|
vi /etc/ipnat.rules
代码如下:
#连接外网IP 192.168.10.10
#连接内网网段IP1 192.168.15.0/24内网网段IP2 192.168.16.0/24
#服务器IP地址 192.168.10.200
#把所有的内部网络IP伪装成外网IP
map net0 192.168.15.0/24 -> 192.168.10.10/32 portmap tcp/udp auto
map net0 192.168.15.0/24 -> 192.168.10.10/32
map net0 192.168.16.0/24 -> 192.168.10.10/32 portmap tcp/udp auto
map net0 192.168.16.0/24 -> 192.168.10.10/32
#把对连接外网IP的FTP服务映射到服务网络的FTP服务器上
rdr net0 192.168.10.0/24 port 20 -> 192.168.15.200 port 20
rdr net0 192.168.10.0/24 port 21 -> 192.168.15.200 port 21
vi /etc/ipf.rules
代码如下:
#阻塞所有存在安全问题的数据包
block in log quick all with short
block in log quick all with ipopts
block in log quick all with frag
block in log quick all with opt lsrr
block in log quick all with opt ssrr
#外部网络的数据只有FTP(使用20和21端口)
pass in quick on 192.168.10.10 proto tcp from any to any port = 20 keep state
pass in quick on 192.168.10.10 proto tcp from any to any port = 21 keep state
#内部网络可以访问外部网络
pass out log on net0 proto icmp all keep state
pass out log on net0 proto tcp/udp from any to any keep state
#阻塞外部网络的其它请求'
block return-rst in log on net0 proto tcp from any to 192.168.10.10 flags S/SA
block return-icmp(net-unr) in log on net0 proto udp from any to 192.168.10.10
block in log on net0 all
以上我加 规则 能达到代理目的 更多规则可以自己添加
vi /etc/rc2.d/S99ipnat
#加载规则
/etc/ipf -Fa -f /etc/ipf.rules
/etc/ipnat -CF -f /etc/ipnat.rules
sco 5.07 已经提供ipnat ipf ipstat ipmon (ipstat ipmon 查看规则命令)
5.07以下 我没测试不知道有没有
如果没有 到官方ftp下载一个 安装就行了
ftp://ftp.sco.com/pub/TLS/tls709.tar.Z 安装包
ftp://ftp.sco.com/pub/TLS/tls079.ltr 说明
安装我说下
uncompress tls709.tar.Z
tar xvf tls709.tar
cp -r /etc/conf/pack.d/ip /usr/ 备份
cp -r /etc/conf/pack.d/tcp /usr/ 备份
cp * /tmp/ipfilter/ipl-driver/ip (解压目录) /etc/conf/pack.d/ip
cp * /tmp/ipfilter/ipl-driver/tcp (解压目录) /etc/conf/pack.d/tcp
cd /tmp/ipfilter/ipl-driver
/etc/conf/bin/idinstall -k -a ipl
cp /tmp/ipfilter/ipl-bin/* /etc
/etc/conf/cf.d/link_unix -y 连接核心
|
相关文章
