FreeBSD内核级透明代理(IPFILTER)
操作系统:FreeBSD 4.7 (带源码安装)
两块网卡:
1:3COM
2:DLINK
安装步骤:
[code:1:23e4f4bda2]
一、编译内核
cd /usr/src/sys/i386/conf
cp GENERIC proxy
vi proxy
将一下四行加入
options IPFILTER
options IPFILTER_LOG
options RANDOM_IP_ID
options BRIDGE
config proxy
cd ../../compile/proxy
make depend
make
make install
二、配置
vi /etc/rc.conf
内容如下:
gateway_enable="YES"
hostname="soocol.com" # 设为你的hostname
kern_securelevel_enable="NO"
nfs_reserved_port_only="NO"
sendmail_enable="NONE" # 用作nat/firewall, 不需要 sendmail
sshd_enable="YES" #
usbd_enable="NO"
cron_enable="NO"
network_interfaces="rl0 rl1 lo0"
ifconfig_rl0="202.102.121.67 netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.0.1 netmask 255.255.255.0"
ifconfig_lo0="inet 127.0.0.1"
# 设置IPFILTER
ipfilter_enable="YES"
ipfilter_flags=""
ipmon_enable="YES"
ipmon_flags="-Dsvn"
ipnat_enable="YES"
vi /etc/resolv.conf
内容为:
nameserver 211.167.97.67
nameserver 202.99.96.68
三、设置IPNAT
vi /usr/local/etc/rc.d/ipnat.sh
内容为:
#!/bin/sh
[ -x /sbin/ipnat ] && /sbin/ipnat -CF -f /etc/ipnat.rules && ipf=-y && echo -n 'ipnat'
vi /etc/ipnat.rules
内容为:
map rl0 192.168.0.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map rl0 192.168.0.0/24 -> 0.0.0.0/32 portmap tcp/udp 10000:60000
map rl0 192.168.0.0/24 -> 0.0.0.0/32
[/code:1:23e4f4bda2]
重新启动系统后局域网中的其他机器将网关设为192.168.0.1就可以上网了
