加载ftp模块:
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
外网口:
eth0 213.88.181.68
内网口:
ech1 192.168.150.3
FTP服务器:
192.168.150.10
HTTP服务器:
192.168.150.10
通过地址:
213.88.181.68即可访问192.168.150.10的FTP服务和HTTP服务
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
外网口:
eth0 213.88.181.68
内网口:
ech1 192.168.150.3
FTP服务器:
192.168.150.10
HTTP服务器:
192.168.150.10
通过地址:
213.88.181.68即可访问192.168.150.10的FTP服务和HTTP服务
加载ftp模块:
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
外网口:
eth0 213.88.181.68
内网口:
ech1 192.168.150.3
FTP服务器:
192.168.150.10
HTTP服务器:
192.168.150.10
通过地址:
213.88.181.68即可访问192.168.150.10的FTP服务和HTTP服务
#!/bin/sh
EXTIF=eth0
INTIF=eth1
EXTIP=213.88.181.68
INTIP=192.168.150.3
LOCALNET=192.168.150.0
FTPSVR=192.168.150.10
HTTPSVR=192.168.150.10
# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# Load modules
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
# Set default policies and flush tables
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD ACCEPT
iptables -F FORWARD
# Masquerade on $EXTIF
iptables -t nat -A POSTROUTING -o $EXTIF -s $LOCALNET/24 -d !
$LOCALNET/24 \ # here I have tried both with and without the -d
! $LOCALNET/24
-j SNAT --to $EXTIP
# Forward ftp traffic to internal server
iptables -t nat -A PREROUTING -d $EXTIP -p TCP --dport 21 \
-j DNAT --to $FTPSVR:21
# Forward http traffic to internal server
iptables -t nat -A PREROUTING -d $EXTIP -p TCP --dport 80 \
-j DNAT --to $HTTPSVR:80
具体内容请参看:
http://lists.netfilter.org/pipermail/netfilter/2004-February/050844.html
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
外网口:
eth0 213.88.181.68
内网口:
ech1 192.168.150.3
FTP服务器:
192.168.150.10
HTTP服务器:
192.168.150.10
通过地址:
213.88.181.68即可访问192.168.150.10的FTP服务和HTTP服务
#!/bin/sh
EXTIF=eth0
INTIF=eth1
EXTIP=213.88.181.68
INTIP=192.168.150.3
LOCALNET=192.168.150.0
FTPSVR=192.168.150.10
HTTPSVR=192.168.150.10
# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# Load modules
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
# Set default policies and flush tables
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD ACCEPT
iptables -F FORWARD
# Masquerade on $EXTIF
iptables -t nat -A POSTROUTING -o $EXTIF -s $LOCALNET/24 -d !
$LOCALNET/24 \ # here I have tried both with and without the -d
! $LOCALNET/24
-j SNAT --to $EXTIP
# Forward ftp traffic to internal server
iptables -t nat -A PREROUTING -d $EXTIP -p TCP --dport 21 \
-j DNAT --to $FTPSVR:21
# Forward http traffic to internal server
iptables -t nat -A PREROUTING -d $EXTIP -p TCP --dport 80 \
-j DNAT --to $HTTPSVR:80
具体内容请参看:
http://lists.netfilter.org/pipermail/netfilter/2004-February/050844.html
发表评论