内网二级代理上网的script (2)
来源:百度文库 编辑:神马文学网 时间:2024/04/29 16:29:44
续<<内网二级代理上网的script >>
给share.sh补了一些安全优化设置
#!/bin/sh
# define
# define interface
EXT_IF="eth0"
INT_IF="eth2"
EXT_IP="10.10.7.246"
# define iptables exec
IPTABLES="/sbin/iptables"
# flush all the rules in the filter and nat tables.
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
# erase all chains that‘s not default in filter and nat table.
$IPTABLES -X
$IPTABLES -t nat -X
$IPTABLES -t mangle -X
# load modules
/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state
/sbin/modprobe ip_conntrack_ftp
# enable ip forward
echo "1" > /proc/sys/net/ipv4/ip_forward
# nat table
#$IPTABLES -t nat -A POSTROUTING -o $EXT_IF -j SNAT --to-source $EXT_IP
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j MASQUERADE
# $IPTABLES -A INPUT -i eth1 -p icmp -m icmp --icmp-type 8 -j DROP
# $IPTABLES -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
$IPTABLES -A FORWARD -p tcp -m multiport --dports 3076,3077,3078,3079,3028,5200,6200 -j DROP
$IPTABLES -A FORWARD -p tcp -m tcp --dport 5354 -j DROP
$IPTABLES -A FORWARD -p udp -m udp --dport 8094 -j DROP
$IPTABLES -A FORWARD -p tcp -m multiport --dports 4661,4662,4242 -j DROP
$IPTABLES -A FORWARD -p tcp -m tcp --dport 8505 -j DROP
$IPTABLES -A FORWARD -p tcp -m multiport --dports 3318,1043,4224,2371 -j DROP
$IPTABLES -A FORWARD -p udp -m udp --dport 7000 -j DROP
$IPTABLES -A FORWARD -p tcp -m tcp --dport 6881:6890 -j DROP
$IPTABLES -A FORWARD -p udp -m udp --dport 6881:6890 -j DROP
$IPTABLES -A FORWARD -p tcp -m tcp --dport 8881:8890 -j DROP
$IPTABLES -A FORWARD -p udp -m udp --dport 8881:8890 -j DROP
$IPTABLES -A FORWARD -p tcp -m tcp --dport 16881 -j DROP
$IPTABLES -A FORWARD -p udp -m udp --dport 16881 -j DROP
$IPTABLES -A FORWARD -p tcp -m multiport --dports 2881,9000,9099 -j DROP
$IPTABLES -A FORWARD -p udp -m multiport --dports 2881,9000,9099 -j DROP
$IPTABLES -A FORWARD -p tcp -m multiport --dports 5467,2500,4173,10002,10003 -j DROP
$IPTABLES -A FORWARD -p udp -m multiport --dports 5467,2500,4173,10002,10003 -j DROP
$IPTABLES -A FORWARD -p tcp -m multiport --dports 4371,4662 -j DROP
一级代理zhz02
eth0:10.10.7.17 接内部网switch
eth1:adsl DHCP
二及代理CentOS
[root@centos45 shell]# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=centos45
#GATEWAY=10.10.7.17
[root@centos45 shell]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
BROADCAST=10.10.7.255
HWADDR=00:14:78:42:6A:1C
IPADDR=10.10.7.246
NETMASK=255.255.248.0
NETWORK=10.10.0.0
ONBOOT=yes
TYPE=Ethernet
GATEWAY=10.10.7.17
[root@centos45 shell]# vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
BOOTPROTO=static
BROADCAST=192.168.2.255
IPADDR=192.168.2.1
NETMASK=255.255.255.0
NETWORK=192.168.2.0
ONBOOT=yes
TYPE=Ethernet
#BOOTPROTO=dhcp
#HWADDR=00:14:78:27:FA:5E
#TYPE=Ethernet
#ONBOOT=no
#DHCP_HOSTNAME=centos45
[root@centos45 shell]# vi /etc/resolv.conf
nameserver 202.92.128.166
nameserver 202.96.128.68
nameserver 10.10.7.32
[root@centos45 shell]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.10.0.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 10.10.7.17 0.0.0.0 UG 0 0 0 eth0
[root@centos45 shell]# iptables -L -n
[root@centos45 shell]# iptables -L -n -t nat
参考指令和设置档:
# vi /root/shell/share.sh
# vi /etc/rc.d/rc.local
sh /root/shell/share.sh
# cat /etc/sysctl.conf
net.ipv4.ip_forward = 0 与 1
# route add default gw 10.10.7.17 eth0
# /etc/rc.d/init.d/network restart
pc client :
ip: 192.168.2.2~192.168.2.254
netmask: 255.255.255.0
gateway: 192.168.2.1
dns: 202.96.128.166 202.96.128.68
by oice 2007/06/19 于 tekcon
给share.sh补了一些安全优化设置
#!/bin/sh
# define
# define interface
EXT_IF="eth0"
INT_IF="eth2"
EXT_IP="10.10.7.246"
# define iptables exec
IPTABLES="/sbin/iptables"
