- 论坛徽章:
- 0
|
本帖最后由 朽木可雕 于 2013-05-18 15:13 编辑
各位大大,我的需求是这样的:我们单位有一台代理服务器,假设地址为1.1.1.1,端口为8080。我们一般收发邮件用FOXMAIL的话需要在FOXMAIL里设置http代理,地址为1.1.1.1,端口为8080,这样才能收发邮件。我架设了一台二级代理,地址为2.2.2.2。拓扑如下:
我的具体设置如下:- [root@BRQ-7-PROXY net]# iptables -vxnL -t nat
- Chain PREROUTING (policy ACCEPT 200529 packets, 20960641 bytes)
- pkts bytes target prot opt in out source destination
- 30 1560 DNAT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 to:1.1.1.1:8080
- 0 0 DNAT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:110 to:1.1.1.1:8080
- Chain POSTROUTING (policy ACCEPT 732 packets, 42778 bytes)
- pkts bytes target prot opt in out source destination
- 1336 71550 SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to:2.2.2.2
- Chain OUTPUT (policy ACCEPT 252 packets, 16768 bytes)
- pkts bytes target prot opt in out source destination
- [root@BRQ-7-PROXY net]# iptables -vxnL
- Chain INPUT (policy ACCEPT 1749 packets, 117411 bytes)
- pkts bytes target prot opt in out source destination
- 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
- 7757 3149837 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
- 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
- Chain FORWARD (policy ACCEPT 2337 packets, 128068 bytes)
- pkts bytes target prot opt in out source destination
- 10361 4270892 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
- 202 10432 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
- Chain OUTPUT (policy ACCEPT 9163 packets, 3463175 bytes)
- pkts bytes target prot opt in out source destination
- 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
- Chain RH-Firewall-1-INPUT (0 references)
- pkts bytes target prot opt in out source destination
复制代码 怎么不行?其他规则全部ACCEPT。
请各位指点。非常谢谢!!! |
|