19,612
社区成员
发帖
与我相关
我的任务
分享请教 双网卡绑定一个IP后,使用其IP帮代理共享上网
双网卡绑定一个IP后,使用其IP帮代理共享上网
我自己成功用两块8139的网卡绑定了一个Ip:192.168.0.1
用一块dlink530的网卡连接外网
原来使用下面这个脚本共享上网!
#! /bin/sh
UPLINK="eth0"
UPIP="220.168.122.123"
ROUTER="yes"
#NAT="UPIP"
NAT="220.168.122.123"
INTERFACES="lo eth0 eth1"
SERVICES="80 22 25 110 554 21"
deny=""
case "$@" in
start)
echo -n "Starting firewall..."
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
iptables -P INPUT DROP
iptables -A INPUT -i ! ${UPLINK} -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -P OUTPUT DROP
#enable public access to certain services
for x in ${SERVICES}
do
iptables -A INPUT -p tcp --dport ${x} -m state --state NEW -j ACCEPT
done
for y in ${deny}
do
iptables -A OUTPUT -p tcp --dport ${y} -j DROP
iptables -A OUTPUT -p udp --dport ${y} -j DROP
done
#enable system-log
#iptables -A INPUT -j LOG --log-prefix "bad input:"
iptables -A INPUT -p tcp -i ${UPLINK} -j REJECT --reject-with tcp-reset
#iptables -A INPUT -p udp -i ${UPLINK} -j REJECT --reject-with icmp-port-unreachable
#explicitly disable ECN
if [ -e /proc/sys/net/ipv4/tcp_ecn ]
then
echo 0 > /proc/sys/net/ipv4/tcp_ecn
fi
#disable spoofing on all interfaces
for x in ${INTERFACES}
do
echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter
done
if [ "$ROUTER" = "yes" ]
then
#we're a router of some kind, enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
if [ "$NAT" = "dynamic" ]
then
#dynamic IP address, use masquerading
iptables -t nat -A POSTROUTING -o ${UPLINK} -j MASQUERADE
elif [ "$NAT" != "" ]
then
#static IP, use SNAT
iptables -t nat -A POSTROUTING -o ${UPLINK} -j SNAT --to ${UPIP}
fi
fi
echo "OK!"
exit 0
;;
stop)
echo -n "Stopping firewall..."
iptables -F INPUT
iptables -P INPUT ACCEPT
iptables -F OUTPUT
iptables -P OUTPUT ACCEPT
#turn off NAT/masquerading, if any
#iptables -t nat -F POSTROUTING
echo "OK!"
exit 0
;;
restart)
$0 stop
$0 start
;;
show)
clear
echo ">-------------------------------------------------------------------"
iptables -L
echo ">-------------------------------------------------------------------"
iptables -t nat -L POSTROUTING
exit 0
;;
*)
echo "Usage: $0 {start|stop|restart|show}"
exit 1
esac
可是现在我执行这个脚本却不能共享上网了!
请问高手应该怎么修改这个脚本能够正常使用代理共享上网
网络配置情况:
eth0 外网IP220.168.122.123
eth1 192.168.0.1
eth2 192.168.0.1
bond0 192.168.0.1
我自己成功用两块8139的网卡绑定了一个Ip:192.168.0.1
用一块dlink530的网卡连接外网
原来使用下面这个脚本共享上网!
#! /bin/sh
UPLINK="eth0"
UPIP="220.168.122.123"
ROUTER="yes"
#NAT="UPIP"
NAT="220.168.122.123"
INTERFACES="lo eth0 eth1"
SERVICES="80 22 25 110 554 21"
deny=""
case "$@" in
start)
echo -n "Starting firewall..."
