Izpolzvam edno staro PC za router.
Vsichko na port 80 se redirektva kym squid. Ostanaloto minava direktno.
Vsichko raboti browsing, icq mirc, no ne i SSL
kogato se opitam da otvorq stranica sys https:// ne stava
razbrah che squid ne moje da obslujva ssl kato transparent.
na eth0 se vryzvam chrez pptp kym server-a
na eth1 sa clientite
pptp server 192.168.29.2
clienti 192.168.2.0/24
lokalni adresi do koito klientite trqbva da imat dostyp:
192.168.65.0/24
192.168.11.0/24
ip adres eth0: 192.168.65.90
ip adres eth1: 192.168.2.1
gateway za 192.168.29.2: 192.168.65.1
eto rezultata ot iptables-save:
Примерен код |
# Generated by iptables-save v1.2.6a on Thu Oct 7 20:16:42 2004 *nat :PREROUTING ACCEPT [117438:12154092] :POSTROUTING ACCEPT [32484:2061568] :OUTPUT ACCEPT [67718:4262264] -A PREROUTING -d 192.168.65.0/255.255.255.0 -j RETURN -A PREROUTING -d 192.168.11.0/255.255.255.0 -j RETURN -A PREROUTING -d 192.168.2.0/255.255.255.0 -j RETURN -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 -A POSTROUTING -d 192.168.65.0/255.255.255.0 -o eth0 -j SNAT --to-source 192.1 -A POSTROUTING -d 192.168.11.0/255.255.255.0 -o eth0 -j SNAT --to-source 192.1 -A POSTROUTING -o ppp0 -j MASQUERADE COMMIT # Completed on Thu Oct 7 20:16:42 2004 # Generated by iptables-save v1.2.6a on Thu Oct 7 20:16:42 2004 *filter :INPUT ACCEPT [14655915:18771453014] :FORWARD ACCEPT [6438368:9221769469] :OUTPUT ACCEPT [23009026:18469951449] -A INPUT -d 192.168.2.0/255.255.255.0 -j ACCEPT -A INPUT -s 192.168.65.30 -j ACCEPT -A INPUT -i eth0 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT -A INPUT -p tcp -m tcp --dport 0:1023 --tcp-flags SYN,RST,ACK SYN -j REJECT -- -A INPUT -p tcp -m tcp --dport 2049 --tcp-flags SYN,RST,ACK SYN -j REJECT --re -A INPUT -p udp -m udp --dport 0:1023 -j REJECT --reject-with icmp-port-unreac -A INPUT -p udp -m udp --dport 2049 -j REJECT --reject-with icmp-port-unreacha -A INPUT -p tcp -m tcp --dport 6000:6009 --tcp-flags SYN,RST,ACK SYN -j REJECT -A INPUT -p tcp -m tcp --dport 7100 --tcp-flags SYN,RST,ACK SYN -j REJECT --re -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.65.0/255.255.255.0 -d 192.168.2.0/255.255.255.0 -o eth0 -A FORWARD -s 192.168.11.0/255.255.255.0 -d 192.168.2.0/255.255.255.0 -o eth0 -A FORWARD -i eth1 -o ppp0 -j ACCEPT -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu COMMIT # Completed on Thu Oct 7 20:16:42 2004
|
Примерен код |
Red Hat 8.0 Squid 2.5
|