質問編集履歴
1
s
test
CHANGED
|
File without changes
|
test
CHANGED
|
@@ -31,3 +31,125 @@
|
|
|
31
31
|
###質問
|
|
32
32
|
|
|
33
33
|
このAPサーバーはキャッシュサーバーを通じてグローバルネットワークに接続することは可能でしょうか?
|
|
34
|
+
|
|
35
|
+
|
|
36
|
+
|
|
37
|
+
###追記
|
|
38
|
+
|
|
39
|
+
キャッシュサーバー
|
|
40
|
+
|
|
41
|
+
net.ipv4.ip_forward = 1
|
|
42
|
+
|
|
43
|
+
iptables
|
|
44
|
+
|
|
45
|
+
```ここに言語を入力
|
|
46
|
+
|
|
47
|
+
#!/bin/bash
|
|
48
|
+
|
|
49
|
+
internal_net='192.168.1.0/24'
|
|
50
|
+
|
|
51
|
+
my_internal_ip='192.168.1.1'
|
|
52
|
+
|
|
53
|
+
local1='192.168.0.0/16'
|
|
54
|
+
|
|
55
|
+
local2='127.0.0.0/8'
|
|
56
|
+
|
|
57
|
+
iptables -F
|
|
58
|
+
|
|
59
|
+
iptables -X
|
|
60
|
+
|
|
61
|
+
iptables -P INPUT DROP
|
|
62
|
+
|
|
63
|
+
iptables -P OUTPUT ACCEPT
|
|
64
|
+
|
|
65
|
+
iptables -P FORWARD DROP
|
|
66
|
+
|
|
67
|
+
iptables -A INPUT -i lo -j ACCEPT
|
|
68
|
+
|
|
69
|
+
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
|
70
|
+
|
|
71
|
+
iptables -A FORWARD -i eth1 -o eth0 -s $internal_net -j ACCEPT
|
|
72
|
+
|
|
73
|
+
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
|
|
74
|
+
|
|
75
|
+
iptables -t nat -A POSTROUTING -o eth0 -s $internal_net -j MASQUERADE
|
|
76
|
+
|
|
77
|
+
iptables -A OUTPUT -o eth0 -d $local1 -j DROP
|
|
78
|
+
|
|
79
|
+
iptables -A OUTPUT -o eth0 -d $local2 -j DROP
|
|
80
|
+
|
|
81
|
+
iptables -A INPUT -f -j LOG --log-prefix '[IPTABLES FRAGMENT] : '
|
|
82
|
+
|
|
83
|
+
iptables -A INPUT -f -j DROP
|
|
84
|
+
|
|
85
|
+
iptables -N LOG_PINGDEATH
|
|
86
|
+
|
|
87
|
+
iptables -A LOG_PINGDEATH -m limit --limit 1/s --limit-burst 4 -j ACCEPT
|
|
88
|
+
|
|
89
|
+
iptables -A LOG_PINGDEATH -j LOG --log-prefix '[IPTABLES PINGDEATH] : '
|
|
90
|
+
|
|
91
|
+
iptables -A LOG_PINGDEATH -j DROP
|
|
92
|
+
|
|
93
|
+
iptables -A INPUT -p icmp --icmp-type echo-request -j LOG_PINGDEATH
|
|
94
|
+
|
|
95
|
+
iptables -A INPUT -d 255.255.255.255 -j DROP
|
|
96
|
+
|
|
97
|
+
iptables -A INPUT -d 224.0.0.1 -j DROP
|
|
98
|
+
|
|
99
|
+
iptables -A INPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset
|
|
100
|
+
|
|
101
|
+
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
|
|
102
|
+
|
|
103
|
+
iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
|
|
104
|
+
|
|
105
|
+
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
|
|
106
|
+
|
|
107
|
+
iptables -N LOGGING
|
|
108
|
+
|
|
109
|
+
iptables -A LOGGING -j LOG --log-level warning --log-prefix "DROP:" -m limit
|
|
110
|
+
|
|
111
|
+
iptables -A LOGGING -j DROP
|
|
112
|
+
|
|
113
|
+
iptables -A INPUT -j LOGGING
|
|
114
|
+
|
|
115
|
+
iptables -A FORWARD -j LOGGING
|
|
116
|
+
|
|
117
|
+
iptables-save
|
|
118
|
+
|
|
119
|
+
exit 0
|
|
120
|
+
|
|
121
|
+
```
|
|
122
|
+
|
|
123
|
+
|
|
124
|
+
|
|
125
|
+
APサーバー
|
|
126
|
+
|
|
127
|
+
/etc/network/interfaces
|
|
128
|
+
|
|
129
|
+
```ここに言語を入力
|
|
130
|
+
|
|
131
|
+
# This file describes the network interfaces available on your system
|
|
132
|
+
|
|
133
|
+
# and how to activate them. For more information, see interfaces(5).
|
|
134
|
+
|
|
135
|
+
|
|
136
|
+
|
|
137
|
+
# The loopback network interface
|
|
138
|
+
|
|
139
|
+
auto lo
|
|
140
|
+
|
|
141
|
+
iface lo inet loopback
|
|
142
|
+
|
|
143
|
+
|
|
144
|
+
|
|
145
|
+
# The primary network interface
|
|
146
|
+
|
|
147
|
+
auto eth0
|
|
148
|
+
|
|
149
|
+
iface eth0 inet static
|
|
150
|
+
|
|
151
|
+
address 192.168.0.2
|
|
152
|
+
|
|
153
|
+
netmask 255.255.255.0
|
|
154
|
+
|
|
155
|
+
```
|