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
iptables -P INPUT DROP
iptables -A INPUT -i ! ${UPLINK} -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -P OUTPUT DROP
#enable public access to certain services
for x in ${SERVICES}
do
iptables -A INPUT -p tcp --dport ${x} -m state --state NEW -j ACCEPT
done
for y in ${deny}
do
iptables -A OUTPUT -p tcp --dport ${y} -j DROP
iptables -A OUTPUT -p udp --dport ${y} -j DROP
done
#enable system-log
#iptables -A INPUT -j LOG --log-prefix "bad input:"
iptables -A INPUT -p tcp -i ${UPLINK} -j REJECT --reject-with tcp-reset
#iptables -A INPUT -p udp -i ${UPLINK} -j REJECT --reject-with icmp-port-unreachable
#explicitly disable ECN
if [ -e /proc/sys/net/ipv4/tcp_ecn ]
then
echo 0 > /proc/sys/net/ipv4/tcp_ecn
fi
#disable spoofing on all interfaces
for x in ${INTERFACES}
do
echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter
done
if [ "$ROUTER" = "yes" ]
then
#we're a router of some kind, enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
if [ "$NAT" = "dynamic" ]
then
#dynamic IP address, use masquerading
iptables -t nat -A POSTROUTING -o ${UPLINK} -j MASQUERADE
elif [ "$NAT" != "" ]
then
#static IP, use SNAT
iptables -t nat -A POSTROUTING -o ${UPLINK} -j SNAT --to ${UPIP}
fi
fi
echo "OK!"
exit 0
;;
stop)
echo -n "Stopping firewall..."
iptables -F INPUT
iptables -P INPUT ACCEPT
iptables -F OUTPUT
iptables -P OUTPUT ACCEPT
#turn off NAT/masquerading, if any
#iptables -t nat -F POSTROUTING
echo "OK!"
exit 0
;;
restart)
$0 stop
$0 start
;;
show)
clear
echo ">-------------------------------------------------------------------"
iptables -L
echo ">-------------------------------------------------------------------"
iptables -t nat -L POSTROUTING
exit 0
;;
*)
echo "Usage: $0 {start|stop|restart|show}"
exit 1
esac
可是现在我执行这个脚本却不能共享上网了!
请问高手应该怎么修改这个脚本能够正常使用代理共享上网
网络配置情况:
eth0 外网IP220.168.122.123
eth1 192.168.0.1
eth2 192.168.0.1
bond0 192.168.0.1
...全文
请发表友善的回复…
发表回复
boyzjj 2004-12-30
- 打赏
- 举报
双网卡绑定一个IP后,使用其IP帮代理共享上网
我自己成功用两块8139的网卡绑定了一个Ip:192.168.0.1
用一块dlink530的网卡连接外网
原来使用下面这个脚本共享上网!
#! /bin/sh
UPLINK="eth0"
UPIP="220.168.122.123"
ROUTER="yes"
#NAT="UPIP"
NAT="220.168.122.123"
INTERFACES="lo eth0 eth1"
SERVICES="80 22 25 110 554 21"
deny=""
case "$@" in
start)
echo -n "Starting firewall..."
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
iptables -P INPUT DROP
iptables -A INPUT -i ! ${UPLINK} -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -P OUTPUT DROP
#enable public access to certain services
for x in ${SERVICES}
do
iptables -A INPUT -p tcp --dport ${x} -m state --state NEW -j ACCEPT
done
for y in ${deny}
do
iptables -A OUTPUT -p tcp --dport ${y} -j DROP
iptables -A OUTPUT -p udp --dport ${y} -j DROP
done
#enable system-log
#iptables -A INPUT -j LOG --log-prefix "bad input:"
iptables -A INPUT -p tcp -i ${UPLINK} -j REJECT --reject-with tcp-reset
#iptables -A INPUT -p udp -i ${UPLINK} -j REJECT --reject-with icmp-port-unreachable
#explicitly disable ECN
if [ -e /proc/sys/net/ipv4/tcp_ecn ]
then
echo 0 > /proc/sys/net/ipv4/tcp_ecn
fi
#disable spoofing on all interfaces
for x in ${INTERFACES}
do
echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter
done
if [ "$ROUTER" = "yes" ]
then
#we're a router of some kind, enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
if [ "$NAT" = "dynamic" ]
then
#dynamic IP address, use masquerading
iptables -t nat -A POSTROUTING -o ${UPLINK} -j MASQUERADE
elif [ "$NAT" != "" ]
then
#static IP, use SNAT
iptables -t nat -A POSTROUTING -o ${UPLINK} -j SNAT --to ${UPIP}
fi
fi
echo "OK!"
