分享
 
 
 

防火墙透明代理配置心得

王朝other·作者佚名  2008-05-18
窄屏简体版  字體: |||超大  

声明:本文章为wangbin原创,互联网上论坛大家可以任意站贴

但是请您注明文章来源 http://www.enhand.net [wangbin]

印刷报刊,谢绝使用!

原文地址: http://www.enhand.net/bbs/viewtopic.php?p=679#679

本人是一个新手,2002年刚刚学习FreeBSD,在CU上经常受到大家的嘲笑,这次配置

也是饱经曲折,所以我希望的做法能够为后来的朋友有所启示。

单位100M光纤接入互联网,文章中网卡为ed0[202.182.96.2],内网ed2的地址为200.200.1.0/24,其中200.200.1.33是一台web服务器。

要完成的任务是,使所有的互联网微机可以访问200.200.1.33,所有的内网主机可以访问互联网。

规则暂时不考虑,网上相关的文章也很多。

DL# cat ipnat.rules

代码:

map ed0 200.200.1.0/24 -> 202.182.96.2/32 portmap tcp/udp 1000:6000

map ed0 200.200.1.0/24 -> 202.182.96.2/32 proxy port ftp ftp/tcp

map ed0 200.200.1.0/24 -> 202.182.96.2/32

rdr ed0 0.0.0.0/0 port 80 -> 200.200.1.33 port 80 tcp

DL# cat ipf.rules

代码:

pass in quick on lo0 all

pass out quick on lo0 all

pass in from any to any

pass out from any to any

/etc/rc.conf

代码:

DL# cat rc.conf

defaultrouter="218.22.205.1"

hostname="DL.net"

network_interfaces="ed0 ed2 lo0"

ifconfig_ed0="inet 202.182.96.2 netmask 255.255.255.248"

ifconfig_ed2="inet 200.200.1.180 netmask 255.255.255.0"

sendmail_enable="NONE"

inetd_enable="NO"

kern_securelevel_enable="NO"

linux_enable="YES"

nfs_reserved_port_only="NO"

sshd_enable="YES"

usbd_enable="NO"

gateway_enable="YES"

#######################IPFILTER###########

ipfilter_enable="YES"

ipfilter_program="/sbin/ipf"

ipfilter_rules="/etc/ipf.rules"

ipfilter_flags=""

ipnat_enable="YES"

ipnat_program="/sbin/ipnat"

ipnat_rules="/etc/ipnat.rules"

ipnat_flags=""

######################IPFW#################

#firewall_enable="YES"

#firewall_script="/etc/rc.firewall"

#firewall_type="open"

#firewall_quiet="NO"

#firewall_logging_enable="YES"

#natd_enable="YES"

#natd_interface="ed0"

#natd_flags="-config /etc/natd.conf"

内核文件,注意 options BRIDGE

代码:

DL# cd /usr/src/sys/i386/conf/

DL# cat DL

machine i386

cpu I686_CPU

ident DL

maxusers 0

options MATH_EMULATE #Support for x87 emulation

options INET #InterNETworking

options FFS #Berkeley Fast Filesystem

options FFS_ROOT #FFS usable as root device [keep this!]

options SOFTUPDATES #Enable FFS soft updates support

options UFS_DIRHASH #Improve performance on big directories

options CD9660_ROOT #CD-ROM usable as root, CD9660 required

options PROCFS #Process filesystem

options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!]

options SCSI_DELAY=15000 #Delay (in ms) before probing SCSI

options UCONSOLE #Allow users to grab the console

options USERCONFIG #boot -c editor

options VISUAL_USERCONFIG #visual boot -c editor

options KTRACE #ktrace(1) support

options SYSVSHM #SYSV-style shared memory

options SYSVMSG #SYSV-style message queues

options SYSVSEM #SYSV-style semaphores

options P1003_1B #Posix P1003_1B real-time extensions

options _KPOSIX_PRIORITY_SCHEDULING

options ICMP_BANDLIM #Rate limit bad replies

options KBD_INSTALL_CDEV # install a CDEV entry in /dev

options AHC_REG_PRETTY_PRINT # Print register bitfields in debug

# output. Adds ~128k to driver.

options AHD_REG_PRETTY_PRINT # Print register bitfields in debug

# output. Adds ~215k to driver.

##################this is ok for ipfw#######

#options IPFIREWALL

#options IPFIREWALL_VERBOSE

#options IPFIREWALL_VERBOSE_LIMIT=90

#options IPFIREWALL_DEFAULT_TO_ACCEPT

#options IPDIVERT

####################for bridge############

options BRIDGE

options IPFILTER

options ACCEPT_FILTER_DATA

options ACCEPT_FILTER_HTTP

options ICMP_BANDLIM

device isa

device eisa

device pci

options AUTO_EOI_1

options RANDOM_IP_ID

options TCP_DROP_SYNFIN

options PANIC_REBOOT_WAIT_TIME=0

device ata0 at isa? port IO_WD1 irq 14

device ata1 at isa? port IO_WD2 irq 15

device ata

device atadisk # ATA disk drives

device atapicd # ATAPI CDROM drives

options ATA_STATIC_ID #Static device numbering

# SCSI Controllers

device ahb # EISA AHA1742 family

device ahc # AHA2940 and onboard AIC7xxx devices

device ahd # AHA39320/29320 and onboard AIC79xx devices

device amd # AMD 53C974 (Tekram DC-390(T))

device isp # Qlogic family

device mpt # LSI-Logic MPT/Fusion

device ncr # NCR/Symbios Logic

device sym # NCR/Symbios Logic (newer chipsets)

options SYM_SETUP_LP_PROBE_MAP=0x40

# Allow ncr to attach legacy NCR devices when

# both sym and ncr are configured

device adv0 at isa?

device adw

device bt0 at isa?

device aha0 at isa?

device aic0 at isa?

device ncv # NCR 53C500

device nsp # Workbit Ninja SCSI-3

device stg # TMC 18C30/18C50

# SCSI peripherals

device scbus # SCSI bus (required)

device da # Direct Access (disks)

device cd # CD

device pass # Passthrough device (direct SCSI access)

# atkbdc0 controls both the keyboard and the PS/2 mouse

device atkbdc0 at isa? port IO_KBD

device atkbd0 at atkbdc? irq 1 flags 0x1

device psm0 at atkbdc? irq 12

device vga0 at isa?

# splash screen/screen saver

pseudo-device splash

# syscons is the default console driver, resembling an SCO console

device sc0 at isa? flags 0x100

device agp # support several AGP chipsets

device sc

options MAXCONS=2 ##

options SC_DISABLE_REBOOT

options SC_NO_CUTPASTE #

options SC_NO_FONT_LOADING #

options SC_NO_SYSMOUSE

device npx0 at nexus? port IO_NPX irq 13

# Parallel port

device ppc0 at isa? irq 7

device ppbus # Parallel port bus (required)

device plip # TCP/IP over parallel

device ppi # Parallel port interface device

device miibus # MII bus support

device rl # RealTek 8129/8139

#device ed0 at isa? port 0x300 net irq 3 iomem 0xd8000 vector edintr #

device ed0 at isa? disable port 0x300 irq 3 iomem 0xd8000

device pty

# Pseudo devices - the number indicates how many units to allocate.

pseudo-device loop # Network loopback

pseudo-device ether # Ethernet support

pseudo-device bpf #Berkeley packet filter

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有