[glow=570,#8B008B,6]使用 Linux 架設防火牆[/glow]
modprobe ip_tables
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
modprobe ipt_MASQUERADE
modprobe ipt_REDIRECT
modprobe ipt_REJECT
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
echo 1 > /proc/sys/net/ipv4/ip_forward
#iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
#iptables -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
#ALLOWED_ICMP="0 3 3/4 4 11 12 14 16 18"
#iptables -N icmpfilter
#for TYPE in $ALLOWED_ICMP; do
#iptables -A icmpfilter -i eth0 -p icmp --icmp-type $TYPE -j ACCEPT
#done
iptables -A PREROUTING -t nat -p tcp --dport 53 -d 61.64.94.159 -j DNAT --to 192.168.1.254:53
iptables -A PREROUTING -t nat -p udp --dport 53 -d 61.64.94.159 -j DNAT --to 192.168.1.254:53
iptables -A PREROUTING -t nat -p tcp --dport 80 -d 61.64.94.159 -j DNAT --to 192.168.1.254:80
iptables -A PREROUTING -t nat -p tcp --dport 8090 -d 61.64.94.159 -j DNAT --to 192.168.1.185:8090
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
一對一 NAT
ifconfig eth1:1 11.11.11.11 netmask 255.255.255.0 up
iptables -t nat -A PREROUTING -p all -d 11.11.11.11 -j DNAT --to 192.168.0.1
iptables -t nat -A POSTROUTING -s 192.168.0.1 -j SNAT --to 11.11.11.11