exit 0
;;
stop)
echo -n "Stopping firewall..."
iptables -F INPUT
iptables -P INPUT ACCEPT
iptables -F OUTPUT
iptables -P OUTPUT ACCEPT
#turn off NAT/masquerading, if any
#iptables -t nat -F POSTROUTING
echo "OK!"
exit 0
;;
restart)
$0 stop
$0 start
;;
show)
clear
echo ">-------------------------------------------------------------------"
iptables -L
echo ">-------------------------------------------------------------------"
iptables -t nat -L POSTROUTING
exit 0
;;
*)
echo "Usage: $0 {start|stop|restart|show}"
exit 1
esac
可是现在我执行这个脚本却不能共享上网了!
请问高手应该怎么修改这个脚本能够正常使用代理共享上网
网络配置情况:
eth0 外网IP220.168.122.123
eth1 192.168.0.1
eth2 192.168.0.1
bond0 192.168.0.1
我自己成功用两块8139的网卡绑定了一个Ip:192.168.0.1
用一块dlink530的网卡连接外网
原来使用下面这个脚本共享上网!
#! /bin/sh
UPLINK="eth0"
UPIP="220.168.122.123"
ROUTER="yes"
#NAT="UPIP"
NAT="220.168.122.123"
INTERFACES="lo eth0 eth1"
SERVICES="80 22 25 110 554 21"
deny=""
case "$@" in
start)
echo -n "Starting firewall..."
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
iptables -P INPUT DROP
iptables -A INPUT -i ! ${UPLINK} -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -P OUTPUT DROP
#enable public access to certain services
for x in ${SERVICES}
do
iptables -A INPUT -p tcp --dport ${x} -m state --state NEW -j ACCEPT
done
for y in ${deny}
do
iptables -A OUTPUT -p tcp --dport ${y} -j DROP
iptables -A OUTPUT -p udp --dport ${y} -j DROP
done
#enable system-log
#iptables -A INPUT -j LOG --log-prefix "bad input:"
iptables -A INPUT -p tcp -i ${UPLINK} -j REJECT --reject-with tcp-reset
#iptables -A INPUT -p udp -i ${UPLINK} -j REJECT --reject-with icmp-port-unreachable
#explicitly disable ECN
if [ -e /proc/sys/net/ipv4/tcp_ecn ]
then
echo 0 > /proc/sys/net/ipv4/tcp_ecn
fi
#disable spoofing on all interfaces
for x in ${INTERFACES}
do
echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter
done
if [ "$ROUTER" = "yes" ]
then
#we're a router of some kind, enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
if [ "$NAT" = "dynamic" ]
then
#dynamic IP address, use masquerading
iptables -t nat -A POSTROUTING -o ${UPLINK} -j MASQUERADE
elif [ "$NAT" != "" ]
then
#static IP, use SNAT
iptables -t nat -A POSTROUTING -o ${UPLINK} -j SNAT --to ${UPIP}
fi
fi
echo "OK!"
exit 0
;;
stop)
echo -n "Stopping firewall..."
iptables -F INPUT
iptables -P INPUT ACCEPT
iptables -F OUTPUT
iptables -P OUTPUT ACCEPT
#turn off NAT/masquerading, if any
#iptables -t nat -F POSTROUTING
echo "OK!"
exit 0
;;
restart)
$0 stop
$0 start
;;
show)
clear
echo ">-------------------------------------------------------------------"
iptables -L
echo ">-------------------------------------------------------------------"
iptables -t nat -L POSTROUTING
exit 0
;;
*)
echo "Usage: $0 {start|stop|restart|show}"
exit 1
esac
可是现在我执行这个脚本却不能共享上网了!
请问高手应该怎么修改这个脚本能够正常使用代理共享上网
网络配置情况:
eth0 外网IP220.168.122.123
eth1 192.168.0.1
eth2 192.168.0.1
bond0 192.168.0.1
