In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/03 Report--
Compile and install a new version of iptables
Back up some important files of the original iptables
[root@mail ~] # cp / etc/init.d/iptables / root/
[root@mail ~] # cp / etc/sysconfig/iptables-config / root/
Uninstall the original iptables
[root@mail ~] # service iptables stop
[root@mail ~] # chkconfig iptables off
[root@mail] # rpm-e iptables-ipv6 iptables iptstate-- nodeps
Warning: / etc/sysconfig/iptables-config saved as / etc/sysconfig/iptables-config.rpmsave
Install iptables.1.4.6
[root@mail src] # tar-jxvf iptables-1.4.6.tar.bz2
[root@mail iptables-1.4.6] # cp / usr/local/src/netfilter-layer7-v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/libxt_layer7. / usr/local/src/iptables-1.4.6/extensions/
Here the latter path is specified as your linux kernel source path
[root@mail iptables-1.4.6] # / configure-- prefix=/usr-- with-ksource=/usr/local/src/linux
[root@mail iptables-1.4.6] # make
[root@mail iptables-1.4.6] # make install
Modify the partial code of the iptables service script:
If [!-x / usr/sbin/$IPTABLES]; then
Echo-n "/ usr/sbin/" / usr/sbin/ "/ usr/sbin/IPTABLES does not exist."; warning; echo
Exit 0
Then copy the modified script with another configuration file and re-add iptables to the system service
[root@mail iptables-1.4.6] # cp / root/iptables / etc/init.d/
[root@mail iptables-1.4.6] # cp / root/iptables-config / etc/sysconfig/
[root@mail iptables-1.4.6] # chkconfig-- add iptables
Install extensions based on protocol filtering
[root@mail src] # tar-zxvf l7-protocols-2009-05-28.tar.gz
[root@mail l7-protocols-2009-05-28] # make install
Mkdir-p / etc/l7-protocols
Cp-R / etc/l7-protocols
[root@mail l7-protocols-2009-05-28] # service iptables restart
Agent surfing the Internet
The following three devices are available
Linux redhat device A:
Nic 1 bridged, ip address 192.168.1.11
Nic 2 host only, ip address 192.168.128.130
Linux redhat device B (Internet access):
Network card bridging, ip address 192.168.1.7, default gateway 192.168.1.1 (Internet access gateway)
The nameserver value in / etc/resolv.conf is also 192.168.1.1.
Windowsxp device C
Network card host only, ip address 192.168.128.131, default gateway 192.168.128.130
Device c is now required to allow device b to give it an agent so that it can access the Internet.
First of all, let the c device ping the b device
Add a nat rule for iptables on a device:
[root@mail l7-protocols-2009-05-28] # iptables-t nat-A POSTROUTING-s 192.168.128.0 SNAT 24-j SNAT-- to-source 192.168.1.11
Since the ip_forward of device an is on, device c is already able to ping device b.
Then let device c also have access to the Internet
At this time, device c only needs to use the dns address as well as the dns address of device b to surf the Internet.
Restrict qq login
Add the following rules to device a
[root@mail l7-protocols-2009-05-28] # iptables-A FORWARD-s 192.168.128.0 layer7 24-m layer7-- l7proto qq-j REJECT
Then log in to qq and you will be prompted as follows:
If you have previously logged in to qq, this restriction will not take effect until the user goes offline and logs in again.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.