需求說明：此服務器用作網關、MAIL(開啟web、smtp、pop3)、FTP、DHCP服務器，內部一臺機器(192.168.0.254)對外提供dns服務,為了不讓無意者輕易看出此服務器開啟了ssh服務器，故把ssh端口改為2018.另把proxy的端口改為60080

eth0:218.28.20.253,外網口

eth1:192.168.0.1/24,內網口

[jackylau@proxyserver init.d]$cat /etc/squid/squid.conf(部份如下)

http_port 192.168.0.1:60080

httpd_accel_port 80

httpd_accel_host virtual

httpd_accel_with_proxy on

httpd_accel_uses_host_header on

acl allow_lan src 192.168.0.0/24

http_access allow allow_lan

visible_hostname proxyserver

[jackylau@proxyserver init.d]$ cat firewall

#!/bin/sh

# Author: jackylau ;

# chkconfig: 2345 08 92

# description: firewall

# Time on 2005.08.02

# killproc

# Set ENV

INET_IP="218.28.20.253"

INET_IFACE="eth0"

LAN_IP="192.168.0.1"

LAN_IP_RANGE="192.168.0.0/24"

LAN_BROADCAST_ADDRESS="192.168.0.255"

LAN_IFACE="eth1"

LO_IFACE="lo"

LO_IP="127.0.0.1"

IPTABLES="/sbin/iptables"

start(){

echo -n $"Starting firewall:"

/sbin/depmod -a

/sbin/modprobe ip_tables

/sbin/modprobe ip_conntrack

/sbin/modprobe iptable_filter

/sbin/modprobe iptable_mangle

/sbin/modprobe iptable_nat

/sbin/modprobe ipt_LOG

/sbin/modprobe ipt_limit

/sbin/modprobe ipt_state

echo "1" >; /proc/sys/net/ipv4/ip_forward