- 论坛徽章:
- 0
|
小弟初学linux,兴头正猛,突然被透明代理给拦住,苦思一周毫无进展,头发都开始掉了,5555.希望有达人能解决.
以下是我的步骤:
安装FC4,安装为服务器模式 选择软件包的时候把gnome squid打勾
安装配置网卡时防火墙时选择不使用,然后进入图形界面配置外网卡的ip,gateway还有dns以及内网ip地址,在终端下setup启用iptables
以下是我的配置:
eth0外网固定ip 218.12.101.226 eth1 192.168.0.1/22
设置squid.conf
(其中其它默认的项目都用#注释掉,没有改动)
http_port 192.168.0.1:3128
cache_mem 64 MB
cache_swap_low 85
cache_swap_high 90
maximum_object_size 4096 KB
maximum_object_size_in_memory 3072 KB
cache_dir ufs /var/squid/cache 2000 16 256
#限制bt下载的种子以及连接数
acl pass src 192.168.0.1-192.168.3.254/22
acl localhost src 127.0.0.1/255.255.255.255
acl btbt urlpath_regex \.torrent$
acl conncount maxconn 5
acl all src 0.0.0.0/0
http_access deny btbt
http_access allow localhost
http_access allow pass
http_access deny all
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_user_host_header on
iptables的firewall脚本:
#!/bin/sh
echo "Enable IP Forwarding...."
echo "1">/proc/sys/net/ipv4/ip_forward
echo "Starting iptables rules..."
/sbin/modprobe iptable_filter
/sbin/modprobe ip_tables
/sbin/modprobe iptable_nat
#Refresh all chains
/sbin/iptables -F -t nat
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -o eth0 -s 192.168.0.0/22 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A POSTROUTING -s 192.168.0.0/22 -o eth0 -j SNAT --to 218.12.101.226
rc.local的最后一行添加上了/etc/rc.d/firewall
客户端填上当地ISP的DNS,网关是指向ETH1
问题是这样的:
没起用防火墙时,客户端在浏览器里面设置192.168.0.1:3128代理可以上网.只要我把IPTABLES的服务打开,把IE的代理取消就上不到网,提示没有可以显示的页面
只要一关iptables,又可以用代理的方式上网
.....超级郁闷
后来怀疑是版本问题
我重新下载了FC5来安装问题依旧,我开启了IPTABLES后重新加载
防火墙脚本
防火墙脚本为:
#!/bin/sh
echo "Enable IP Forwarding...."
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "Starting iptables rules..."
/sbin/iptables -F -t nat
iptables -t nat -A PREROUTING -i eht1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A POSTROUTING -s 192.168.0.0/22 -o eth0 -j SNAT --to 218.12.101.226
结果还是不行,iptables的状态启动后如下:
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 SNAT all -- 192.168.0.0/22 0.0.0.0/0 to:218.12.101.226
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
请路过的达人们看看我这是哪个地方有问题的?
(仰天长叹------难道linux真的那么痛苦吗)
[ 本帖最后由 lijetcart 于 2006-8-15 11:12 编辑 ] |
|