- 论坛徽章:
- 0
|
联众的身份验证端口是2000,我在红字部分打开了2000端口,为什么还不行?单位同事拜托的事情,嘻嘻,还请大家帮忙
机器配置
双网卡,eth0接外网,eth1接内网,跟贴中贴squid.conf
- #!/bin/sh
- # /etc/firewall
- #
- # It will be called by /etc/rc.local
- echo 1 >; /proc/sys/net/ipv4/ip_forward
- /sbin/insmod ip_tables
- /sbin/insmod iptable_filter
- /sbin/insmod iptable_nat
- /sbin/insmod ip_nat_ftp
- /sbin/insmod ip_conntrack
- /sbin/insmod ip_conntrack_ftp
- /sbin/insmod ip_nat_ftp
- /sbin/iptables --flush INPUT
- /sbin/iptables --flush FORWARD
- /sbin/iptables --flush POSTROUTING --table nat
- /sbin/iptables --flush PREROUTING --table nat
- /sbin/iptables --policy FORWARD ACCEPT
- /sbin/iptables --policy INPUT ACCEPT
- /sbin/iptables --flush PREROUTING --table nat
- /sbin/iptables --policy FORWARD ACCEPT
- /sbin/iptables --policy INPUT ACCEPT
- # 透明网关,所有内网的http请求被转给 squid 代理
- /sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
- /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d a.b.c.d --dport 3390 -j DNAT --to 192.168.5.222:3389
- /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d a.b.c.d --dport 3391 -j DNAT --to 192.168.5.106:3389
- /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d a.b.c.d --dport 3394 -j DNAT --to 192.168.5.104:3389
- /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d a.b.c.d --dport 3395 -j DNAT --to 192.168.5.120:3389
- /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d a.b.c.d --dport 3399 -j DNAT --to 192.168.5.119:3389
- # close standard 3389
- /sbin/iptables -A INPUT -i eth1 -j ACCEPT
- # open SSH
- #/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
- #/sbin/iptables -A INPUT -p udp --dport 22 -j ACCEPT
- # open pop3
- /sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT
- /sbin/iptables -A INPUT -p udp --dport 110 -j ACCEPT
- # open http
- #/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
- #/sbin/iptables -A INPUT -p udp --dport 80 -j ACCEPT
- # open squid
- /sbin/iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
- /sbin/iptables -A INPUT -p udp --dport 3128 -j ACCEPT
- [color=red]# open GLworld user certification add by wangtie, the old one is stored as firewall.0624
- /sbin/iptables -A INPUT -p tcp --dport 2000 -j ACCEPT[/color]
- # close telnet
- /sbin/iptables -A INPUT -p tcp --dport 23 -j DROP
- /sbin/iptables -A INPUT -p udp --dport 23 -j DROP
- # permit XDMCP
- /sbin/iptables -A INPUT -i eth1 -p udp --dport 177 -j ACCEPT
- #/sbin/iptables --append FORWARD --in-interface eth1 --match state --state ESTABLISHED,RELATED --jump ACCEPT
- #########
- touch /var/lock/subsys/local
复制代码 |
|