国产一级a片免费看高清,亚洲熟女中文字幕在线视频,黄三级高清在线播放,免费黄色视频在线看

原文
呵呵，你的意思是
internet
|
squid代理（沒有做路由轉(zhuǎn)發(fā)）
|
客服
這個樣子的把，其實你打開echo 1 > /proc/sys/net/ipv4/ip_forward
并且開放出去的53端口就可以。
你怎么不在linux上也做nat，而在csico上做呢？一般網(wǎng)絡(luò)都講層次。越是核心層的設(shè)備就應(yīng)該盡量讓他跑的規(guī)則少，這樣不但可以保證包轉(zhuǎn)發(fā)速度也可以不會因為核心層的設(shè)備出問題。
這個是我們學(xué)校的nat上的規(guī)則。
#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
#echo 100000 > /proc/sys/net/ipv4/ip_conntrack_max
#Neighbour table overflow
#echo "net.ipv4.neigh.default.gc_thresh1 = 512" >> sysctl.conf
#echo "net.ipv4.neigh.default.gc_thresh2 = 2048" >> sysctl.conf
#echo "net.ipv4.neigh.default.gc_thresh3 = 4096" >> sysctl.conf
#sysctl -p


#VLAN
vconfig add eth0 12
ip address add 210.41.126.65/26 dev eth0.12
ip link set dev eth0.12 up

vconfig add eth0 15
ip address add 219.221.176.1/24 dev eth0.15
ip link set dev eth0.15 up

vconfig add eth0 17
ip address add 219.221.177.1/24 dev eth0.17
ip link set dev eth0.17 up

vconfig add eth0 18
ip address add 219.221.178.1/24 dev eth0.18
ip link set dev eth0.18 up

vconfig add eth0 19
ip address add 219.221.179.1/24 dev eth0.19
ip link set dev eth0.19 up

vconfig add eth0 20
ip address add 219.221.180.1/25 dev eth0.20
ip link set dev eth0.20 up

vconfig add eth0 21
ip address add 219.221.180.128/26 dev eth0.21
ip link set dev eth0.21 up

vconfig add eth0 22
ip address add 219.221.180.193/26 dev eth0.22
ip link set dev eth0.22 up

vconfig add eth0 51
ip address add 219.221.181.1/24 dev eth0.51
ip link set dev eth0.51 up

vconfig add eth0 52
ip address add 219.221.182.1/24 dev eth0.52
ip link set dev eth0.52 up

vconfig add eth0 53
ip address add 219.221.183.1/24 dev eth0.53
ip link set dev eth0.53 up

vconfig add eth0 54
ip address add 219.221.184.1/24 dev eth0.54
ip link set dev eth0.54 up

vconfig add eth0 55
ip address add 219.221.185.1/24 dev eth0.55
ip link set dev eth0.55 up

vconfig add eth0 56
ip address add 219.221.186.1/24 dev eth0.56
ip link set dev eth0.56 up

vconfig add eth0 57
ip address add 219.221.187.1/24 dev eth0.57
ip link set dev eth0.57 up

#route add
route add -net 192.168.0.0 netmask 255.255.0.0 gw 219.221.181.254
route add -net 210.41.120.0 netmask 255.255.248.0 gw 219.221.181.254
route add -net 219.221.176.0 netmask 255.255.240.0 gw 219.221.181.254
route add -net 61.139.105.128 netmask 255.255.255.224 gw 219.221.181.254
route add -net 61.139.105.96 netmask 255.255.255.224 gw 219.221.181.254

modprobe ip_tables
modprobe ip_nat_ftp
modprobe ip_nat_irc
modprobe iptable_filter
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
/sbin/iptables -F -t nat
/sbin/iptables -X -t nat
/sbin/iptables -Z -t nat
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
#jiazaimokuai
modprobe ip_tables 2> /dev/null
modprobe ip_nat_ftp 2> /dev/null
modprobe ip_nat_irc 2> /dev/null
modprobe ip_conntrack 2> /dev/null
modprobe ip_conntrack_ftp 2> /dev/null
modprobe ip_conntrack_irc 2> /dev/null

#ip filter
#/sbin/iptables -t filter -A INPUT -i eth1 -m state --state NEW,INVALID -j DROP
/sbin/iptables -t filter -A FORWARD -i eth1 -m state --state NEW,INVALID -j DROP


/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 69 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 135 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 136 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 137 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 139 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 138 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 445 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 593 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 1025 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 1068 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 1042 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 1234 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 2754 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 3333 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 3127 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 4444 -j DROP
#/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 4899 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 5554 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 5800 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 5900 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 6667 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 6881 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 9995 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p tcp --dport 9996 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p udp --dport 69 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p udp --dport 135 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p udp --dport 136 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p udp --dport 137 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p udp --dport 138 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p udp --dport 139 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p udp --dport 593 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p udp --dport 1042 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p udp --dport 1234 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p udp --dport 1433 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p udp --dport 1434 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p udp --dport 3333 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p udp --dport 3127 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p udp --dport 4444 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p udp --dport 5800 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p udp --dport 5900 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p udp --dport 6667 -j DROP
/sbin/iptables -t filter -A FORWARD -s 0/0 -p udp --dport 9000 -j DROP


#ip weizhuang
/sbin/iptables -t nat -A POSTROUTING -o eth1 -s 219.221.176.0/20 -j MASQUERADE

/sbin/iptables -t nat -A POSTROUTING -o eth1 -s 210.41.120.0/21 -j MASQUERADE
#vod.zgcnc.net
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -s 0/0 -d 221.10.166.0/24 --dport 80 -j ACCEPT

#/sbin/iptables -t nat -A PREROUTING -p tcp -s 219.221.176.0/20 --dport 80 -j REDIRECT --to-port 3128

iptables -t nat -A PREROUTING -i eth1 -p tcp -s 219.221.176.0/20 --dport 80 -j REDIRECT --to-port 3128

iptables -t nat -A PREROUTING -i eth1 -p tcp -s 210.41.120.0/21 --dport 80 -j REDIRECT --to-port 3128

這個應(yīng)該以前LEOD都發(fā)過吧，呵呵，我們是一起的。