Re: [Linux-sunucu] squid proxy kurulumu ????

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Tufan BIYIKTAS (tufan.biyiktas@gmail.com)
Date: Mon 25 Apr 2005 - 22:43:29 EEST

Previous message: ATM/Network Grp.Bşk.Webmaster: "RE: [Linux-sunucu] farkli kullanici ile <1024 port calistirma."
In reply to: Yunus ÇİÇEK: "Re: [Linux-sunucu] squid proxy kurulumu ????"
Next in thread: Ersin ARIKAN: "RE: [Linux-sunucu] squid proxy kurulumu ????"

baska orneklerde bulabilirsiniz.
scriptteki internal ve external eth leri ayarlayip ./router olarak
calistirin

Yunus ÇİÇEK wrote:

> IP forwarding enable olması sadece ethernetler arası geçişi sağlar bu
> olmaksızın iki ethernet arasında geçiş yapamazsınız yani bu zaten ön
> koşuldur.
>
> ancak clientların internete bu şekilde erişimi mümkün değildir.
> paketler hedef adrese gider ama cevabı geriye dönemez.
> (nasıl dönsünki internette 192.168.x.x numaralı yada 10.0.x.x numaralı
> ip yokki)
> Local netteki PC lerin bir arabirime ihtiyacı olur yada başka deyişle
> server,ın kendi IP sini (internette tanınan mesela 81.14.47.123)
> clientlara kullandırması ve gelen paketleri ilgili clienta aktarması
> gerekir.
> yani kısaca NAT (Network Adres Translation) yapmanız gerekir.iptables
> -t nat -A POSTROUTING -o eth+ -j MASQUERADE
>
>
> ipforwarding enable edildikten sonra
> # iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
> komutunu yazmak suretiyle proxy olmaksızın internete çıkablirsiniz.
>
> İyi Çalışmalar
>
> Yunus ÇİÇEK
>
> ----- Original Message ----- From: "Ersin ARIKAN"
> <earikan@tepeinsaat.com.tr>
> To: <linux-sunucu@liste.linux.org.tr>
> Sent: Monday, April 25, 2005 4:50 PM
> Subject: RE: [Linux-sunucu] squid proxy kurulumu ????
>
>
> Cok emin degilim ama Proxy kullanmadan client leri internete cıkarmak
> istiyorsan nat kurali yazman gerekir diye dusunuyorum
>
> -----Original Message-----
> From: linux-sunucu-bounces@liste.linux.org.tr
> [mailto:linux-sunucu-bounces@liste.linux.org.tr] On Behalf Of Mevlüt
> KOÇAK
> Sent: 25 Nisan 2005 Pazartesi 15:47
> To: linux-sunucu@liste.linux.org.tr
> Subject: Re: [Linux-sunucu] squid proxy kurulumu ????
>
> ip forward açık. client makinalardan web server'a ping çekilebiliyor..
>
> bu durumda proxy server'i devreye sokmadan internetin diğer
> bilgisayarlardan da kullanılması gerekmez mi?
>
> Ersin ARIKAN yazmış:
>
>> Ip forward acikmi çift Ethernet kullaniyorsaniz ip forward I
>> acmalisiniz.
>> Squid konfigrasyonunu icin squid-cache.org daki howto dan
>> faydalanabilirsiniz tabi transperan proxy kurmadiysaniz client makineler
>> icin internet explorerda lan settings den ufak ayar yapmak gerekir.
>>
>
>
> _______________________________________________
> Linux-sunucu mailing list
> Linux-sunucu@liste.linux.org.tr
> http://liste.linux.org.tr/mailman/listinfo/linux-sunucu
> _______________________________________________
> Linux-sunucu mailing list
> Linux-sunucu@liste.linux.org.tr
> http://liste.linux.org.tr/mailman/listinfo/linux-sunucu
>
> _______________________________________________
> Linux-sunucu mailing list
> Linux-sunucu@liste.linux.org.tr
> http://liste.linux.org.tr/mailman/listinfo/linux-sunucu
>

#!/bin/bash
####################################################################
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
####################################################################
EXTIF="eth1"
INTIF="eth0"
echo "External Interface: $EXTIF"
echo "Internal Interface: $INTIF"
####################################################################
echo -en "Loading modules: "

echo "- Verifying that all kernel modules are ok"
$DEPMOD -a

echo -en "ip_tables, "
$MODPROBE ip_tables

echo -en "ip_conntrack, "
$MODPROBE ip_conntrack

echo -en "ip_conntrack_ftp, "
$MODPROBE ip_conntrack_ftp

echo -en "ip_conntrack_irc, "
$MODPROBE ip_conntrack_irc

echo -en "iptable_nat, "
$MODPROBE iptable_nat

echo -en "ip_nat_ftp, "
$MODPROBE ip_nat_ftp

echo -e " Done.\n"

########################################################################
# CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in
# /etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
########################################################################
echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward

#########################################################################
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP,
# enable this following option. This enables dynamic-address hacking
# which makes the life with Diald and similar programs much easier.
#
# echo " Enabling DynamicAddr.."
# echo "1" > /proc/sys/net/ipv4/ip_dynaddr
##########################################################################

##########################################################################
# Enable simple IP forwarding and Masquerading
#
# NOTE: In IPTABLES speak, IP Masquerading is a form of SourceNAT or SNAT.
#
# NOTE #2: The following is an example for an internal LAN address in the
# 192.168.0.x network with a 255.255.255.0 or a "24" bit subnet mask
# connecting to the Internet on external interface "eth0". This
# example will MASQ internal traffic out to the Internet but not
# allow non-initiated traffic into your internal network.
#
#
# ** Please change the above network numbers, subnet mask, and your
# *** Internet connection interface name to match your setup
#
###########################################################################

###########################################################################
# Clearing any previous configuration
#
# Unless specified, the defaults for INPUT and OUTPUT is ACCEPT
# The default for FORWARD is DROP (REJECT is not a valid policy)
#
############################################################################
echo " Clearing any existing rules and setting default policy.."

$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

echo " FWD: Allow all connections OUT and only existing and related ones IN"

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
#$IPTABLES -A FORWARD -i $INTIF -o $EXTIF --protocol tcp --destination-port 80 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF --protocol tcp --destination-port 110 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF --protocol tcp --destination-port 25 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF --protocol tcp --destination-port 443 -j ACCEPT
$IPTABLES -A FORWARD -j LOG

###########################################################################
#echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"

$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

############################################################################

_______________________________________________
Linux-sunucu mailing list
Linux-sunucu@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-sunucu

Previous message: ATM/Network Grp.Bşk.Webmaster: "RE: [Linux-sunucu] farkli kullanici ile <1024 port calistirma."
In reply to: Yunus ÇİÇEK: "Re: [Linux-sunucu] squid proxy kurulumu ????"
Next in thread: Ersin ARIKAN: "RE: [Linux-sunucu] squid proxy kurulumu ????"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

Bu arsiv hypermail 2.1.2 tarafindan uretilmistir.