{"id":25440,"date":"2025-04-19T12:36:56","date_gmt":"2025-04-19T04:36:56","guid":{"rendered":"https:\/\/www.wsisp.com\/helps\/25440.html"},"modified":"2025-04-19T12:36:56","modified_gmt":"2025-04-19T04:36:56","slug":"%e7%ac%ac%e4%b9%9d%e7%ab%a0%e3%80%81%e9%98%b2%e7%81%ab%e5%a2%99%e4%b8%8e-nat-%e6%9c%8d%e5%8a%a1%e5%99%a8","status":"publish","type":"post","link":"https:\/\/www.wsisp.com\/helps\/25440.html","title":{"rendered":"\u7b2c\u4e5d\u7ae0\u3001\u9632\u706b\u5899\u4e0e NAT \u670d\u52a1\u5668"},"content":{"rendered":"<p><span style=\"color:#0000bb\"><span style=\"background-color:#ffffff\">9.1 \u8ba4\u8bc6\u9632\u706b\u5899<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7f51\u7edc\u5b89\u5168\u9664\u4e86\u968f\u65f6\u6ce8\u610f\u76f8\u5173\u8f6f\u4ef6\u7684\u6f0f\u6d1e\u4ee5\u53ca\u7f51\u7edc\u4e0a\u7684\u5b89\u5168\u901a\u62a5\u4e4b\u5916&#xff0c;\u4f60\u6700\u597d\u80fd\u591f\u4f9d\u636e\u81ea\u5df1\u7684\u73af\u5883\u6765\u8ba2\u5b9a\u9632\u706b\u5899\u673a\u5236&#xff01; \u8fd9\u6837\u5bf9\u4e8e\u4f60\u7684\u7f51\u7edc\u73af\u5883&#xff0c;\u4f1a\u6bd4\u8f83\u6709\u4fdd\u969c\u4e00\u70b9\u5594&#xff01;\u90a3\u4e48\u4ec0\u4e48\u662f\u9632\u706b\u5899\u5462&#xff1f;\u5176\u5b9e<span style=\"color:#000088\">\u9632\u706b\u5899\u5c31\u662f\u900f\u8fc7\u8ba2\u5b9a\u4e00\u4e9b\u6709\u987a\u5e8f\u7684\u89c4\u5219&#xff0c;\u5e76\u7ba1\u5236\u8fdb\u5165\u5230\u6211\u4eec\u7f51\u57df\u5185\u7684\u4e3b\u673a (\u6216\u8005\u53ef\u4ee5\u8bf4\u662f\u7f51\u57df) \u6570\u636e\u5c01\u5305\u7684\u4e00\u79cd\u673a\u5236<\/span>&#xff01;\u66f4\u5e7f\u4e49\u7684\u6765\u8bf4&#xff0c;<span style=\"color:#000088\">\u53ea\u8981\u80fd\u591f\u5206\u6790\u4e0e\u8fc7\u6ee4\u8fdb\u51fa\u6211\u4eec\u7ba1\u7406\u4e4b\u7f51\u57df\u7684\u5c01\u5305\u6570\u636e&#xff0c; \u5c31\u53ef\u4ee5\u79f0\u4e3a\u9632\u706b\u5899<\/span>\u3002<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u9632\u706b\u5899\u53c8\u53ef\u4ee5\u5206\u4e3a\u786c\u4ef6\u9632\u706b\u5899\u4e0e\u672c\u673a\u7684\u8f6f\u4ef6\u9632\u706b\u5899\u3002\u786c\u4ef6\u9632\u706b\u5899\u662f\u7531\u5382\u5546\u8bbe\u8ba1\u597d\u7684\u4e3b\u673a\u786c\u4ef6&#xff0c; \u8fd9\u90e8\u786c\u4ef6\u9632\u706b\u5899\u5185\u7684\u64cd\u4f5c\u7cfb\u7edf\u4e3b\u8981\u4ee5\u63d0\u4f9b\u5c01\u5305\u6570\u636e\u7684\u8fc7\u6ee4\u673a\u5236\u4e3a\u4e3b&#xff0c;\u5e76\u5c06\u5176\u4ed6\u4e0d\u5fc5\u8981\u7684\u529f\u80fd\u62ff\u6389\u3002\u56e0\u4e3a\u5355\u7eaf\u4f5c\u4e3a\u9632\u706b\u5899\u529f\u80fd\u800c\u5df2&#xff0c; \u56e0\u6b64\u5c01\u5305\u8fc7\u6ee4\u7684\u6548\u7387\u8f83\u4f73\u3002\u81f3\u4e8e\u8f6f\u4ef6\u9632\u706b\u5899\u5462&#xff1f;\u90a3\u5c31\u662f\u6211\u4eec\u8fd9\u4e2a\u7ae0\u8282\u8981\u6765\u8c08\u8bba\u7684\u554a&#xff01; \u8f6f\u4ef6\u9632\u706b\u5899\u672c\u8eab\u5c31\u662f\u5728\u4fdd\u62a4\u7cfb\u7edf\u7f51\u7edc\u5b89\u5168\u7684\u4e00\u5957\u8f6f\u4ef6(\u6216\u79f0\u4e3a\u673a\u5236)&#xff0c;\u4f8b\u5982 Netfilter \u4e0e TCP Wrappers \u90fd\u53ef\u4ee5\u79f0\u4e3a\u8f6f\u4ef6\u9632\u706b\u5899\u3002<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u65e0\u8bba\u600e\u4e48\u5206&#xff0c;\u53cd\u6b63\u9632\u706b\u5899\u5c31\u662f\u7528\u6765\u4fdd\u62a4\u6211\u4eec\u7f51\u7edc\u5b89\u5168\u7684\u549a\u549a\u5c31\u5bf9\u5566&#xff01;\u6211\u4eec\u8fd9\u4e2a\u7ae0\u8282\u4e3b\u8981\u5728\u4ecb\u7ecd Linux \u7cfb\u7edf\u672c\u8eab\u63d0\u4f9b\u7684\u8f6f\u4ef6\u9632\u706b\u5899\u7684\u529f\u80fd&#xff0c;\u90a3\u5c31\u662f Netfilter \u3002\u81f3\u4e8e TCP Wrappers \u867d\u7136\u5728\u57fa\u7840\u7bc7\u7684\u7b2c\u5341\u516b\u7ae0\u8ba4\u8bc6\u7cfb\u7edf\u670d\u52a1\u91cc\u9762\u8c08\u8fc7\u4e86&#xff0c;\u6211\u4eec\u8fd9\u91cc\u8fd8\u4f1a\u7a0d\u5fae\u7b80\u5355\u7684\u4ecb\u7ecd\u5566&#xff01;<\/span><\/span><\/p>\n<p> \u00a0 <\/p>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043647-6803285fbee23.jpg\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.1.1 \u5f00\u59cb\u4e4b\u524d\u6765\u4e2a\u63d0\u9192\u4e8b\u9879<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7531\u4e8e\u672c\u7ae0\u4e3b\u8981\u7684\u76ee\u7684\u5728\u4ecb\u7ecd Netfilter \u8fd9\u79cd\u5c01\u5305\u8fc7\u6ee4\u5f0f\u7684\u9632\u706b\u5899\u673a\u5236&#xff0c;\u56e0\u6b64\u7f51\u7edc\u57fa\u7840\u91cc\u9762\u7684\u8bb8\u591a\u5c01\u5305\u4e0e\u8baf\u6846\u7684\u6982\u5ff5\u8981\u975e\u5e38\u6e05\u695a&#xff0c; \u5305\u62ec\u7f51\u57df\u7684\u6982\u5ff5, IP \u7f51\u57df\u7684\u64b0\u5199\u65b9\u5f0f\u7b49&#xff0c;\u5747\u9700\u6709\u4e00\u5b9a\u7684\u57fa\u7840\u624d\u884c\u3002\u8bf7\u5230\u7b2c\u4e8c\u7ae0\u52a0\u5f3a\u4e00\u4e0b\u00a0MAC,\u00a0IP,\u00a0ICMP,\u00a0TCP,\u00a0UDP\u00a0\u7b49\u5c01\u5305\u8868\u5934\u6570\u636e\u7684\u8ba4\u8bc6&#xff0c;\u4ee5\u53ca