我的LINUX是AS 3的,我安装好系统,配置了网卡的IP地址,然后编辑了你的脚本,就这样了,别的就没动过的~~ 网卡IP地址是装系统的时候就配置的了,装好系统,我就按照下面的编辑脚本:
touch /usr/local/sbin/firewall
chmod u+x /usr/local/sbin/firewall
echo "/usr/local/sbin/firewall" >>/etc/rc.local
#! /bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
IPT = "/sbin/iptables"
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
$IPT -F -t filter
$IPT -F -t nat
$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
# ALLOW ALL in PRIVATE NET
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -i eth1 -j ACCEPT
# ICMP
$IPT -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT
# KEEP CONNECTIONS
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# NAT
$IPT -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
$IPT -t nat -A PREROUTING -s ! 192.168.0.0/24 -d 1.2.3.4 -p tcp --dport 8080 -j DNAT --to 192.168.0.250
$IPT -t nat -A PREROUTING -s ! 192.168.0.0/24 -d 1.2.3.4 -p tcp --dport 554 -j DNAT --to 192.168.0.250 |