实现透明代理的SHELL
时间:2006-12-17 来源:0217
#!/bin/sh
#
# fw This shell script takes care of starting and stopping fw
#
#
# chkconfig: - 62 38
# description: my firewall.
# Set up a default search path.
PATH="/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin"
export PATH
# Source function library.
. /etc/rc.d/init.d/functions
IPT="/sbin/iptables"
localnet="192.168.222.0/24" #内网服务器网段IP
ctlip="192.168.222."
startip=2
endip=254
Upnic="eth0"
Downnic="eth1"
######以下的是检查模块
start () {
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward #IP转发
#######以下三条是清空规则
$IPT -F -t filter
$IPT -F -t nat
$IPT -F -t mangle
############
###IP 伪装 ####拒绝所有!允许自己要加的规则!
$IPT -A FORWARD -i $Upnic -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -t nat -A PREROUTING -s 192.168.222.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3128
$IPT -t nat -A POSTROUTING -o $Upnic -j MASQUERADE
$IPT -A FORWARD -m iprange --src-range 192.168.222.1-192.168.222.250 -j ACCEPT
$IPT -A FORWARD -j DROP
}
stop (){
echo 0 > /proc/sys/net/ipv4/ip_forward
$IPT -F -t filter
$IPT -F -t nat
$IPT -F -t mangle
}
status (){
$IPT -nvL
}
# See how we were called.
case "$1" in
start)
start && echo "IPNAT start : `echo_success`"
;;
stop)
stop && echo "IPNAT stop : `echo_success`"
;;
status)
status
;;
restart)
stop && echo "IPNAT stop : `echo_success`"
start && echo "IPNAT start : `echo_success`"
;;
*)
echo $"Usage: $0 {start|stop|status|restart}"
exit 1
;;
esac
#########################################################################
vi /etc/squid/squid.conf
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_user_host_header on
##################################################
#
# fw This shell script takes care of starting and stopping fw
#
#
# chkconfig: - 62 38
# description: my firewall.
# Set up a default search path.
PATH="/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin"
export PATH
# Source function library.
. /etc/rc.d/init.d/functions
IPT="/sbin/iptables"
localnet="192.168.222.0/24" #内网服务器网段IP
ctlip="192.168.222."
startip=2
endip=254
Upnic="eth0"
Downnic="eth1"
######以下的是检查模块
start () {
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward #IP转发
#######以下三条是清空规则
$IPT -F -t filter
$IPT -F -t nat
$IPT -F -t mangle
############
###IP 伪装 ####拒绝所有!允许自己要加的规则!
$IPT -A FORWARD -i $Upnic -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -t nat -A PREROUTING -s 192.168.222.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3128
$IPT -t nat -A POSTROUTING -o $Upnic -j MASQUERADE
$IPT -A FORWARD -m iprange --src-range 192.168.222.1-192.168.222.250 -j ACCEPT
$IPT -A FORWARD -j DROP
}
stop (){
echo 0 > /proc/sys/net/ipv4/ip_forward
$IPT -F -t filter
$IPT -F -t nat
$IPT -F -t mangle
}
status (){
$IPT -nvL
}
# See how we were called.
case "$1" in
start)
start && echo "IPNAT start : `echo_success`"
;;
stop)
stop && echo "IPNAT stop : `echo_success`"
;;
status)
status
;;
restart)
stop && echo "IPNAT stop : `echo_success`"
start && echo "IPNAT start : `echo_success`"
;;
*)
echo $"Usage: $0 {start|stop|status|restart}"
exit 1
;;
esac
#########################################################################
vi /etc/squid/squid.conf
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_user_host_header on
##################################################
相关阅读 更多 +
