- 论坛徽章:
- 0
|
我做了个ftp的nat 测试不过,请大家帮忙看看!
###########################################################################
# 0. 請輸入你的參數值:
EXIF='eth1' # 這個是對外的介面,
EXNET='192.168.1.0/24' # 這個是對內的網域!這裡我只設定一個網域而已!
# 底下如無需要,請不要變動了!
# 0.1 Testing your Kernel version ..
echo -n "Check your kernel version... "
kver=`uname -r | cut -c 1-3`
if [ "$kver" == "2.4" ] || [ "$kver" == "2.5" ]; then
echo "[OK]"
echo "Your Linux Kernel Version is no problem!"
else
echo "[Failure]"
echo "Your Linux Kernel Version may not be suported by this script!"
echo "This scripts will not be runing"
exit
fi
# 0.2 Tell you what is this
echo " "
echo "Note:"
echo " This script will clear your iptables' rules"
echo " Please make sure that you want to do this script!"
echo " Ha Ha! No problem ! If you just want to be an NAT server !"
# 0.3 remove ipchains modules
ipchains=`lsmod | grep ipchains`
if [ "$ipchains" != "" ]; then
rmmod ipchains 2> /dev/null
modprobe ip_tables 2> /dev/null
fi
# 1. 宣告變數、啟動 Routing 與清除規則:
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
export PATH
echo "1" > /proc/sys/net/ipv4/ip_forward
modprobe ip_tables 2> /dev/null
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
/sbin/iptables -F -t nat
/sbin/iptables -X -t nat
/sbin/iptables -Z -t nat
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
# 2. 載入模組啦!
modprobe ip_nat_ftp 2> /dev/null
modprobe ip_nat_irc 2> /dev/null
modprobe ip_conntrack 2> /dev/null
modprobe ip_conntrack_ftp 2> /dev/null
modprobe ip_conntrack_irc 2> /dev/null
# 3. 啟動 IP 偽裝:
/sbin/iptables -t nat -A POSTROUTING -o $EXIF -s $EXNET -j MASQUERADE
/sbin/iptables -t nat -A PREROUTING -p tcp -i $EXTIF --dport 21 -j DNAT --to 192.168.1.210:21
echo " OK! Your Linux Server Now have been an NAT Sever ! ^_^"
这是我的脚本,只是简单实现 nat,还有就想把内网的ftp隐射出去.但访问ftp是提示connection closed by remote host |
|
免费注册
发表于 2007-03-08 17:00