如果喜欢设置自己杭州的DNS,也不像 RHEL/CentOS 那样把iptables设置为服务,ADSL会在不久之后重新连接,备份一份出来仔细研究吧, 四、Iptables Ubuntu安装了 iptables, # 原格式 1361289819.737 21 192.168.1.100 TCP_DENIED/403 4295 GET - NONE/- text/html # 新格式 192.168.1.100 [21/Feb/2013:13:29:45 +0800] 200 13813 TCP_MISS:DIRECT GET "http://common.cnblogs.com/editor/tiny_mce/plugins/insertCode/images/insertCode.gif" image/gif # # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 # example lin deb packages #refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600 refresh_pattern . 0 20% 4320 内网Firefox设置代理 192.168.1.1:3128 上网正常! 三、PPPOE 1、安装、设置 $ sudo apt-get install pppoe 撤掉宽带路由器。
先连接了宽带路由器,,试试断开ADSL、重启网络、拔掉ADSL网线片刻再插上等操作,网卡 eth0 空置,否则在远程服务器上会收到包含内网IP杭州的 HTTP头数据(X_Forwarded_for) acl_uses_indirect_client on delay_pool_uses_indirect_client on http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet # 修改后杭州的 http_port 192.168.1.1:3128 # 修改后杭州的 cache_mem 1024 MB #自己看情况设定,注:auto dsl-provider开始杭州的内容是pppoeconf向导添加杭州的: $ cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information,按照自己杭州的需要修改成如下内容: # Copied from Centos6 # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,则 $ sudo vi /etc/resolv.conf nameserver 8.8.8.8 3、网络接口, 2、DNS DNS设置在 pppoeconf向导中可以设置为从ISP获得,这个配置文件包含详细杭州的说明,总共5700多行,最后出来这么个配置文件: acl alldst dst all acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 192.168.1.0/16 # 修改后杭州的 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT forwarded_for delete # 修改后杭州的。
IP 192.168.1.1/24,遇到很多问题,分配约200G做cache,但默认没有启动iptables,再填上宽带用户名和密码,有点儿长,宽带猫直接连到eth0,这个时间么,ADSL连接就设好了,找到/etc/ppp/options 文件里如下几行 # Do not exit after a connection is terminated; instead try to reopen # the connection. # persist 去掉 # persist 之前杭州的"# ",懒得弄了,用Ubuntu源里杭州的3.1.19吧,更方便阅读,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state -s 192.168.1.0/24 --state NEW -m tcp -p tcp --dport 22 -j ACCEPT #仅允许内网连接ssh -A INPUT -m state -s 192.168.1.0/24 --state NEW -m tcp -p tcp --dport 3128 -j ACCEPT #仅允许内网连接代理服务 -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT 编辑网络配置文件。
, 在相应网卡杭州的配置文件里增加一句 pre-up iptables-restore /etc/iptables 我杭州的配置如下: $ sudo vi /etc/network/interfaces auto dsl-provider iface dsl-provider inet ppp pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf pre-up iptables-restore /etc/iptables provider dsl-provider 重启网络 $ sudo /etc/init.d/networking restart 用nmap测试: 配置iptables之前 Nmap scan report for 113.227.36.81 Host is up (0.25s latency). Not shown: 992 closed ports PORT STATE SERVICE 22/tcp open ssh 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 593/tcp filtered http-rpc-epmap 1025/tcp filtered NFS-or-IIS 1434/tcp filtered ms-sql-m 4444/tcp filtered krb524 之后 Nmap scan report for 113.227.56.137 Host is up (0.48s latency). Not shown: 999 filtered ports PORT STATE SERVICE 113/tcp closed auth Nmap scan report for 192.168.1.1 Host is up (0.00022s latency). Not shown: 998 filtered ports PORT STATE SERVICE 22/tcp open ssh 3128/tcp open squid-http 内网Firefox设置代理 192.168.1.1:3128 上网正常! 下一步要试试透明代理~~~~~ 参考: 配置Squid代理http和rsync Linux下防火墙iptables用法规则详解 Squid:实现高速杭州的Web访问 CentOS 6.2 编译安装Squid 配置反向代理服务器 简单配置Squid代理和反向代理 CentOS 6.4下DNS+Squid+Nginx+MySQL搭建高可用Web服务器 Squid 杭州的详细介绍 :请点这里 Squid 杭州的下载地址 :请点这里 本文永久更新链接地址: ,手动管理ADSL指令如下: $ ifconfig ppp0 #查看ADSL连接状态 $ sudo pon dsl-provider #手动连接ADSL $ sudo poff #手动断开ADSL $ sudo plog #查看ADSL连接日志,从Centos里复制出来一份 iptables 配置文件, 二、Squid3 尝试源码安装当前最新杭州的Squid3.3, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback auto eth1 iface eth1 inet static address 192.168.1.1 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 # gateway 192.168.1.254 dns-nameservers 8.8.8.8 dnd-search domain.com auto dsl-provider iface dsl-provider inet ppp pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf provider dsl-provider auto eth0 iface eth0 inet manual
