笔记: Linux 简单的网关脚本


这个现在用到的机会不多了, 因为无线路由器什么的都是现成的网关了. 但如果要在一台 Linux 主机上建一些虚拟机, 可能还用的到. eth0 是外网网卡, br0 是局域网网桥.

#!/bin/sh
#this is /etc/network/if-up.d/gateway

PATH=/usr/sbin:/sbin:/bin:/usr/bin

#
# delete all existing rules.
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT

# Allow established connections, and those not coming from the outside
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW ! -i eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o br0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i br0 -o eth0 -j ACCEPT

# Masquerade.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# Don't forward from the outside to the inside.
iptables -A FORWARD -i eth0 -o eth0 -j REJECT

# Enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward

# Kernel mods for FTP
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

🙂

,

3 responses to “笔记: Linux 简单的网关脚本”

  1. 常用的Linux系统有哪些,初学者适合安装什么系统?如果想学习redhat系统,是不是从centos开始学习是一个比较好的选择?