CODE: IP: 211.71.6.144 MASK: 255.255.255.192 ROUTER: 211.71.6.190 DNS: 202.112.128.73 |
CODE: subnet 192.168.3.0 netmask 255.255.255.0 { range 192.168.3.2 192.168.3.254; option routers 192.168.3.1; option domain-name "vrlab.buaa.edu.cn"; option domain-name-servers 202.112.128.73; } |
CODE: chkconfig dhcpd on /etc/init.d/dhcpd start |
CODE: #!/bin/bash IPTABLES='/usr/sbin/iptables' EXTERNAL='eth0' EXTERNIP='211.71.6.144' INTERNAL='eth0' INTERNIP='192.168.3.0/24' # reset the three default ipchains $IPTABLES -P INPUT ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD ACCEPT # reset the nat talbe $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT # flush the ipchains and nat table $IPTABLES -F $IPTABLES -F -t nat # delete non-default rules of ipchains and nat table # only the flushed user-defined chains can be deleted $IPTABLES -X $IPTABLES -t nat -X #reset zero #$IPTABLES -Z -t nat $IPTABLES -Z $IPTABLES -t nat -Z start(){ #load necessary modules echo "Starting modprobe necessary modules for iptables" modprobe ip_tables 1> /dev/null modprobe ip_nat_ftp 2> /dev/null modprobe ip_nat_irc 2> /dev/null modprobe ip_conntrack 2> /dev/null modprobe ip_conntrack_ftp 2> /dev/null modprobe ip_conntrack_irc 2> /dev/null # enable communication inside local domain $IPTABLES -A INPUT -i $INTERNAL -s $INTERNIP -j ACCEPT $IPTABLES -A OUTPUT -o $INTERNAL -d $INTERNIP -j ACCEPT # enable ip masquerade echo "1" >/proc/sys/net/ipv4/ip_forward $IPTABLES -t nat -A POSTROUTING -o $EXTERNAL -s $INTERNIP -j MASQUERADE } stop(){ echo "Stopping firewall" $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT DROP $IPTABLES -P FORWARD DROP echo "0" >/proc/sys/net/ipv4/ip_forward } restart(){ stop start } # see how we were called case $1 in start) start ;; stop) stop ;; restart) restart ;; *) echo $"Usage:$0 { start | stop | restart }" exit 1 esac |
CODE: chkconfig nat on /etc/init.d/nat start |
[火星人 ] 利用SuSE10做路由器,單網卡配置nat已經有494次圍觀