# flush all the rules in the filter and nat tables.
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
# erase all chains that‘s not default in filter and nat table.
$IPTABLES -X
$IPTABLES -t nat -X
$IPTABLES -t mangle -X
# load modules
/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state
/sbin/modprobe ip_conntrack_ftp
# enable ip forward
echo "1" > /proc/sys/net/ipv4/ip_forward
# nat table
#$IPTABLES -t nat -A POSTROUTING -o $EXT_IF -j SNAT --to-source $EXT_IP
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j MASQUERADE
# $IPTABLES -A INPUT -i eth1 -p icmp -m icmp --icmp-type 8 -j DROP
# $IPTABLES -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
$IPTABLES -A FORWARD -p tcp -m multiport --dports 3076,3077,3078,3079,3028,5200,6200 -j DROP
$IPTABLES -A FORWARD -p tcp -m tcp --dport 5354 -j DROP
$IPTABLES -A FORWARD -p udp -m udp --dport 8094 -j DROP
$IPTABLES -A FORWARD -p tcp -m multiport --dports 4661,4662,4242 -j DROP
$IPTABLES -A FORWARD -p tcp -m tcp --dport 8505 -j DROP
$IPTABLES -A FORWARD -p tcp -m multiport --dports 3318,1043,4224,2371 -j DROP
$IPTABLES -A FORWARD -p udp -m udp --dport 7000 -j DROP
$IPTABLES -A FORWARD -p tcp -m tcp --dport 6881:6890 -j DROP
$IPTABLES -A FORWARD -p udp -m udp --dport 6881:6890 -j DROP
$IPTABLES -A FORWARD -p tcp -m tcp --dport 8881:8890 -j DROP
$IPTABLES -A FORWARD -p udp -m udp --dport 8881:8890 -j DROP
$IPTABLES -A FORWARD -p tcp -m tcp --dport 16881 -j DROP
$IPTABLES -A FORWARD -p udp -m udp --dport 16881 -j DROP
$IPTABLES -A FORWARD -p tcp -m multiport --dports 2881,9000,9099 -j DROP
$IPTABLES -A FORWARD -p udp -m multiport --dports 2881,9000,9099 -j DROP
$IPTABLES -A FORWARD -p tcp -m multiport --dports 5467,2500,4173,10002,10003 -j DROP
$IPTABLES -A FORWARD -p udp -m multiport --dports 5467,2500,4173,10002,10003 -j DROP
$IPTABLES -A FORWARD -p tcp -m multiport --dports 4371,4662 -j DROP
一级代理zhz02
eth0:10.10.7.17 接内部网switch
eth1:adsl DHCP
二及代理CentOS
[root@centos45 shell]# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=centos45
#GATEWAY=10.10.7.17
[root@centos45 shell]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
BROADCAST=10.10.7.255
HWADDR=00:14:78:42:6A:1C
IPADDR=10.10.7.246
NETMASK=255.255.248.0
NETWORK=10.10.0.0
ONBOOT=yes
TYPE=Ethernet
GATEWAY=10.10.7.17
[root@centos45 shell]# vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
BOOTPROTO=static
BROADCAST=192.168.2.255
IPADDR=192.168.2.1
NETMASK=255.255.255.0
NETWORK=192.168.2.0
ONBOOT=yes
TYPE=Ethernet
#BOOTPROTO=dhcp
#HWADDR=00:14:78:27:FA:5E
#TYPE=Ethernet
#ONBOOT=no
#DHCP_HOSTNAME=centos45
[root@centos45 shell]# vi /etc/resolv.conf
nameserver 202.92.128.166
nameserver 202.96.128.68
nameserver 10.10.7.32
[root@centos45 shell]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.10.0.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 10.10.7.17 0.0.0.0 UG 0 0 0 eth0
[root@centos45 shell]# iptables -L -n
[root@centos45 shell]# iptables -L -n -t nat
参考指令和设置档:
# vi /root/shell/share.sh
# vi /etc/rc.d/rc.local
sh /root/shell/share.sh
# cat /etc/sysctl.conf
net.ipv4.ip_forward = 0 与 1
# route add default gw 10.10.7.17 eth0
# /etc/rc.d/init.d/network restart
pc client :
ip: 192.168.2.2~192.168.2.254
netmask: 255.255.255.0
gateway: 192.168.2.1
dns: 202.96.128.166 202.96.128.68
by oice 2007/06/19 于 tekcon
内网二级代理上网的script
内网二级代理上网的script (2)
局域网内玩网游的代理设置
linux下共享上网设置 shell script
[ 永远的UNIX > 用Squid实现代理上网及计费 ]
利用squid实现反向代理(同时具备内网代理)
squid做普通上网代理
使用代理(附更新教程~),用代理上网
学会使用代理(附更新教程)用代理上网
网页上的播放器相关参数说明--Java script-WEB开发-计算机学习网-育龙网
制作网页的经典script代码
ftp 自動連線並操作上傳手續的 script
script判断是否为数字的方法
(附更新教程~),用代理上网
adsl双网卡共享上网,代理共享上网
adsl双网卡共享上网,代理共享上网
西行资讯—我们的资讯,我们的批评! - 突破上网限制:网页版代理完全收集
FreeBSD-6.2Release Squid-2.6架设上网二级代理服务器
让插入到innerhtml的script跑起来
脚本script是使用一种特定的描述性语言
msn的jabber代理
msn 的jabber代理
计算机二级的公共基础
cscl script