Network\/Netmask \u7684\u6574\u4f53\u7f51\u57df (CIDR) \u5199\u6cd5\u7b49\u3002<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u53e6\u5916&#xff0c;\u867d\u7136 Netfilter \u673a\u5236\u53ef\u4ee5\u900f\u8fc7 iptables \u6307\u4ee4\u7684\u65b9\u5f0f\u6765\u8fdb\u884c\u89c4\u5219\u7684\u6392\u5e8f\u4e0e\u4fee\u6539&#xff0c;\u4e0d\u8fc7\u9e1f\u54e5\u5efa\u8bae\u4f60\u5229\u7528 shell script \u6765\u64b0\u5199\u5c5e\u4e8e\u4f60\u81ea\u5df1\u7684\u9632\u706b\u5899\u673a\u5236\u6bd4\u8f83\u597d&#xff0c;\u56e0\u4e3a\u5bf9\u4e8e\u89c4\u5219\u7684\u6392\u5e8f\u4e0e\u6c47\u6574\u6709\u6bd4\u8f83\u597d\u7684\u89c2\u5bdf\u6027&#xff0c; \u53ef\u4ee5\u8ba9\u4f60\u7684\u9632\u706b\u5899\u89c4\u5219\u6bd4\u8f83\u6e05\u6670\u4e00\u70b9\u3002\u6240\u4ee5\u5728\u4f60\u5f00\u59cb\u4e86\u89e3\u5e95\u4e0b\u7684\u8d44\u6599\u4e4b\u524d&#xff0c;\u5e0c\u671b\u4f60\u53ef\u4ee5\u5148\u9605\u8bfb\u8fc7\u76f8\u5173\u7684\u6570\u636e\u4e86&#xff1a;<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5df2\u7ecf\u8ba4\u8bc6\u00a0Shell\u00a0\u4ee5\u53ca\u00a0Shell script&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5df2\u7ecf\u9605\u8bfb\u8fc7\u7b2c\u4e8c\u7ae0\u7f51\u7edc\u57fa\u7840\u7684\u5185\u5bb9&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5df2\u7ecf\u9605\u8bfb\u8fc7\u7b2c\u4e03\u7ae0\u8ba4\u8bc6\u7f51\u7edc\u5b89\u5168\u7684\u5185\u5bb9&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5df2\u7ecf\u9605\u8bfb\u8fc7\u7b2c\u516b\u7ae0\u8def\u7531\u5668\u7684\u5185\u5bb9&#xff0c;\u4e86\u89e3\u91cd\u8981\u7684\u8def\u7531\u6982\u5ff5&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6700\u597d\u62e5\u6709\u4e24\u90e8\u4e3b\u673a\u4ee5\u4e0a\u7684\u5c0f\u578b\u5c40\u57df\u7f51\u7edc\u73af\u5883&#xff0c;\u4ee5\u65b9\u4fbf\u6d4b\u8bd5\u9632\u706b\u5899&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u505a\u4e3a\u533a\u57df\u9632\u706b\u5899\u7684 Linux \u4e3b\u673a\u6700\u597d\u6709\u4e24\u5f20\u5b9e\u4f53\u7f51\u5361&#xff0c;\u53ef\u4ee5\u8fdb\u884c\u591a\u79cd\u6d4b\u8bd5&#xff0c;\u5e76\u67b6\u8bbe NAT \u670d\u52a1\u5668&#xff1b;<\/span><\/span><\/li>\n<\/ul>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043648-6803286022a4f.jpg\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.1.2 \u4e3a\u4f55\u9700\u8981\u9632\u706b\u5899<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4ed4\u7ec6\u5206\u6790\u7b2c\u4e03\u7ae0\u7684\u56fe 7.1-1\u00a0\u53ef\u4ee5\u53d1\u73b0&#xff0c; \u5c01\u5305\u8fdb\u5165\u672c\u673a\u65f6&#xff0c;\u4f1a\u901a\u8fc7\u9632\u706b\u5899\u3001\u670d\u52a1\u5668\u8f6f\u4ef6\u7a0b\u5e8f\u3001SELinux\u4e0e\u6587\u4ef6\u7cfb\u7edf\u7b49\u3002\u6240\u4ee5\u57fa\u672c\u4e0a&#xff0c;\u5982\u679c\u4f60\u7684\u7cfb\u7edf\u00a0<span style=\"color:#000088\">(1)\u5df2\u7ecf\u5173\u95ed\u4e0d\u9700\u8981\u800c\u4e14\u5371\u9669\u7684\u670d\u52a1&#xff1b; (2)\u5df2\u7ecf\u5c06\u6574\u4e2a\u7cfb\u7edf\u7684\u6240\u6709\u8f6f\u4ef6\u90fd\u4fdd\u6301\u5728\u6700\u65b0\u7684\u72b6\u6001&#xff1b; (3)\u6743\u9650\u8bbe\u5b9a\u59a5\u5f53\u4e14\u5b9a\u65f6\u8fdb\u884c\u5907\u4efd\u5de5\u4f5c&#xff1b; (4)\u5df2\u7ecf\u6559\u80b2\u7528\u6237\u5177\u6709\u826f\u597d\u7684\u7f51\u7edc\u3001\u7cfb\u7edf\u64cd\u4f5c\u4e60\u60ef<\/span>\u3002 \u90a3\u4e48\u4f60\u7684\u7cfb\u7edf\u5b9e\u9645\u4e0a\u5df2\u7ecf\u9887\u4e3a\u5b89\u5168\u4e86&#xff01;\u8981\u4e0d\u8981\u67b6\u8bbe\u9632\u706b\u5899&#xff1f;\u90a3\u5c31\u89c1\u4ec1\u89c1\u667a\u5570&#xff01;<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e0d\u8fc7&#xff0c;\u6bd5\u7adf\u7f51\u7edc\u4e16\u754c\u662f\u5f88\u590d\u6742\u7684&#xff0c;\u800c Linux \u4e3b\u673a\u4e5f\u4e0d\u662f\u4e00\u4e2a\u7b80\u5355\u7684\u4e1c\u897f&#xff0c;\u8bf4\u4e0d\u5b9a\u54ea\u4e00\u5929\u4f60\u5728\u8fdb\u884c\u67d0\u4e2a\u8f6f\u4ef6\u7684\u6d4b\u8bd5\u65f6&#xff0c; \u4e3b\u673a\u7a81\u7136\u95f4\u5c31\u542f\u52a8\u4e86\u4e00\u4e2a\u7f51\u7edc\u670d\u52a1&#xff0c;\u5982\u679c\u4f60\u6ca1\u6709\u7ba1\u5236\u8be5\u670d\u52a1\u7684\u4f7f\u7528\u8303\u56f4&#xff0c;\u90a3\u4e48\u8be5\u670d\u52a1\u5c31\u7b49\u4e8e\u5bf9\u6240\u6709 Internet \u5f00\u653e&#xff0c; \u90a3\u5c31\u9ebb\u70e6\u4e86&#xff01;\u56e0\u4e3a\u8be5\u670d\u52a1\u53ef\u80fd\u53ef\u4ee5\u5141\u8bb8\u4efb\u4f55\u4eba\u767b\u5165\u4f60\u7684\u7cfb\u7edf&#xff0c;\u90a3\u4e0d\u662f\u633a\u5371\u9669&#xff1f;<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6240\u4ee5\u5570&#xff0c;\u9632\u706b\u5899\u80fd\u4f5c\u4ec0\u4e48\u5462&#xff1f;<span style=\"color:#000088\">\u9632\u706b\u5899\u6700\u5927\u7684\u529f\u80fd\u5c31\u662f\u5e2e\u52a9\u4f60\u300e\u9650\u5236\u67d0\u4e9b\u670d\u52a1\u7684\u5b58\u53d6\u6765\u6e90\u300f<\/span>&#xff01; \u4e3e\u4f8b\u6765\u8bf4&#xff1a; (1)\u4f60\u53ef\u4ee5\u9650\u5236\u6587\u4ef6\u4f20\u8f93\u670d\u52a1 (FTP) \u53ea\u5728\u5b50\u57df\u5185\u7684\u4e3b\u673a\u624d\u80fd\u591f\u4f7f\u7528&#xff0c;\u800c\u4e0d\u5bf9\u6574\u4e2a Internet \u5f00\u653e&#xff1b; (2)\u4f60\u53ef\u4ee5\u9650\u5236\u6574\u90e8 Linux \u4e3b\u673a\u4ec5\u53ef\u4ee5\u63a5\u53d7\u5ba2\u6237\u7aef\u7684 WWW \u8981\u6c42&#xff0c;\u5176\u4ed6\u7684\u670d\u52a1\u90fd\u5173\u95ed&#xff1b; (3)\u4f60\u8fd8\u53ef\u4ee5\u9650\u5236\u6574\u90e8\u4e3b\u673a\u4ec5\u80fd\u4e3b\u52a8\u5bf9\u5916\u8054\u673a\u3002\u53cd\u8fc7\u6765\u8bf4&#xff0c;\u82e5\u6709\u5ba2\u6237\u7aef\u5bf9\u6211\u4eec\u4e3b\u673a\u53d1\u9001\u4e3b\u52a8\u8054\u673a\u7684\u5c01\u5305\u72b6\u6001 (TCP \u5c01\u5305\u7684 SYN flag) \u5c31\u4e88\u4ee5\u62b5\u6321\u7b49\u7b49\u3002\u8fd9\u4e9b\u5c31\u662f\u6700\u4e3b\u8981\u7684\u9632\u706b\u5899\u529f\u80fd\u4e86&#xff01;<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6240\u4ee5\u9e1f\u54e5\u8ba4\u4e3a&#xff0c;\u9632\u706b\u5899\u6700\u91cd\u8981\u7684\u4efb\u52a1\u5c31\u662f\u5728\u89c4\u5212\u51fa&#xff1a;<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5207\u5272\u88ab\u4fe1\u4efb(\u5982\u5b50\u57df)\u4e0e\u4e0d\u88ab\u4fe1\u4efb(\u5982 Internet)\u7684\u7f51\u6bb5&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5212\u5206\u51fa\u53ef\u63d0\u4f9b Internet \u7684\u670d\u52a1\u4e0e\u5fc5\u987b\u53d7\u4fdd\u62a4\u7684\u670d\u52a1&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5206\u6790\u51fa\u53ef\u63a5\u53d7\u4e0e\u4e0d\u53ef\u63a5\u53d7\u7684\u5c01\u5305\u72b6\u6001&#xff1b;<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5f53\u7136\u5566&#xff0c;\u54b1\u4eec Linux \u7684 iptables \u9632\u706b\u5899\u8f6f\u4ef6\u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u7ec6\u90e8\u6df1\u5165\u7684 NAT (Network Address Translation) \u7684\u8bbe\u5b9a&#xff0c;\u5e76\u8fdb\u884c\u66f4\u5f39\u6027\u7684 IP \u5c01\u5305\u4f2a\u88c5\u529f\u80fd&#xff0c;\u4e0d\u8fc7&#xff0c;\u5bf9\u4e8e\u5355\u4e00\u4e3b\u673a\u7684\u9632\u706b\u5899\u6765\u8bf4&#xff0c; \u6700\u7b80\u5355\u7684\u4efb\u52a1\u8fd8\u662f\u4e0a\u9762\u90a3\u4e09\u9879\u5c31\u662f\u4e86&#xff01;\u6240\u4ee5&#xff0c;\u4f60\u9700\u4e0d\u9700\u8981\u9632\u706b\u5899\u5462&#xff1f;\u7406\u8bba\u4e0a&#xff0c;\u5f53\u7136\u9700\u8981&#xff01; \u800c\u4e14\u4f60\u5fc5\u987b\u8981\u77e5\u9053\u300e\u4f60\u7684\u7cfb\u7edf\u54ea\u4e9b\u6570\u636e\u4e0e\u670d\u52a1\u9700\u8981\u4fdd\u62a4\u300f&#xff0c;\u9488\u5bf9\u9700\u8981\u53d7\u4fdd\u62a4\u7684\u670d\u52a1\u6765\u8bbe\u5b9a\u9632\u706b\u5899\u7684\u89c4\u5219\u5427&#xff01; \u5e95\u4e0b\u6211\u4eec\u5148\u6765\u8c08\u4e00\u8c08&#xff0c;\u90a3\u5728 Linux \u4e0a\u5934\u5e38\u89c1\u7684\u9632\u706b\u5899\u7c7b\u578b\u6709\u54ea\u4e9b&#xff1f;<\/span><\/span><\/p>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043648-680328607c833.jpg\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.1.3 Linux \u7cfb\u7edf\u4e0a\u9632\u706b\u5899\u7684\u4e3b\u8981\u7c7b\u522b<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u57fa\u672c\u4e0a&#xff0c;\u4f9d\u636e\u9632\u706b\u5899\u7ba1\u7406\u7684\u8303\u56f4&#xff0c;\u6211\u4eec\u53ef\u4ee5\u5c06\u9632\u706b\u5899\u533a\u5206\u4e3a\u7f51\u57df\u578b\u4e0e\u5355\u4e00\u4e3b\u673a\u578b\u7684\u63a7\u7ba1\u3002\u5728\u5355\u4e00\u4e3b\u673a\u578b\u7684\u63a7\u7ba1\u65b9\u9762&#xff0c; \u4e3b\u8981\u7684\u9632\u706b\u5899\u6709\u5c01\u5305\u8fc7\u6ee4\u578b\u7684 Netfilter \u4e0e\u4f9d\u636e\u670d\u52a1\u8f6f\u4ef6\u7a0b\u5e8f\u4f5c\u4e3a\u5206\u6790\u7684 TCP Wrappers \u4e24\u79cd\u3002\u82e5\u4ee5\u533a\u57df\u578b\u7684\u9632\u706b\u5899\u800c\u8a00&#xff0c; \u7531\u4e8e\u6b64\u7c7b\u9632\u706b\u5899\u90fd\u662f\u5f53\u4f5c\u8def\u7531\u5668\u89d2\u8272&#xff0c;\u56e0\u6b64\u9632\u706b\u5899\u7c7b\u578b\u4e3b\u8981\u5219\u6709\u5c01\u5305\u8fc7\u6ee4\u7684 Netfilter \u4e0e\u5229\u7528\u4ee3\u7406\u670d\u52a1\u5668 (proxy server) \u8fdb\u884c\u5b58\u53d6\u4ee3\u7406\u7684\u65b9\u5f0f\u4e86\u3002<\/span><\/span> \u00a0<\/p>\n<ul>\n<li>\n<hr \/>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">Netfilter (\u5c01\u5305\u8fc7\u6ee4\u673a\u5236)<\/span> \u6240\u8c13\u7684\u5c01\u5305\u8fc7\u6ee4&#xff0c;\u4ea6\u5373\u662f\u5206\u6790\u8fdb\u5165\u4e3b\u673a\u7684\u7f51\u7edc\u5c01\u5305&#xff0c;\u5c06\u5c01\u5305\u7684\u8868\u5934\u6570\u636e\u6349\u51fa\u6765\u8fdb\u884c\u5206\u6790&#xff0c;\u4ee5\u51b3\u5b9a\u8be5\u8054\u673a\u4e3a\u653e\u884c\u6216\u62b5\u6321\u7684\u673a\u5236\u3002 \u7531\u4e8e\u8fd9\u79cd\u65b9\u5f0f\u53ef\u4ee5\u76f4\u63a5\u5206\u6790\u5c01\u5305\u8868\u5934\u6570\u636e&#xff0c;\u6240\u4ee5\u5305\u62ec\u786c\u4ef6\u5730\u5740(MAC), \u8f6f\u4ef6\u5730\u5740 (IP), TCP, UDP, ICMP \u7b49\u5c01\u5305\u7684\u4fe1\u606f\u90fd\u53ef\u4ee5\u8fdb\u884c\u8fc7\u6ee4\u5206\u6790\u7684\u529f\u80fd&#xff0c;\u56e0\u6b64\u7528\u9014\u975e\u5e38\u7684\u5e7f\u6cdb\u3002(\u5176\u5b9e\u4e3b\u8981\u5206\u6790\u7684\u662f OSI \u4e03\u5c42\u534f\u8bae\u7684 2, 3, 4 \u5c42\u5566) \u5728 Linux \u4e0a\u9762\u6211\u4eec\u4f7f\u7528\u6838\u5fc3\u5185\u5efa\u7684 Netfilter \u8fd9\u4e2a\u673a\u5236&#xff0c;\u800c Netfilter \u63d0\u4f9b\u4e86 iptables \u8fd9\u4e2a\u8f6f\u4ef6\u6765\u4f5c\u4e3a\u9632\u706b\u5899\u5c01\u5305\u8fc7\u6ee4\u7684\u6307\u4ee4\u3002\u7531\u4e8e Netfilter \u662f\u6838\u5fc3\u5185\u5efa\u7684\u529f\u80fd&#xff0c;\u56e0\u6b64\u4ed6\u7684\u6548\u7387\u975e\u5e38\u7684\u9ad8&#xff01; \u975e\u5e38\u9002\u5408\u4e8e\u4e00\u822c\u5c0f\u578b\u73af\u5883\u7684\u8bbe\u5b9a\u5462&#xff01;Netfilter \u5229\u7528\u4e00\u4e9b\u5c01\u5305\u8fc7\u6ee4\u7684\u89c4\u5219\u8bbe\u5b9a&#xff0c;\u6765\u5b9a\u4e49\u51fa\u4ec0\u4e48\u8d44\u6599\u53ef\u4ee5\u63a5\u6536&#xff0c; \u4ec0\u4e48\u6570\u636e\u9700\u8981\u5254\u9664&#xff0c;\u4ee5\u8fbe\u5230\u4fdd\u62a4\u4e3b\u673a\u7684\u76ee\u7684\u5594&#xff01;<\/span><\/span> \u00a0<\/li>\n<li>\n<hr \/>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">TCP Wrappers (\u7a0b\u5e8f\u63a7\u7ba1)<\/span> \u53e6\u4e00\u79cd\u62b5\u6321\u5c01\u5305\u8fdb\u5165\u7684\u65b9\u6cd5&#xff0c;\u4e3a\u900f\u8fc7\u670d\u52a1\u5668\u7a0b\u5e8f\u7684\u5916\u6302 (tcpd) \u6765\u5904\u7f6e\u7684&#xff01;\u4e0e\u5c01\u5305\u8fc7\u6ee4\u4e0d\u540c\u7684\u662f&#xff0c; \u8fd9\u79cd\u673a\u5236\u4e3b\u8981\u662f\u5206\u6790\u8c01\u5bf9\u67d0\u7a0b\u5e8f\u8fdb\u884c\u5b58\u53d6&#xff0c;\u7136\u540e\u900f\u8fc7\u89c4\u5219\u53bb\u5206\u6790\u8be5\u670d\u52a1\u5668\u7a0b\u5e8f\u8c01\u80fd\u591f\u8054\u673a\u3001\u8c01\u4e0d\u80fd\u8054\u673a\u3002 \u7531\u4e8e\u4e3b\u8981\u662f\u900f\u8fc7\u5206\u6790\u670d\u52a1\u5668\u7a0b\u5e8f\u6765\u63a7\u7ba1&#xff0c;<span style=\"color:#000088\">\u56e0\u6b64\u4e0e\u542f\u52a8\u7684\u57e0\u53e3\u65e0\u5173&#xff0c;\u53ea\u4e0e\u7a0b\u5e8f\u7684\u540d\u79f0\u6709\u5173<\/span>\u3002 \u4e3e\u4f8b\u6765\u8bf4&#xff0c;\u6211\u4eec\u77e5\u9053 FTP \u53ef\u4ee5\u542f\u52a8\u5728\u975e\u6b63\u89c4\u7684 port 21 \u8fdb\u884c\u76d1\u542c&#xff0c;\u5f53\u4f60\u900f\u8fc7 Linux \u5185\u5efa\u7684 TCP wrappers \u9650\u5236 FTP \u65f6&#xff0c; \u90a3\u4e48\u4f60\u53ea\u8981\u77e5\u9053 FTP \u7684\u8f6f\u4ef6\u540d\u79f0 (vsftpd) &#xff0c;\u7136\u540e\u5bf9\u4ed6\u4f5c\u9650\u5236&#xff0c;\u5219\u4e0d\u7ba1 FTP \u542f\u52a8\u5728\u54ea\u4e2a\u57e0\u53e3&#xff0c;\u90fd\u4f1a\u88ab\u8be5\u89c4\u5219\u7ba1\u7406\u7684\u3002<\/span><\/span> \u00a0<\/li>\n<li>\n<hr \/>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">Proxy (\u4ee3\u7406\u670d\u52a1\u5668)<\/span> \u5176\u5b9e\u4ee3\u7406\u670d\u52a1\u5668\u662f\u4e00\u79cd\u7f51\u7edc\u670d\u52a1&#xff0c;\u5b83\u53ef\u4ee5\u300e\u4ee3\u7406\u300f\u7528\u6237\u7684\u9700\u6c42&#xff0c;\u800c\u4ee3\u4e3a\u524d\u5f80\u670d\u52a1\u5668\u53d6\u5f97\u76f8\u5173\u7684\u8d44\u6599\u3002\u5c31\u6709\u70b9\u50cf\u5e95\u4e0b\u8fd9\u4e2a\u56fe\u793a\u5427&#xff1a;<\/span><\/span> \u00a0 <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"Proxy Server \u7684\u8fd0\u4f5c\u539f\u7406\u7b80\u4ecb\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043648-68032860d4a2b.jpg\" width=\"534\" \/><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u56fe 9.1-1\u3001Proxy Server \u7684\u8fd0\u4f5c\u539f\u7406\u7b80\u4ecb<\/span><\/span> \u00a0<\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4ee5\u4e0a\u56fe\u4e3a\u4f8b&#xff0c;\u5f53 Client \u7aef\u60f3\u8981\u524d\u5f80 Internet \u53d6\u5f97 Google \u7684\u6570\u636e\u65f6&#xff0c;\u4ed6\u53d6\u5f97\u6570\u636e\u7684\u6d41\u7a0b\u662f\u8fd9\u6837\u7684&#xff1a;<\/span><\/span> \u00a0 <\/p>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">client \u4f1a\u5411 proxy server \u8981\u6c42\u6570\u636e&#xff0c;\u8bf7 proxy \u5e2e\u5fd9\u5904\u7406&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">proxy \u53ef\u4ee5\u5206\u6790\u4f7f\u7528\u8005\u7684 IP \u6765\u6e90\u662f\u5426\u5408\u6cd5&#xff1f;\u4f7f\u7528\u8005\u60f3\u8981\u53bb\u7684 Google \u670d\u52a1\u5668\u662f\u5426\u5408\u6cd5&#xff1f; \u5982\u679c\u8fd9\u4e2a client \u7684\u8981\u6c42\u90fd\u5408\u6cd5\u7684\u8bdd&#xff0c;\u90a3\u4e48 proxy \u5c31\u4f1a\u4e3b\u52a8\u7684\u5e2e\u5fd9 client \u524d\u5f80 Google \u53d6\u5f97\u8d44\u6599&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">Google \u6240\u56de\u4f20\u7684\u6570\u636e\u662f\u4f20\u7ed9 proxy server \u7684\u5594&#xff0c;\u6240\u4ee5 Google \u670d\u52a1\u5668\u4e0a\u9762\u770b\u5230\u7684\u662f proxy server \u7684 IP \u5570&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6700\u540e proxy \u5c06 