質問編集履歴
1
s
title
CHANGED
|
File without changes
|
body
CHANGED
|
@@ -14,4 +14,65 @@
|
|
|
14
14
|
キャッシュサーバーとAPサーバーはifconfigで設定済みでpingで疎通確認済みです。
|
|
15
15
|
|
|
16
16
|
###質問
|
|
17
|
-
このAPサーバーはキャッシュサーバーを通じてグローバルネットワークに接続することは可能でしょうか?
|
|
17
|
+
このAPサーバーはキャッシュサーバーを通じてグローバルネットワークに接続することは可能でしょうか?
|
|
18
|
+
|
|
19
|
+
###追記
|
|
20
|
+
キャッシュサーバー
|
|
21
|
+
net.ipv4.ip_forward = 1
|
|
22
|
+
iptables
|
|
23
|
+
```ここに言語を入力
|
|
24
|
+
#!/bin/bash
|
|
25
|
+
internal_net='192.168.1.0/24'
|
|
26
|
+
my_internal_ip='192.168.1.1'
|
|
27
|
+
local1='192.168.0.0/16'
|
|
28
|
+
local2='127.0.0.0/8'
|
|
29
|
+
iptables -F
|
|
30
|
+
iptables -X
|
|
31
|
+
iptables -P INPUT DROP
|
|
32
|
+
iptables -P OUTPUT ACCEPT
|
|
33
|
+
iptables -P FORWARD DROP
|
|
34
|
+
iptables -A INPUT -i lo -j ACCEPT
|
|
35
|
+
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
|
36
|
+
iptables -A FORWARD -i eth1 -o eth0 -s $internal_net -j ACCEPT
|
|
37
|
+
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
|
|
38
|
+
iptables -t nat -A POSTROUTING -o eth0 -s $internal_net -j MASQUERADE
|
|
39
|
+
iptables -A OUTPUT -o eth0 -d $local1 -j DROP
|
|
40
|
+
iptables -A OUTPUT -o eth0 -d $local2 -j DROP
|
|
41
|
+
iptables -A INPUT -f -j LOG --log-prefix '[IPTABLES FRAGMENT] : '
|
|
42
|
+
iptables -A INPUT -f -j DROP
|
|
43
|
+
iptables -N LOG_PINGDEATH
|
|
44
|
+
iptables -A LOG_PINGDEATH -m limit --limit 1/s --limit-burst 4 -j ACCEPT
|
|
45
|
+
iptables -A LOG_PINGDEATH -j LOG --log-prefix '[IPTABLES PINGDEATH] : '
|
|
46
|
+
iptables -A LOG_PINGDEATH -j DROP
|
|
47
|
+
iptables -A INPUT -p icmp --icmp-type echo-request -j LOG_PINGDEATH
|
|
48
|
+
iptables -A INPUT -d 255.255.255.255 -j DROP
|
|
49
|
+
iptables -A INPUT -d 224.0.0.1 -j DROP
|
|
50
|
+
iptables -A INPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset
|
|
51
|
+
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
|
|
52
|
+
iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
|
|
53
|
+
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
|
|
54
|
+
iptables -N LOGGING
|
|
55
|
+
iptables -A LOGGING -j LOG --log-level warning --log-prefix "DROP:" -m limit
|
|
56
|
+
iptables -A LOGGING -j DROP
|
|
57
|
+
iptables -A INPUT -j LOGGING
|
|
58
|
+
iptables -A FORWARD -j LOGGING
|
|
59
|
+
iptables-save
|
|
60
|
+
exit 0
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
APサーバー
|
|
64
|
+
/etc/network/interfaces
|
|
65
|
+
```ここに言語を入力
|
|
66
|
+
# This file describes the network interfaces available on your system
|
|
67
|
+
# and how to activate them. For more information, see interfaces(5).
|
|
68
|
+
|
|
69
|
+
# The loopback network interface
|
|
70
|
+
auto lo
|
|
71
|
+
iface lo inet loopback
|
|
72
|
+
|
|
73
|
+
# The primary network interface
|
|
74
|
+
auto eth0
|
|
75
|
+
iface eth0 inet static
|
|
76
|
+
address 192.168.0.2
|
|
77
|
+
netmask 255.255.255.0
|
|
78
|
+
```
|