linuxÅäÖÃiptablesºÍsquid

iptables-save > ipt.v1.0
iptables-save > ipt.v1.1
iptables-restore < ipt.v1.0
cp /etc/sysconfig/iptables iptables.raw
service iptables save
ipαװµÄ½Å±¾Îļþiptables_masquerade
#!/bin/bash
//ÉèÖÃlinuxϵͳÔÊÐíip°üµÄת·¢
echo "1" > /proc/sys/net/ipv4/ip_forward
//¼ÓÔØʵÏÖNET¹¦ÄÜËùÐèµÄÄÚºËÄ£¿é
modprobe ip_tables
modprobe ip_nat_ftp
modprobe ip_nat_irc
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
//³õʼ»¯filter±íºÍnat±í
iptables -F
iptables -X
iptables -Z
iptables -F -t nat
iptables -X -t nat
iptables -Z -t nat
//ÉèÖùæÔòÁ´µÄĬÈϲßÂÔ
iptables -P INPUT  DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD  ACCEPT
iptables -t nat -P PREROUTING  ACCEPT
iptables -t nat -P POSTROUTING    ACCEPT
iptables -t nat -P OUTPUT ACCEPT
//ÉèÖÃÖ÷»ú·À»ðǽ²ßÂÔ
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 23 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 3128 -j ACCEPT
//ÔÚnat±íµÄPOSTROUTING¹æÔòÁ´ÖÐÌí¼ÓIPαװµÄ¹æÔò
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j MASQUERADE
chmod u+x iptables_masquerade
ls -l iptables_masquerade
./iptables_masquerade
iptables -t nat -L
http://www.ipaddressworld.com/

ÅäÖôúÀísquid
grep 'hostname' /etc/hosts
ls /var/spool/squid/
squid -z
ls /var/spool/squid/
service squid start
netstat -ntpl | grep squid
cd /etc/squid/
·þÎñ¶Ë¿Ú
http_port 3128
//¸ÄΪ
http_port 8080
//»ò
http_port 3128 8080
»º³åÄÚ´æÊýÁ¿
cache_mem 8MB
//¸ü¸ÄΪ
cache_mem 64MB
grep ^http_access squid.conf
grep ^acl squid.conf
\?
//ÔÚsquid.confÅäÖÃÎļþÖÐÐèÒªÌí¼ÓÈçϵķÃÎÊ¿ØÖÆÁбí
acl clients src 192.168.1.0/24
//ÔÚsquid.confÎļþµÄhttp_access deny allÉèÖÃÐÐ֮ǰÌí¼ÓÈçÏÂÉèÖãº
http_access allow clients
# http_access deny all
ÅäÖÃ͸Ã÷´úÀí·þÎñÆ÷
1ÅäÖÃsquid.confÎļþ
vi /etc/squid/squid.conf
//ÔÚÅäÖÃÎļþÖÐÌí¼ÓÒÔϵÄÅ