日韩无码专区无码一级三级片|91人人爱网站中日韩无码电影|厨房大战丰满熟妇|AV高清无码在线免费观看|另类AV日韩少妇熟女|中文日本大黄一级黄色片|色情在线视频免费|亚洲成人特黄a片|黄片wwwav色图欧美|欧亚乱色一区二区三区

服務(wù)器采用Ubuntu作為操作系統(tǒng)，兩塊網(wǎng)卡，一塊接外網(wǎng)（eth0），一塊接內(nèi)網(wǎng)（eth1）。采用shorewall作為防火墻。

創(chuàng)新互聯(lián)成都企業(yè)網(wǎng)站建設(shè)服務(wù)，提供成都網(wǎng)站制作、成都網(wǎng)站設(shè)計(jì)網(wǎng)站開發(fā),網(wǎng)站定制,建網(wǎng)站,網(wǎng)站搭建,網(wǎng)站設(shè)計(jì),響應(yīng)式網(wǎng)站建設(shè),網(wǎng)頁(yè)設(shè)計(jì)師打造企業(yè)風(fēng)格網(wǎng)站,提供周到的售前咨詢和貼心的售后服務(wù)。歡迎咨詢做網(wǎng)站需要多少錢:18982081108

配置網(wǎng)卡：

sudo vi /etc/network/interfaces

Ubuntu下設(shè)置shorewall防火墻

服務(wù)器采用Ubuntu作為操作系統(tǒng)，兩塊網(wǎng)卡，一塊接外網(wǎng)（eth0），一塊接內(nèi)網(wǎng)（eth1）。采用shorewall作為防火墻。

配置網(wǎng)卡：

sudo vi /etc/network/interfaces
------------------------------------------------
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# This is a list of hotpluggable network interfaces.
# They will be activated automatically by the hotplug subsystem.
mapping hotplug
script grep
map eth0

# The primary network interface
iface eth0 inet static
address 192.168.2.250
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 202.96.209.6

auto eth1
iface eth1 inet static
address 192.168.10.254
netmask 255.255.255.0
network 192.168.10.0
broadcast 192.168.10.255

1、安裝shorewall

sudo apt-get install shorewall

2、拷貝配置文件

sudo cp /usr/share/shorewall/modules /etc/shorewall

sudo cp /usr/share/doc/shorewall/default-config/policy /etc/shorewall/

sudo cp /usr/share/doc/shorewall/default-config/nat /etc/shorewall/

sudo cp /usr/share/doc/shorewall/default-config/zones /etc/shorewall/

sudo cp /usr/share/doc/shorewall/default-config/maclist /etc/shorewall/

sudo cp /usr/share/doc/shorewall/default-config/blacklist /etc/shorewall/

sudo cp /usr/share/doc/shorewall/default-config/interfaces /etc/shorewall/interfaces

sudo cp /usr/share/doc/shorewall/default-config/rules /etc/shorewall/rules

sudo cp /usr/share/doc/shorewall/default-config/hosts /etc/shorewall/hosts

sudo cp /usr/share/doc/shorewall/default-config/masq /etc/shorewall/masq

3、配置網(wǎng)卡

sudo vi /etc/shorewall/interfaces

在倒數(shù)第二行，也就是在 “#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE” 這一行之后加上：

net eth0 detect

loc eth1 detect

4、配置網(wǎng)絡(luò)別名

sudo vi /etc/shorewall/zones

在倒數(shù)第二行，也就是在 “#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE” 這一行之后加上：

net Net Internet

loc Local Local Networks

5、配置IP偽裝，也就是透明代理

sudo vi /etc/shorewall/masq

在倒數(shù)第二行，也就是在 “#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE” 這一行之后加上：

eth0 eth1

6、配置策略

sudo vi /etc/shorewall/policy

在#LAST LINE -- DO NOT REMOVE這一行最后加上：

loc net ACCEPT

net all DROP info

all all REJECT info

7、配置防火墻規(guī)則

sudo vi /etc/shorewall/rules

在倒數(shù)第二行，也就是在 “#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE” 這一行后加上：

#incoming traffic (由 internet 去 firewall)

AllowSSH net fw

AllowDNS net fw

AllowWeb net fw

AllowSMB net fw

AllowNNTP net fw

AllowNTP net fw

AllowRdate net fw

AllowSMTP net fw

DropPing net fw

#outgoing traffic (由 firewall 去 internet)

AllowWeb fw net

AllowDNS fw net

AllowSMTP fw net

AllowSMB fw net

AllowSMTP fw net

AllowNNTP fw net

AllowNTP fw net

AllowRdate fw net

AllowSSH fw net

#open special ports

ACCEPT net fw tcp 9980

8、修改 shorewall.conf 自動(dòng)開啟 IP 轉(zhuǎn)發(fā)

sudo gedit /etc/shorewall/shorewall.conf

查找到：

IP_FORWARDING=Keep

修改為：

IP_FORWARDING=On

# 保存關(guān)閉文件

9、修改 /etc/default/shorewall 自動(dòng)運(yùn)行防火墻

sudo vi /etc/default/shorewall

查找到：

startup=0

修改為：

startup=1

10、啟動(dòng)防火墻

sudo shorewall start

11、至此防火墻配置完成。

本文標(biāo)題：UbuntuLinux系統(tǒng)下設(shè)置shorewall防火墻
文章起源：http://www.5511xx.com/article/djddjpg.html