Temporary IP address and mask settings:
Ifconfig
Ifconfig eth0 192.168.0.233 netmask 255.255.255.0
Temporary Gateway:
Route add-net 0 GW 192.168.0.100
Fixed IP
The Vim/etc/Network/interfaces content is as follows:
Auto eth0 eth1
Iface eth0 Inet static
Address 192.168.0.176
Netmask 255.255.255.0
Network 192.168.0.0
Broadcast 192.168.0.255
Gateway 192.168.0.1
DNS-nameservers 202.96.128.86
Iface eth1 Inet static
Address Internet IP Address
Netmask Internet mask
Internet network segment
Broadcast Internet broadcast address
Gateway Internet gateway
DNS-nameservers 202.96.128.86
Write apt Source
Deb http://debian.cn99.com/debian unstable main
Deb http://debian.cn99.com/debian/ stable main
Apt-Get dist-Upgrade
Apt-Get update
Install the compilation component
Apt-Get install gcc
Apt-Get install make
Apt-Get install curl
Apt-Get install Perl
Apt-Get install modules-init-Tools
Download kernel source code wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.18.3.tar.bz2
Download iptables wget http://ftp.netfilter.org/pub/iptables/iptables-1.3.6.tar.bz2
Download iptables patch wget http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/patch-o-matic-ng-20061124.tar.bz2
Decompress the package to/usr/src/
Tar-xvzf linux-2.6.18.3.tar.bz2/usr/src
Tar-xvzf iptables-1.3.6.tar.bz2/usr/src
Tar-xvzf patch-o-matic-ng-20061124.tar.bz2/usr/src
CD/usr/src/patch-o-matic-ng-20061124 patch directory
Export kernel_dir =/usr/src/2.6.18.3
Export iptables_dir =/usr/src/iptables-1.3.6
./Runme -- Download
./Runme connlimit only applies this connlimit patch.
Apt-Get install linux-headers-2.6.18-* Find the official Debian kernel
Apt-Get install linux-headers-2.6.18-3-686 download Debian official Kernel
CP/usr/src/linux-headers-2.6.18-3-686/. config/usr/src/linux-2.6.18.3 copy Debian official already set. config
CD linux-2.6.18.3
Make-menuconfig select Network ---- the newly added patch connlimit
Make
Make modules_install
Mkinitrd-O/boot/initrd. img-2.6.18 2.6.18.3
Copy System. Map to/boot
Renamed system. Map-2.6.18
Copy ARCH/i386/boot/bzimage to/boot
Bzimage renamed vmlinuz-2.6.18
Finally, add a new kernel to grub.
Vim/boot/GRUB/menu. List
Iptables-a forward-I eth0-P TCP -- syn-M connlimit -- connlimit-abve 25-J reject
Eth0 is the Intranet Nic here. Change it by yourself. Try connlimit
The following are some common commands for proxy routing:
Iptables-T Nat-A postrouting-s 192.168.0.0/24-O eth1-j snat -- to Internet IP address disguise
Iptables-P input TCP-dport 135-J Drop port
Echo 1>/proc/sys/NET/IPv4/ip_forward manually enable forwarding
Edit/etc/Network/options
Ip_forward = Yes
In this way, the forwarding function is automatically enabled every time the instance is started.
Edit/etc/rc. Local
Edit this file and write it to the firewall. Then, you can enable your own iptables policy every time you start the system.
Install iptraf traffic simple viewing tool
Apt-Get install iptraf