|
|
小弟我刚刚接触,看了前辈们的精华,我拿来用了,我想让部份IP地址上网(ETH0接外网,ETH1拉内网),不知这样行不?
iptables -F
iptables -F -t nat
iptables -X
iptables -Z
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A FORWARD -i eth1 -s 192.168.0.2 -j ACCEPT
iptables -A FORWARD -i eth1 -s 192.168.0.3 -j ACCEPT
iptables -A FORWARD -i eth1 -s 192.168.0.4-j ACCEPT
iptables -A FORWARD -i eth1 -s 192.168.0.50 -j ACCEPT
iptables -A FORWARD -i eth1 –m iprange –src -rang 192.168.0.200-192.168.0.253 -j ACCEPT
iptables -A FORWARD -i eth1 -o ppp0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ppp0 -o eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
arp -f
各位大侠,烦请批示!!可行我就这样改了! |
|
IP卡
狗仔卡
发表于 2007-6-29 10:18:36
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