| 會員  | 【求助】用一快網路卡 nat 是否無法動作 我用一快網路卡想做nat功能,讓其他電腦也能連上網路 這塊網路卡eth0用實體ip,我另外又在多加一個虛擬介面eth0:0 用的是內部ip 192.168.1.5 script 是參考鳥哥網站的設定,設定內容如下 #!/bin/bash EXIF='eth0' EXNET='192.168.1.0/24' # 底下如無需要,請不要變動了! # 0.1 Testing your Kernel version .. echo -n "Check your kernel version... " kver=`uname -r | cut -c 1-3` if [ "$kver" == "2.4" ] || [ "$kver" == "2.5" ]; then echo "[OK]" echo "Your Linux Kernel Version is no problem!" else echo "[Failure]" echo "Your Linux Kernel Version may not be suported by this script!" echo "This scripts will not be runing" exit fi # 0.2 Tell you what is this echo " " echo "Note:" echo " This script will clear your iptables' rules" echo " Please make sure that you want to do this script!" echo " Ha Ha! No problem ! If you just want to be an NAT server !" echo " " # 0.3 remove ipchains modules ipchains=`lsmod | grep ipchains` if [ "$ipchains" != "" ]; then rmmod ipchains 2> /dev/null modprobe ip_tables 2> /dev/null fi # 1. 宣告變數、啟動 Routing 與清除規則: PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin export PATH echo "1" > /proc/sys/net/ipv4/ip_forward modprobe ip_tables 2> /dev/null /sbin/iptables -F /sbin/iptables -X /sbin/iptables -Z /sbin/iptables -F -t nat /sbin/iptables -X -t nat /sbin/iptables -Z -t nat /sbin/iptables -P INPUT ACCEPT /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -P FORWARD ACCEPT /sbin/iptables -t nat -P PREROUTING ACCEPT /sbin/iptables -t nat -P POSTROUTING ACCEPT /sbin/iptables -t nat -P OUTPUT ACCEPT # 2. 載入模組 modprobe ip_nat_ftp 2> /dev/null modprobe ip_nat_irc 2> /dev/null modprobe ip_conntrack 2> /dev/null modprobe ip_conntrack_ftp 2> /dev/null modprobe ip_conntrack_irc 2> /dev/null # 3. 啟動 IP 偽裝: /sbin/iptables -t nat -A POSTROUTING -o $EXIF -s $EXNET -j MASQUERADE 我的上定如上,執行後設定windows的tcp/ip ip 192.168.1.15 netmask 255.255.255.0 gateway 192.168.1.5 dns 168.95.1.1 沒有設定proxy,我也沒有proxy server 請問我的scripts是否是因為錯誤才無法啟動nat功能呢 如果是設定錯誤那要怎麼設定呢,目前是用mandrake 9.1 之前有用兩張網卡就可以用(redhat 9),但是我把他減為一張網卡就變不行了 請問這樣要如何解決呢 |
| 回覆 |
| 會員  | 試試這 script, 之前請使用 ifconfig 確認網路介面啟用正常否 [php] #!/bin/bash # # 這個 script 是用來建立 iptables 防火牆的基本規則! # 基本規則定義為『拒絕所有,開放特定』的模式! # 你可以將這個檔案放置在 /usr/local/virus/iptables 底下,檔名可定義為 iptables.rule ! # 基本上,你可以參考這個網站資料: # http://aerosol.ev.ncku.edu.tw/~vbird..._firewall.html # # HISTORY: # 2002/08/20 First release by VBird # # 0.0 Please key in your parameters EXTIF="eth0" # the interface that connect Internet INIF="eth0:0" # the inside interface. if you don't have this one # and you must let this be black ex> INIF="" INNET="192.168.1.0/24" # This is for NAT's network # 1.0 Testing your Kernel version and remove the ipchains module kver=`uname -r | cut -c 1-3` if [ "$kver" != "2.4" ] && [ "$kver" != "2.5" ]; then echo "Your Linux Kernel Version may not be suported by this script!" echo "This scripts will not be runing" exit fi ipchains=`lsmod | grep ipchains` if [ "$ipchains" != "" ]; then echo "unload ipchains in your system" rmmod ipchains 2> /dev/null fi # 2.0 Loading some modules PATH=/sbin:/bin:/usr/sbin:/usr/bin export PATH EXTIF INIF INNET modprobe ip_tables > /dev/null 2>&1 modprobe iptable_nat > /dev/null 2>&1 modprobe ip_nat_ftp > /dev/null 2>&1 modprobe ip_nat_irc > /dev/null 2>&1 modprobe ip_conntrack > /dev/null 2>&1 modprobe ip_conntrack_ftp > /dev/null 2>&1 modprobe ip_conntrack_irc > /dev/null 2>&1 # 3.0 Clear the iptables's rules /sbin/iptables -F /sbin/iptables -X /sbin/iptables -Z /sbin/iptables -F -t nat /sbin/iptables -X -t nat /sbin/iptables -Z -t nat /sbin/iptables -P INPUT ACCEPT /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -P FORWARD ACCEPT /sbin/iptables -t nat -P PREROUTING ACCEPT /sbin/iptables -t nat -P POSTROUTING ACCEPT /sbin/iptables -t nat -P OUTPUT ACCEPT # 4.0 Allow the lo and inside interface to access the server and internet /sbin/iptables -A INPUT -i lo -j ACCEPT if [ "$INIF" != "" ]; then /sbin/iptables -A INPUT -i $INIF -j ACCEPT echo "1" > /proc/sys/net/ipv4/ip_forward /sbin/iptables -t nat -A POSTROUTING -s $INNET -o $EXTIF -j MASQUERADE fi # 5.0 Deny and Allow IP or host or network from files if [ -f /usr/local/bin/nat_script/VbirdFirewall/iptables.deny ]; then /usr/local/bin/nat_script/VbirdFirewall/iptables.deny fi if [ -f /usr/local/bin/nat_script/VbirdFirewall/iptables.allow ]; then /usr/local/bin/nat_script/VbirdFirewall/iptables.allow fi # 6.0 Allow ICMP come in AICMP="0 3 3/4 4 11 12 14 16 18" for tyicmp in $AICMP do /sbin/iptables -A INPUT -i $EXTIF -p icmp --icmp-type $tyicmp -j ACCEPT done # 7.0 Allow services /sbin/iptables -A INPUT -p TCP -i $EXTIF --dport 22 -j ACCEPT # SSH /sbin/iptables -A INPUT -p TCP -i $EXTIF --dport 25 -j ACCEPT # SMTP /sbin/iptables -A INPUT -p UDP -i $EXTIF --dport 53 -j ACCEPT # DNS /sbin/iptables -A INPUT -p TCP -i $EXTIF --dport 53 -j ACCEPT # DNS /sbin/iptables -A INPUT -p TCP -i $EXTIF --dport 80 -j ACCEPT # WWW /sbin/iptables -A INPUT -p TCP -i $EXTIF --dport 110 -j ACCEPT # POP3 /sbin/iptables -A INPUT -p TCP -i $EXTIF --dport 20 -j ACCEPT # FTP /sbin/iptables -A INPUT -p TCP -i $EXTIF --dport 21 -j ACCEPT # FTP # /sbin/iptables -A INPUT -p UDP -i $EXTIF --dport 123 -j ACCEPT # NTP # 8.0 Allow RELATED and ESTABLISHED /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # 9.0 deny all /sbin/iptables -A INPUT -m state --state NEW,INVALID -j DROP [/php] |
| 回覆 |
| |
類似的主題 | ||||
| 主題 | 主題作者 | 討論版 | 回覆 | 最後發表 |
| FreeBSD NAT | repsol | -- FreeBSD & Linux 討 論 版 | 0 | 2002-01-13 10:43 PM |
| NAT | ChangYenCheng | ---- ADSL 軟 硬 體 技 術 | 6 | 2001-10-20 07:54 AM |
| FreeBSD 的 NAT? | 抓狂 | -- 網 路 技 術 版 | 2 | 2001-07-18 11:55 PM |
| win me nat | realeric | -- 網 路 技 術 版 | 2 | 2001-07-14 02:56 AM |
| XML | RSS 2.0 | RSS |
本論壇所有文章僅代表留言者個人意見,並不代表本站之立場,討論區以「即時留言」方式運作,故無法完全監察所有即時留言,若您發現文章可能有異議,請 email :[email protected] 處理。