Google \u56de\u4f20\u7684\u6570\u636e\u9001\u7ed9 client\u3002<\/span><\/span><\/li>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u8fd9\u6837\u4e86\u89e3\u4e86\u5417&#xff1f;\u6ca1\u9519&#xff0c; client \u5e76\u6ca1\u6709\u76f4\u63a5\u8fde\u4e0a Internet &#xff0c;\u6240\u4ee5\u5728\u5b9e\u7ebf\u90e8\u5206(\u6b65\u9aa4 1, 4)\u53ea\u8981 Proxy \u4e0e Client \u53ef\u4ee5\u8054\u673a\u5c31\u53ef\u4ee5\u4e86&#xff01;\u6b64\u65f6 client \u751a\u81f3\u4e0d\u9700\u8981\u62e5\u6709 public IP \u54e9&#xff01;\u800c\u5f53\u6709\u4eba\u60f3\u8981\u653b\u51fb client \u7aef\u7684\u4e3b\u673a\u65f6&#xff0c; \u9664\u975e\u4ed6\u80fd\u591f\u653b\u7834 Proxy server &#xff0c;\u5426\u5219\u662f\u65e0\u6cd5\u4e0e client \u8054\u673a\u7684\u5566&#xff01; \u53e6\u5916&#xff0c;\u4e00\u822c proxy \u4e3b\u673a\u901a\u5e38\u4ec5\u5f00\u653e port 80, 21, 20 \u7b49 WWW \u4e0e FTP \u7684\u57e0\u53e3\u800c\u5df2&#xff0c;\u800c\u4e14\u901a\u5e38 Proxy \u5c31\u67b6\u8bbe\u5728\u8def\u7531\u5668\u4e0a\u9762&#xff0c;\u56e0\u6b64\u53ef\u4ee5\u5b8c\u6574\u7684\u638c\u63a7\u5c40\u57df\u7f51\u7edc\u5185\u7684\u5bf9\u5916\u8054\u673a&#xff01;\u8ba9\u4f60\u7684 LAN \u53d8\u7684\u66f4\u5b89\u5168\u554a&#xff01; \u7531\u4e8e\u4e00\u822c\u5c0f\u578b\u7f51\u7edc\u73af\u5883\u5f88\u5c11\u4f1a\u7528\u5230\u4ee3\u7406\u670d\u52a1\u5668&#xff0c;\u56e0\u6b64\u672c\u4e66\u5e76\u6ca1\u6709\u8c08\u5230 proxy server \u7684\u8bbe\u5b9a&#xff0c;\u6709\u5174\u8da3\u7684\u8bdd\u53ef\u4ee5\u53c2\u8003\u4e00\u4e0b\u7b2c\u5341\u4e03\u7ae0 squid\u00a0(\u6ce81) \u8fd9\u4e2a\u8f6f\u4ef6\u7684\u5b98\u7f51\u6216 google \u4e00\u4e0b\u5427&#xff01;<\/span><\/span> \u00a0<\/li>\n<\/ul>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043649-68032861394f4.jpg\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.1.4 \u9632\u706b\u5899\u7684\u4e00\u822c\u7f51\u7edc\u5e03\u7ebf\u793a\u610f<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7531\u524d\u9762\u7684\u8bf4\u660e\u5f53\u4e2d&#xff0c;\u4f60\u5e94\u8be5\u53ef\u4ee5\u4e86\u89e3\u5230\u4e00\u4ef6\u4e8b&#xff0c;\u90a3\u5c31\u662f\u9632\u706b\u5899\u9664\u4e86\u53ef\u4ee5\u300e<span style=\"color:#000088\">\u4fdd\u62a4\u9632\u706b\u5899\u673a\u5236\u672c\u8eab\u6240\u5728\u7684\u90a3\u90e8\u4e3b\u673a<\/span>\u300f\u4e4b\u5916&#xff0c;\u8fd8\u53ef\u4ee5\u300e<span style=\"color:#000088\">\u4fdd\u62a4\u9632\u706b\u5899\u540e\u9762\u7684\u4e3b\u673a<\/span>\u300f\u3002\u4e5f\u5c31\u662f\u8bf4&#xff0c;\u9632\u706b\u5899\u9664\u4e86\u53ef\u4ee5\u9632\u5907\u672c\u673a\u88ab\u5165\u4fb5\u4e4b\u5916&#xff0c;\u00a0<span style=\"color:#000088\">\u4ed6\u8fd8\u53ef\u4ee5\u67b6\u8bbe\u5728\u8def\u7531\u5668\u4e0a\u9762\u85c9\u4ee5\u63a7\u7ba1\u8fdb\u51fa\u672c\u5730\u7aef\u7f51\u57df\u7684\u7f51\u7edc\u5c01\u5305<\/span>\u3002 \u8fd9\u79cd\u89c4\u5212\u5bf9\u4e8e\u5185\u90e8\u79c1\u6709\u7f51\u57df\u7684\u5b89\u5168\u4e5f\u6709\u4e00\u5b9a\u7a0b\u5ea6\u7684\u4fdd\u62a4\u4f5c\u7528\u5462&#xff01;\u5e95\u4e0b\u6211\u4eec\u7a0d\u5fae\u8c08\u4e00\u8c08\u76ee\u524d\u5e38\u89c1\u7684\u9632\u706b\u5899\u4e0e\u7f51\u7edc\u5e03\u7ebf\u7684\u914d\u7f6e\u5427&#xff1a;<\/span><\/span><\/p>\n<ul>\n<li>\n<hr \/>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\u5355\u4e00\u7f51\u57df&#xff0c;\u4ec5\u6709\u4e00\u4e2a\u8def\u7531\u5668&#xff1a;<\/span> \u9632\u706b\u5899\u9664\u4e86\u53ef\u4ee5\u4f5c\u4e3a Linux \u672c\u673a\u7684\u57fa\u672c\u9632\u62a4\u4e4b\u5916&#xff0c;\u4ed6\u8fd8\u53ef\u4ee5\u67b6\u8bbe\u5728\u8def\u7531\u5668\u4e0a\u9762\u4ee5\u7ba1\u63a7\u6574\u4e2a\u5c40\u57df\u7f51\u7edc\u7684\u5c01\u5305\u8fdb\u51fa\u3002 \u56e0\u6b64&#xff0c;\u5728\u8fd9\u7c7b\u7684\u9632\u706b\u5899\u4e0a\u5934\u901a\u5e38\u81f3\u5c11\u9700\u8981\u6709\u4e24\u4e2a\u63a5\u53e3&#xff0c;\u5c06\u53ef\u4fe1\u4efb\u7684\u5185\u90e8\u4e0e\u4e0d\u53ef\u4fe1\u4efb\u7684 Internet \u5206\u5f00&#xff0c; \u6240\u4ee5\u53ef\u4ee5\u5206\u522b\u8bbe\u5b9a\u4e24\u5757\u7f51\u7edc\u63a5\u53e3\u7684\u9632\u706b\u5899\u89c4\u5219\u5566&#xff01;\u7b80\u5355\u7684\u73af\u5883\u5982\u540c\u4e0b\u5217\u56fe 9.1-2 \u6240\u793a\u3002 \u5728\u56fe 9.1-2 \u4e2d&#xff0c;\u7531\u4e8e\u9632\u706b\u5899\u662f\u8bbe\u5b9a\u5728\u6240\u6709\u7f51\u7edc\u5c01\u5305\u90fd\u4f1a\u7ecf\u8fc7\u7684\u8def\u7531\u5668\u4e0a\u5934&#xff0c; \u56e0\u6b64\u8fd9\u4e2a\u9632\u706b\u5899\u53ef\u4ee5\u5f88\u8f7b\u6613\u7684\u5c31\u638c\u63a7\u5230\u5c40\u57df\u7f51\u7edc\u5185\u7684\u6240\u6709\u5c01\u5305&#xff0c; \u800c\u4e14\u4f60\u53ea\u8981\u7ba1\u7406\u8fd9\u90e8\u9632\u706b\u5899\u4e3b\u673a&#xff0c;\u5c31\u53ef\u4ee5\u5f88\u8f7b\u6613\u7684\u5c06\u6765\u81ea Internet \u7684\u4e0d\u826f\u7f51\u7edc\u5c01\u5305\u62b5\u6321\u6389\u5436\u3002 \u53ea\u8981\u7ba1\u7406\u4e00\u90e8\u4e3b\u673a\u5c31\u80fd\u591f\u9020\u798f\u6574\u7684 