- 论坛徽章:
- 0
|
回复 #47 ssffzz1 的帖子
1、如果你不加上面的配置能否打开网页。
不加可以打开,都可以打开。
2、帖ifconfig -a的结果。
eth0 Link encap:Ethernet HWaddr 00:1B:2A:40:01:3A
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:7 Base address:0x9f00
ipsec0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
ipsec1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
ipsec2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
ipsec3 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
ixp0 Link encap:Ethernet HWaddr 00:1B:2A:40:01:38
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4322 errors:0 dropped:0 overruns:0 frame:0
TX packets:4070 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:256
RX bytes:375487 (366.6 KiB) TX bytes:421123 (411.2 KiB)
ixp1 Link encap:Ethernet HWaddr 00:1B:2A:40:01:39
inet addr:192.168.100.56 Bcast:192.168.100.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11105 errors:0 dropped:0 overruns:0 frame:0
TX packets:3940 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:256
RX bytes:875342 (854.8 KiB) TX bytes:327066 (319.4 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:616 (616.0 B) TX bytes:616 (616.0 B)
tunl0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
3、帖route 的结果。
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 * 255.255.255.0 U 0 0 0 ixp1
192.168.0.0 * 255.255.255.0 U 0 0 0 ixp0
default 192.168.100.1 0.0.0.0 UG 0 0 0 ixp1
4、详细的说一下你的要求。
是这样的,我现在在做路由WEB,界面上有这样一个功能:网页管制,可以实现对单IP,IP段和所有IP进行网页管制,我现在实现了对这些IP进行禁止:意识是用户填入的网址可以被禁止掉,其他的网址可以上。但我想对这些IP允许只上某个网址,也是用户填的网址。问题就出再这。我把那脚本的原代码贴上:
#!/bin/sh
#write in 2007.11.16 at first
[ -f /etc/lineconf.cfg ] && . /etc/lineconf.cfg
WEBPAGE_CHAIN="nat-webpage"
WEBPAGE_FILE="/etc/kingcan/webpage.cfg"
#del all mangle rule
/sbin/iptables -t nat -D POSTROUTING -j $WEBPAGE_CHAIN 1>null 2>&1
/sbin/iptables -t nat -F $WEBPAGE_CHAIN 1>/dev/null 2>&1
/sbin/iptables -t nat -X $WEBPAGE_CHAIN 1>/dev/null 2>&1
#add mangle rule
/sbin/iptables -t nat -N $WEBPAGE_CHAIN 1>/dev/null 2>&1
/bin/cat $WEBPAGE_FILE | while read f1 f2 f3 f4
do
[ -z "$f4" ] && break
if [ "$f1" = "ALL" ]; then
ip1=`/bin/echo $LAN1_IPADDR | /usr/bin/cut -d '.' -f1`
ip2=`/bin/echo $LAN1_IPADDR | /usr/bin/cut -d '.' -f2`
ip3=`/bin/echo $LAN1_IPADDR | /usr/bin/cut -d '.' -f3`
ip4="0/24"
ip_net="$ip1.$ip2.$ip3.$ip4"
if [ "$f3" = "refuse" ]; then
iptables -t nat -I $WEBPAGE_CHAIN -s $ip_net -d $f4 -j DROP 2>/dev/null
else
iptables -t nat -I $WEBPAGE_CHAIN -s $ip_net -d $f4 -j ACCEPT 2>/dev/null //我要修改的地方
fi
elif [ "$f1" = "ONE" ]; then
IPADDR="$f2"
if [ "$f3" = "refuse" ]; then
iptables -t nat -I $WEBPAGE_CHAIN -s $f2 -d $f4 -j DROP 2>/dev/null
else
iptables -t nat -I $WEBPAGE_CHAIN -s $f2 -d $f4 -j ACCEPT 2>/dev/null //我要修改的地方
fi
else
IPSTART=`/bin/echo $f2 |/usr/bin/cut -d "-" -f1`
IPEND=`/bin/echo $f2 |/usr/bin/cut -d "-" -f2`
ip1=`/bin/echo "$IPSTART" | /usr/bin/cut -d '.' -f1`
ip2=`/bin/echo "$IPSTART" | /usr/bin/cut -d '.' -f2`
ip3=`/bin/echo "$IPSTART" | /usr/bin/cut -d '.' -f3`
ip_net="$ip1.$ip2.$ip3"
#echo "$ip_net"
ips=`/bin/echo "$IPSTART" | /usr/bin/cut -d '.' -f4`
ipe=`/bin/echo "$IPEND" | /usr/bin/cut -d '.' -f4`
ipnum=$(($ipe-$ips))
while [ $ipnum -ge 0 ]
do
if [ "$f3" = "refuse" ]; then
iptables -t nat -I $WEBPAGE_CHAIN -s $ip_net.$ips -d $f4 -j DROP 2>/dev/null
else
iptables -t nat -I $WEBPAGE_CHAIN -s $ip_net.$ips -d $f4 -j ACCEPT 2>/dev/null //我要修改的地方
fi
ips=$(($ips+1))
ipnum=$(($ipnum-1))
done
fi
done
/sbin/iptables -t nat -I POSTROUTING -j $WEBPAGE_CHAIN 1>null 2>&1
[ 本帖最后由 chuizx 于 2008-8-15 14:15 编辑 ] |
|