[ darkopopovic @ 17.02.2008. 16:43 ] @
Pozdrav, Podigo sam Centos 5 i na njemu instaliro Squid 2.6 STABLE6 da radi kao transparentni Proxy. Potom sam naso skriptu za iptables(koja mi najvise zadaje problem) Sve radi bez problema dok ne rebutujem racunar onda skriptu moram ponovo da pokrenem. Kako mogu da sacuvam podesavanja iptables posle rebutovanja racunara ? fw.proxy shell script je : #!/bin/sh # squid server IP SQUID_SERVER=“192.168.1.1″ # Interface connected to Internet INTERNET=“eth0″ # Interface connected to LAN LAN_IN=“eth1″ # Squid port SQUID_PORT=“3128″ # DO NOT MODIFY BELOW # Clean old firewall iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # Load IPTABLES modules for NAT and IP conntrack support modprobe ip_conntrack modprobe ip_conntrack_ftp # For win xp ftp client #modprobe ip_nat_ftp echo 1 > /proc/sys/net/ipv4/ip_forward # Setting default filter policy iptables -P INPUT DROP iptables -P OUTPUT ACCEPT # Unlimited access to loop back iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Allow UDP, DNS and Passive FTP iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT # set this system as a router for Rest of LAN iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT # unlimited access to LAN iptables -A INPUT -i $LAN_IN -j ACCEPT iptables -A OUTPUT -o $LAN_IN -j ACCEPT # DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT # if it is same system iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT # DROP everything and Log it iptables -A INPUT -j LOG iptables -A INPUT -j DROP Pokrecem je sa: # chmod +x /etc/fw.proxy # /etc/fw.proxy # service iptables save # chkconfig iptables on |