#!/bin/sh# squid server IPSQUID_SERVER="192.168.1.1"# Interface connected to InternetINTERNET="eth0"# Interface connected to LANLAN_IN="eth1"# Squid portSQUID_PORT="3128"# DO NOT MODIFY BELOW# Clean old firewalliptables
-Fiptables
-Xiptables
-t nat -Fiptables
-t nat -Xiptables
-t mangle -Fiptables
-t mangle -X# Load IPTABLES modules for NAT and IP conntrack
supportmodprobe
ip_conntrackmodprobe
ip_conntrack_ftp# For win xp ftp client#modprobe ip_nat_ftpecho
1 >
/proc/sys/net/ipv4/ip_forward# Setting default filter policyiptables
-P INPUT DROPiptables
-P OUTPUT ACCEPT# Unlimited access to loop backiptables
-A INPUT -i
lo -j ACCEPTiptables
-A OUTPUT -o
lo -j ACCEPT# Allow UDP, DNS and Passive FTPiptables
-A INPUT -i
$INTERNET -m state --state
ESTABLISHED,RELATED -j
ACCEPT# set this system as a router for Rest of LANiptables
--table nat --append
POSTROUTING --out-interface
$INTERNET -j
MASQUERADEiptables
--append FORWARD --in-interface $LAN_IN
-j ACCEPT# unlimited access to LANiptables
-A INPUT -i
$LAN_IN -j
ACCEPTiptables
-A OUTPUT -o
$LAN_IN -j
ACCEPT# DNAT port 80 request comming from LAN systems to
squid 3128 ($SQUID_PORT) aka transparent proxyiptables
-t nat -A
PREROUTING -i $LAN_IN
-p tcp --dport
80 -j
DNAT --to $SQUID_SERVER:$SQUID_PORT# if it is same systemiptables
-t nat -A
PREROUTING -i $INTERNET
-p tcp --dport
80 -j
REDIRECT --to-port
$SQUID_PORT# DROP everything and Log itiptables
-A INPUT -j
LOGiptables
-A INPUT -j
DROP
sumbernya dari sini
1 komentar:
Hi there! This article could not be written
much better! Looking at this article reminds me of my previous roommate!
He constantly kept talking about this. I am going to forward this
post to him. Fairly certain he will have a good read. Many thanks
for sharing!
Also visit my website; Hide My Ass Discount Coupon
Post a Comment