用ipfilter在动态ip环境下做重定向( 二 ) _云知道

sed s/$EXT_ADDR/$EXT_ADDR/g /etc/ipnat.rules.nic >>/etc/ipnat.rules
#刷新规则；
/sbin/ipnat -C
/sbin/ipnat -v -f /etc/ipnat.rules
fi
fi
#end /usr/local/sbin/ipnat.sh

#!/bin/sh
#vi /usr/local/sbin/ipfrenew
#调用预先编制的脚本刷新ipf以及ipnat规则；
/usr/local/sbin/ipf.sh
/usr/local/sbin/ipnat.sh
#显示当前状况；
/sbin/ipnat -l |grep -v "<- -> "
echo List of active sessions have been cutted.
/sbin/ipfstat -if
/sbin/ipfstat -of
#end of /usr/local/sbin/ipfrenew

#设置可执行；
chmod 700 /usr/local/sbin/*

3 。在会更换ip的程序中调用/usr/local/sbin/ipfrenew
PPPoE:

#vi /etc/ppp/ppp.linkup
default:
pppoe:
shell "/usr/local/sbin/ipfrenew"
#end of /etc/ppp/ppp.linkup

#假设你的PPPoE配置名称叫pppoe;

DHCP(Cable modem):

#!/bin/sh
#vi /etc/dhclIEnt-exit-hooks
/usr/local/sbin/ipfrenew
#end of /etc/dhclient-exit-hooks

#至于说调用的语法，自己查man，都说的很清楚了；

#罗嗦一句，如果你不怕麻烦，这个方法用在固定ip的环境也是可以的，就是要在/etc/rc.local中调用/usr/local/sbin/ipfrenew,不能依赖
#/etc/rc.conf中的ipfilter_enable设置；因为当系统处理ipfilter_enable设置时，还没有设置default gateway；

#begin of /etc/ipnat.rules.template
rdr $EXT_NIC $EXT_ADDR/32 port 5022 -> 192.168.1.82 port 22
rdr $EXT_NIC $EXT_ADDR/32 port 5023 -> 192.168.1.82 port 23
rdr $EXT_NIC $EXT_ADDR/32 port 9900 -> 192.168.1.82 port 9900

# For 192.168.0.0/24
# ------------------------------------------------------------
# Use ipfilter FTP proxy for hosts behind NAT doing transfer
# mode active.
# ------------------------------------------------------------
map $EXT_NIC 192.168.0.0/24 -> $EXT_ADDR/32 proxy port ftp ftp/tcp

# -----------------------------------------------------------
# Use ipfilter IKE proxy for ESP packets for hosts behind NAT
# IP Filter 3.4.21 and beyond only.
# -----------------------------------------------------------
map $EXT_NIC 192.168.0.0/24 -> $EXT_ADDR/32 proxy port 500 ipsec/udp

# -----------------------------------------------------------
# Use ipfilter RealAudio proxy for hosts behind NAT
# -----------------------------------------------------------
map $EXT_NIC 192.168.0.0/24 -> $EXT_ADDR/32 proxy port 7070 raudio/tcp

# -----------------------------------------------------------
# Use ipfilter H323 proxy for hosts behind NAT
# -----------------------------------------------------------
map $EXT_NIC 192.168.0.0/24 -> $EXT_ADDR/32 proxy port 1720 h323/tcp

# -----------------------------------------------------------
# Map all internal UDP and TCP traffic to the external IP address
# -----------------------------------------------------------
map $EXT_NIC 192.168.0.0/24 -> $EXT_ADDR/32 portmap tcp/udp 40000:60000

# -----------------------------------------------------------
# Map all other traffic e.g. ICMP to the external IP address
# -----------------------------------------------------------
map $EXT_NIC 192.168.0.0/24 -> $EXT_ADDR/32
#end of /etc/ipnat.rules.template

#begin of /etc/ipf.rules.template
#ipfilter default to pass;
block in log quick all with ipopts
block in log quick all with short
block in log quick all with frag

block in log on $EXT_NIC all
block out log on $EXT_NIC all

block in quick on $EXT_NIC from 10.0.0.0/8 to any
block in log quick on $EXT_NIC from 192.168.0.0/16 to any
block in log quick on $EXT_NIC from 172.16.0.0/12 to any
block in log quick on $EXT_NIC from 127.0.0.0/8 to any
block in log quick on $EXT_NIC from 169.254.0.0/16 to any

pass in on $EXT_NIC proto icmp from any to any icmp-type echo
pass in on $EXT_NIC proto icmp from any to any icmp-type echorep

#for http and https

用ipfilter在动态ip环境下做重定向( 二 )

推荐阅读

单位新增人员参加江西省直医保所需材料

板粟和鸡肉一起煲为什么特别好吃?

敖子逸为什么不在时代少年团到底是什么原因呢

软件服务费计入什么科目

iqoo7发布会时间几月几号几点开始直播时间曝光

春天北斗星的方向

杜仲与鸡血腾可以泡酒吗?该如何搭配?

为什么说冬至大过年

电子眼违章怎样查询

庆历新政的失败原因

为什么海口特价房价那么贵，海口哪里的房价最便宜

崔明德，烟台大学现任校长房绍坤的前任是谁来着

人民大学mba，清华北大和人大的MBA有什么区别

铝合金橱柜优缺点

坚果一代，锤友一枚2

我毅然选择了魅族17 魅族17和17pro