfig/iptables iptables.raw
service iptables save
ip伪装的脚本文件iptables_masquerade
#!/bin/bash
//设置linux系统允许ip包的转发
echo "1" > /proc/sys/net/ipv4/ip_forward
//加载实现NET功能所需的内核模块
modprobe ip_tables
modprobe ip_nat_ftp
modprobe ip_nat_irc
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
//初始化filter表和nat表
iptables -F
iptables -X
iptables -Z
iptables -F -t nat
iptables -X -t nat
iptables -Z -t nat
//设置规则链的默认策略
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
//设置主机防火墙策略
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 23 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 3128 -j ACCEPT
//在nat表的POSTROUTING规则链中添加IP伪装的规则
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j MASQUERADE
chmod u+x iptables_masquerade
ls -l iptables_masquerade
./iptables_masquerade
iptables -t nat -L
http://www.ipaddressworld.com/
配置代理squid
grep 'hostname' /etc/hosts
ls /var/spool/squid/
squid -z
ls /var/spool/squid/
service squid start
netstat -ntpl | grep squid
cd /etc/squid/
服务端口
http_port 3128
//改为
http_port 8080
//或
http_port 3128 8080
缓冲内存数量
cache_mem 8MB
//更改为
cache_mem 64MB
grep ^http_access squid.conf
grep ^acl squid.conf
/?
//在squid.conf配置文件中需要添加如下的访问控制列表
acl clients src 192.168.1.0/24
//在squid.conf文件的http_access deny all设置行之前添加如下设置:
http_access allow clients
# http_access deny all
配置透明代理服务器
1配置squid.conf文件
vi /etc/squid/squid.conf
//在配置文件中添加以下的配置行
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
service squid reload
修改防火墙配置脚本
iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3128
把从1.0/24 网断来的数据包是80端口的全部转发给3128端口进行处理
#!/bin/bash
echo "1" > /proc/sys/net/ipv4/ip_forward
modprobe ip_tables
modprobe ip_nat_ftp
modprobe ip_nat_irc
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
iptables -F
iptables -X
iptables -Z
iptables -F -t nat
iptables -X -t nat
iptables -Z -t nat
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 23 -j ACCEPT
iptables -t nat -A PREROUTING -s 10.16.0.0/20 -p tcp --dport 80 -j REDIRECT --to
-ports 3128
iptables -t nat -A POSTROUTING -o ppp0 -s 10.16.0.0/20 -j MASQUERADE