LAN \u91cc\u9762\u7684 PC&#xff0c;\u5f88\u5212\u7b97\u7684\u5566\u3002 \u5982\u679c\u4f60\u60f3\u8981\u5c06\u5c40\u57df\u7f51\u7edc\u63a7\u7ba1\u7684\u66f4\u4e25\u683c\u7684\u8bdd&#xff0c;\u90a3\u4f60\u751a\u81f3\u53ef\u4ee5\u5728\u8fd9\u90e8 Linux \u9632\u706b\u5899\u4e0a\u9762\u67b6\u8bbe\u66f4\u4e25\u683c\u7684\u4ee3\u7406\u670d\u52a1\u5668&#xff0c; \u8ba9\u5ba2\u6237\u7aef\u4ec5\u80fd\u8fde\u4e0a\u4f60\u6240\u5f00\u653e\u7684 WWW \u670d\u52a1\u5668\u800c\u5df2&#xff0c;\u800c\u4e14\u8fd8\u53ef\u4ee5\u900f\u8fc7\u4ee3\u7406\u670d\u52a1\u5668\u7684\u767b\u5f55\u6587\u4ef6\u5206\u6790\u529f\u80fd&#xff0c; \u660e\u786e\u7684\u67e5\u51fa\u6765\u90a3\u4e2a\u4f7f\u7528\u8005\u5728\u67d0\u4e2a\u65f6\u95f4\u70b9\u66fe\u7ecf\u8fde\u4e0a\u54ea\u4e9b WWW \u670d\u52a1\u5668&#xff0c;\u4f60\u77a7\u77a7&#xff01;\u5389\u5bb3\u5427&#xff01; \u5982\u679c\u5728\u8fd9\u4e2a\u9632\u706b\u5899\u4e0a\u9762\u518d\u52a0\u88c5\u7c7b\u4f3c\u00a0MRTG\u00a0\u7684\u6d41\u91cf\u76d1\u63a7\u8f6f\u4ef6&#xff0c;\u8fd8\u80fd\u9488\u5bf9\u6574\u4e2a\u7f51\u57df\u7684\u6d41\u91cf\u8fdb\u884c\u76d1\u6d4b\u3002\u8fd9\u6837\u914d\u7f6e\u7684\u4f18\u70b9\u662f&#xff1a;<\/span><\/span> \u00a0 <\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u56e0\u4e3a\u5185\u5916\u7f51\u57df\u5df2\u7ecf\u5206\u5f00&#xff0c;\u6240\u4ee5\u5b89\u5168\u7ef4\u62a4\u5728\u5185\u90e8\u53ef\u4ee5\u5f00\u653e\u7684\u6743\u9650\u8f83\u5927&#xff01;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5b89\u5168\u673a\u5236\u7684\u8bbe\u5b9a\u53ef\u4ee5\u9488\u5bf9 Linux \u9632\u706b\u5899\u4e3b\u673a\u6765\u7ef4\u62a4\u5373\u53ef&#xff01;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5bf9\u5916\u53ea\u770b\u7684\u5230 Linux \u9632\u706b\u5899\u4e3b\u673a&#xff0c;\u6240\u4ee5\u5bf9\u4e8e\u5185\u90e8\u53ef\u4ee5\u8fbe\u5230\u6709\u6548\u7684\u5b89\u5168\u9632\u62a4&#xff01;<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5355\u4e00\u7f51\u57df&#xff0c;\u4ec5\u6709\u4e00\u4e2a\u8def\u7531\u5668\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043649-68032861925d9.jpg\" width=\"534\" \/><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u56fe 9.1-2\u3001\u5355\u4e00\u7f51\u57df&#xff0c;\u4ec5\u6709\u4e00\u4e2a\u8def\u7531\u5668\u7684\u73af\u5883\u793a\u610f\u56fe<\/span><\/span><\/p>\n<\/li>\n<li>\n<hr \/>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\u5185\u90e8\u7f51\u7edc\u5305\u542b\u5b89\u5168\u6027\u66f4\u9ad8\u7684\u5b50\u7f51&#xff0c;\u9700\u5185\u90e8\u9632\u706b\u5899\u5207\u5f00\u5b50\u7f51&#xff1a;<\/span> \u4e00\u822c\u6765\u8bf4&#xff0c;\u6211\u4eec\u7684\u9632\u706b\u5899\u5bf9\u4e8e LAN \u7684\u9632\u5907\u90fd\u4e0d\u4f1a\u8bbe\u5b9a\u7684\u5f88\u4e25\u683c&#xff0c;\u56e0\u4e3a\u662f\u6211\u4eec\u81ea\u5df1\u7684 LAN \u561b&#xff01;\u6240\u4ee5\u662f\u4fe1\u4efb\u7f51\u57df\u4e4b\u4e00\u5570&#xff01;\u4e0d\u8fc7&#xff0c;\u6700\u5e38\u542c\u5230\u7684\u5165\u4fb5\u65b9\u6cd5\u4e5f\u662f\u4f7f\u7528\u8fd9\u6837\u7684\u4e00\u4e2a\u4fe1\u4efb\u6f0f\u6d1e&#xff01; \u56e0\u4e3a\u4f60\u4e0d\u80fd\u4fdd\u8bc1\u6240\u6709\u4f7f\u7528\u4f01\u4e1a\u5185\u90e8\u8ba1\u7b97\u673a\u7684\u7528\u6237\u90fd\u662f\u516c\u53f8\u7684\u5458\u5de5&#xff0c;\u4e5f\u65e0\u6cd5\u4fdd\u8bc1\u4f60\u7684\u5458\u5de5\u4e0d\u4f1a\u300e\u641e\u7834\u574f&#xff01;\u300f\u00a0<span style=\"color:#000088\">\u66f4\u591a\u65f6\u5019\u662f\u7531\u4e8e\u67d0\u4e9b\u5916\u6765\u8bbf\u5ba2\u5229\u7528\u79fb\u52a8\u5f0f\u88c5\u7f6e (\u7b14\u8bb0\u672c\u7535\u8111) \u8fde\u63a5\u5230\u516c\u53f8\u5185\u90e8\u7684\u65e0\u7ebf\u7f51\u7edc\u6765\u52a0\u4ee5\u7a83\u53d6\u4f01\u4e1a\u5185\u90e8\u7684\u91cd\u8981\u4fe1\u606f\u3002<\/span> \u5475\u5475&#xff01;\u6240\u4ee5&#xff0c;\u5982\u679c\u4f60\u6709\u7279\u522b\u91cd\u8981\u7684\u90e8\u95e8\u9700\u8981\u66f4\u5b89\u5168\u7684\u4fdd\u62a4\u7f51\u7edc\u73af\u5883&#xff0c;\u90a3\u4e48\u5c06 LAN \u91cc\u9762\u518d\u52a0\u8bbe\u4e00\u4e2a\u9632\u706b\u5899&#xff0c;\u5c06\u5b89\u5168\u7b49\u7ea7\u5206\u7c7b&#xff0c;\u90a3\u4e48\u5c06\u4f1a\u8ba9\u4f60\u7684\u91cd\u8981\u6570\u636e\u83b7\u5f97\u66f4\u4f73\u7684\u4fdd\u62a4\u5594&#xff01;\u6574\u4e2a\u67b6\u6784\u6709\u70b9\u50cf\u4e0b\u56fe\u6240\u793a\u3002<\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5185\u90e8\u7f51\u7edc\u5305\u542b\u9700\u8981\u66f4\u5b89\u5168\u7684\u5b50\u7f51\u9632\u706b\u5899\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043649-68032861eaa74.jpg\" width=\"534\" \/><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u56fe 9.1-3\u3001\u5185\u90e8\u7f51\u7edc\u5305\u542b\u9700\u8981\u66f4\u5b89\u5168\u7684\u5b50\u7f51\u9632\u706b\u5899<\/span><\/span><\/p>\n<\/li>\n<li>\n<hr \/>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\u5728\u9632\u706b\u5899\u7684\u540e\u9762\u67b6\u8bbe\u7f51\u7edc\u670d\u52a1\u5668\u4e3b\u673a<\/span> \u8fd8\u6709\u4e00\u79cd\u66f4\u6709\u8da3\u7684\u8bbe\u5b9a&#xff0c;\u90a3\u5c31\u662f\u5c06\u63d0\u4f9b\u7f51\u7edc\u670d\u52a1\u7684\u670d\u52a1\u5668\u653e\u5728\u9632\u706b\u5899\u540e\u9762&#xff0c;\u8fd9\u6709\u4ec0\u4e48\u597d\u5904\u5462&#xff1f; \u5982\u4e0b\u56fe\u6240\u793a&#xff0c;Web, Mail \u4e0e FTP \u90fd\u662f\u900f\u8fc7\u9632\u706b\u5899\u8fde\u5230 Internet \u4e0a\u9762\u53bb&#xff0c;\u6240\u4ee5&#xff0c; \u5e95\u4e0b\u8fd9\u56db\u90e8\u4e3b\u673a\u5728 Internet \u4e0a\u9762\u7684 Public IP \u90fd\u662f\u4e00\u6837\u7684&#xff01;(\u8fd9\u4e2a\u89c2\u5ff5\u6211\u4eec\u4f1a\u5728\u672c\u7ae0\u5e95\u4e0b\u7684 NAT \u670d\u52a1\u5668\u7684\u65f6\u5019\u518d\u6b21\u7684\u5f3a\u8c03)\u3002 \u53ea\u662f\u900f\u8fc7\u9632\u706b\u5899\u7684\u5c01\u5305\u5206\u6790\u540e&#xff0c;\u5c06 WWW \u7684\u8981\u6c42\u5c01\u5305\u8f6c\u9001\u5230 Web \u4e3b\u673a&#xff0c;\u5c06 Mail \u9001\u7ed9 Mail Server \u53bb\u5904\u7406\u800c\u5df2(\u900f\u8fc7 port \u7684\u4e0d\u540c\u6765\u8f6c\u9012)\u3002 \u597d\u4e86&#xff0c;\u56e0\u4e3a\u56db\u90e8\u4e3b\u673a\u5728 Internet \u4e0a\u9762\u770b\u5230\u7684 IP \u90fd\u76f8\u540c&#xff0c;\u4f46\u662f\u4e8b\u5b9e\u4e0a\u5374\u662f\u56db\u90e8\u4e0d\u540c\u7684\u4e3b\u673a&#xff0c; \u800c\u5f53\u6709\u653b\u51fb\u8005\u60f3\u8981\u5165\u4fb5\u4f60\u7684 FTP \u4e3b\u673a\u597d\u4e86&#xff0c;\u4ed6\u4f7f\u7528\u5404\u79cd\u5206\u6790\u65b9\u6cd5\u53bb\u8fdb\u653b\u7684\u4e3b\u673a&#xff0c;\u5176\u5b9e\u662f\u300e\u9632\u706b\u5899\u300f\u90a3\u4e00\u90e8&#xff0c; \u653b\u51fb\u8005\u60f3\u8981\u653b\u51fb\u4f60\u5185\u90e8\u7684\u4e3b\u673a&#xff0c;\u9664\u975e\u4ed6\u80fd\u591f\u6210\u529f\u7684\u641e\u5b9a\u4f60\u7684\u9632\u706b\u5899&#xff0c;\u5426\u5219\u5c31\u5f88\u96be\u5165\u4fb5\u4f60\u7684\u5185\u90e8\u4e3b\u673a\u5462&#xff01; \u800c\u4e14&#xff0c;\u7531\u4e8e\u4e3b\u673a\u653e\u7f6e\u5728\u4e24\u90e8\u9632\u706b\u5899\u4e2d\u95f4&#xff0c;\u5185\u90e8\u7f51\u7edc\u5982\u679c\u53d1\u751f\u72b6\u51b5\u65f6 (\u4f8b\u5982\u67d0\u4e9b\u4f7f\u7528\u8005\u4e0d\u826f\u64cd\u4f5c\u5bfc\u81f4\u4e2d\u6bd2\u554a\u3001 \u88ab\u793e\u4ea4\u5de5\u7a0b\u653b\u9677\u5bfc\u81f4\u5185\u90e8\u4e3b\u673a\u88ab\u7ed1\u67b6\u554a\u7b49\u7b49\u7684) &#xff0c;\u662f\u4e0d\u4f1a\u5f71\u54cd\u5230\u7f51\u7edc\u670d\u52a1\u5668\u7684\u6b63\u5e38\u8fd0\u4f5c\u7684\u3002 \u8fd9\u79cd\u65b9\u5f0f\u9002\u7528\u5728\u6bd4\u8f83\u5927\u578b\u7684\u4f01\u4e1a\u5f53\u4e2d&#xff0c;\u56e0\u4e3a\u5bf9\u8fd9\u4e9b\u4f01\u4e1a\u6765\u8bf4&#xff0c;\u7f51\u7edc\u4e3b\u673a\u80fd\u5426\u63d0\u4f9b\u6b63\u5e38\u7a33\u5b9a\u7684\u670d\u52a1\u662f\u5f88\u91cd\u8981\u7684&#xff01; \u4e0d\u8fc7&#xff0c;\u8fd9\u79cd\u67b6\u6784\u4e0b\u6240\u8fdb\u884c\u7684\u8bbe\u5b9a\u5c31\u5f97\u5305\u542b port \u7684\u8f6c\u9012&#xff0c;\u800c\u4e14\u8981\u6709\u5f88\u5f3a\u7684\u7f51\u7edc\u903b\u8f91\u6982\u5ff5&#xff0c; \u53ef\u4ee5\u5398\u6e05\u5c01\u5305\u53cc\u5411\u6c9f\u901a\u65f6\u7684\u6d41\u52a8\u65b9\u5f0f\u3002\u5bf9\u4e8e\u65b0\u624b\u6765\u8bf4&#xff0c;\u8bbe\u5b9a\u4e0a\u6709\u4e00\u5b9a\u7684\u96be\u5ea6&#xff0c; \u9e1f\u54e5\u4e2a\u4eba\u4e0d\u592a\u5efa\u8bae\u65b0\u624b\u8fd9\u4e48\u505a&#xff0c;\u8fd8\u662f\u7b49\u4ee5\u540e\u6709\u7ecf\u9a8c\u4e4b\u540e\u518d\u6765\u73a9\u8fd9\u79cd\u67b6\u6784\u5427&#xff01;<\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u67b6\u8bbe\u5728\u9632\u706b\u5899\u540e\u7aef\u7684\u7f51\u7edc\u670d\u52a1\u5668\u73af\u5883\u793a\u610f\u56fe\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043650-680328625574b.jpg\" width=\"534\" \/><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u56fe 9.1-4\u3001\u67b6\u8bbe\u5728\u9632\u706b\u5899\u540e\u7aef\u7684\u7f51\u7edc\u670d\u52a1\u5668\u73af\u5883\u793a\u610f\u56fe<\/span><\/span><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u901a\u5e38\u50cf\u4e0a\u56fe\u7684\u73af\u5883\u4e2d&#xff0c;\u5c06\u7f51\u7edc\u670d\u52a1\u5668\u72ec\u7acb\u653e\u7f6e\u5728\u4e24\u4e2a\u9632\u706b\u5899\u4e2d\u95f4\u7684\u7f51\u7edc&#xff0c;\u6211\u4eec\u79f0\u4e4b\u4e3a\u975e\u519b\u4e8b\u533a\u57df (DMZ)\u3002 DMZ \u7684\u76ee\u7684\u5c31\u5982\u540c\u524d\u9762\u63d0\u5230\u7684&#xff0c;\u91cd\u70b9\u5728\u4fdd\u62a4\u670d\u52a1\u5668\u672c\u8eab&#xff0c;\u6240\u4ee5\u5c06 Internet \u4e0e LAN \u90fd\u9694\u79bb\u5f00\u6765&#xff0c;\u5982\u6b64\u4e00\u6765\u4e0d\u8bba\u662f\u670d\u52a1\u5668\u672c\u8eab&#xff0c;\u6216\u8005\u662f LAN \u88ab\u653b\u9677\u65f6&#xff0c;\u53e6\u4e00\u4e2a\u533a\u5757\u8fd8\u662f\u5b8c\u597d\u65e0\u7f3a\u7684&#xff01;<\/span><\/span><\/li>\n<\/ul>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043650-68032862ad6f6.jpg\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.1.5 \u9632\u706b\u5899\u7684\u4f7f\u7528\u9650\u5236<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4ece\u524d\u9762\u7684\u5206\u6790\u4e2d&#xff0c;\u6211\u4eec\u5df2\u7ecf\u77e5\u9053\u8fc7\u5c01\u5305\u6ee4\u5f0f\u9632\u706b\u5899\u4e3b\u8981\u5728\u5206\u6790 OSI \u4e03\u5c42\u534f\u8bae\u5f53\u4e2d\u7684 2, 3, 4 \u5c42&#xff0c;\u65e2\u7136\u5982\u6b64\u7684\u8bdd&#xff0c; Linux \u7684 Netfilter \u673a\u5236\u5230\u5e95\u53ef\u4ee5\u505a\u4e9b\u4ec0\u4e48\u4e8b\u60c5\u5462&#xff1f;\u5176\u5b9e\u53ef\u4ee5\u8fdb\u884c\u7684\u5206\u6790\u5de5\u4f5c\u4e3b\u8981\u6709&#xff1a;<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\u62d2\u7edd\u8ba9 Internet \u7684\u5c01\u5305\u8fdb\u5165\u4e3b\u673a\u7684\u67d0\u4e9b\u7aef\u53e3<\/span> \u8fd9\u4e2a\u5e94\u8be5\u4e0d\u96be\u4e86\u89e3\u5427&#xff01;\u4f8b\u5982\u4f60\u7684 port 21 \u8fd9\u4e2a FTP \u76f8\u5173\u7684\u57e0\u53e3&#xff0c;\u82e5\u53ea\u60f3\u8981\u5f00\u653e\u7ed9\u5185\u90e8\u7f51\u7edc\u7684\u8bdd&#xff0c;\u90a3\u4e48\u5f53 Internet \u6765\u7684\u5c01\u5305\u60f3\u8981\u8fdb\u5165\u4f60\u7684 port 21 \u65f6&#xff0c;\u5c31\u53ef\u4ee5\u5c06\u8be5\u6570\u636e\u5c01\u5305\u4e22\u6389&#xff01;\u56e0\u4e3a\u6211\u4eec\u53ef\u4ee5\u5206\u6790\u7684\u5230\u8be5\u5c01\u5305\u8868\u5934\u7684\u7aef\u53e3\u53f7\u7801\u5440&#xff01;<\/span><\/span> \u00a0<\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\u62d2\u7edd\u8ba9\u67d0\u4e9b\u6765\u6e90 IP \u7684\u5c01\u5305\u8fdb\u5165<\/span> \u4f8b\u5982\u4f60\u5df2\u7ecf\u53d1\u73b0\u67d0\u4e2a IP \u4e3b\u8981\u90fd\u662f\u6765\u81ea\u653b\u51fb\u884c\u4e3a\u7684\u4e3b\u673a&#xff0c;\u90a3\u4e48\u53ea\u8981\u6765\u81ea\u8be5 IP \u7684\u8d44\u6599\u5c01\u5305&#xff0c;\u5c31\u5c06\u4ed6\u4e22\u5f03&#xff01;\u8fd9\u6837\u4e5f\u53ef\u4ee5\u8fbe\u5230\u57fa\u7840\u7684\u5b89\u5168\u5466&#xff01;<\/span><\/span> \u00a0<\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\u62d2\u7edd\u8ba9\u5e26\u6709\u67d0\u4e9b\u7279\u6b8a\u65d7\u6807 (flag) \u7684\u5c01\u5305\u8fdb\u5165<\/span> \u6700\u5e38\u62d2\u7edd\u7684\u5c31\u662f\u5e26\u6709 SYN \u7684\u4e3b\u52a8\u8054\u673a\u7684\u65d7\u6807\u4e86&#xff01;\u53ea\u8981\u4e00\u7ecf\u53d1\u73b0&#xff0c;\u563f\u563f&#xff01;\u4f60\u5c31\u53ef\u4ee5\u5c06\u8be5\u5c01\u5305\u4e22\u5f03\u5440&#xff01;<\/span><\/span> \u00a0<\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\u5206\u6790\u786c\u4ef6\u5730\u5740 (MAC) \u6765\u51b3\u5b9a\u8054\u673a\u4e0e\u5426<\/span> \u5982\u679c\u4f60\u7684\u5c40\u57df\u7f51\u7edc\u91cc\u9762\u6709\u6bd4\u8f83\u6363\u86cb\u7684\u4f46\u662f\u53c8\u5177\u6709\u6bd4\u8f83\u9ad8\u5f3a\u7684\u7f51\u7edc\u529f\u529b\u7684\u9ad8\u624b\u65f6&#xff0c;\u5982\u679c\u4f60\u4f7f\u7528 IP \u6765\u62b5\u6321\u4ed6\u4f7f\u7528\u7f51\u7edc\u7684\u6743\u9650&#xff0c;\u800c\u4ed6\u5374\u61c2\u5f97\u53cd\u6b63\u6362\u4e00\u4e2a IP \u5c31\u597d\u4e86&#xff0c;\u90fd\u5728\u540c\u4e00\u4e2a\u7f51\u57df\u5185\u561b&#xff01; \u540c\u6837\u8fd8\u662f\u5728\u641e\u7834\u574f&#xff5e;\u600e\u4e48\u529e&#xff1f;\u6ca1\u5173\u7cfb&#xff0c;\u6211\u4eec\u53ef\u4ee5\u6b7b\u9501\u4ed6\u7684\u7f51\u7edc\u5361\u786c\u4ef6\u5730\u5740\u554a&#xff01;\u56e0\u4e3a MAC \u662f\u710a\u5728\u7f51\u7edc\u5361\u4e0a\u9762\u7684&#xff0c;\u6240\u4ee5\u4f60\u53ea\u8981\u5206\u6790\u5230\u8be5\u4f7f\u7528\u8005\u6240\u4f7f\u7528\u7684 MAC \u4e4b\u540e&#xff0c;\u53ef\u4ee5\u5229\u7528\u9632\u706b\u5899\u5c06\u8be5 MAC \u9501\u4f4f&#xff0c;\u5475\u5475&#xff01;\u9664\u975e\u4ed6\u80fd\u591f\u4e00\u6362\u518d\u6362\u4ed6\u7684\u7f51\u7edc\u5361\u6765\u53d6\u5f97\u65b0\u7684 MAC&#xff0c;\u5426\u5219\u6362 IP \u662f\u6ca1\u6709\u7528\u7684\u5566&#xff01;<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u867d\u7136 Netfilter \u9632\u706b\u5899\u5df2\u7ecf\u53ef\u4ee5\u505a\u5230\u8fd9\u4e48\u591a\u7684\u4e8b\u60c5&#xff0c;\u4e0d\u8fc7&#xff0c;\u8fd8\u662f\u6709\u5f88\u591a\u4e8b\u60c5\u6ca1\u6709\u529e\u6cd5\u900f\u8fc7 Netfilter \u6765\u5b8c\u6210\u5594&#xff01; \u4ec0\u4e48&#xff1f;\u8bbe\u5b9a\u9632\u706b\u5899\u4e4b\u540e\u8fd8\u4e0d\u5b89\u5168\u554a&#xff01;\u90a3\u5f53\u7136\u5566&#xff01;\u8c01\u8bf4\u8bbe\u5b9a\u4e86\u9632\u706b\u5899\u4e4b\u540e\u4f60\u7684\u7cfb\u7edf\u5c31\u4e00\u5b9a\u5b89\u5168&#xff1f; \u9632\u706b\u5899\u867d\u7136\u53ef\u4ee5\u9632\u6b62\u4e0d\u53d7\u6b22\u8fce\u7684\u5c01\u5305\u8fdb\u5165\u6211\u4eec\u7684\u7f51\u7edc\u5f53\u4e2d&#xff0c;\u4e0d\u8fc7&#xff0c;\u67d0\u4e9b\u60c5\u51b5\u4e0b&#xff0c;\u4ed6\u5e76\u4e0d\u80fd\u4fdd\u8bc1\u6211\u4eec\u7684\u7f51\u7edc\u4e00\u5b9a\u5c31\u5f88\u5b89\u5168\u3002 \u4e3e\u51e0\u4e2a\u4f8b\u5b50\u6765\u8c08\u4e00\u8c08&#xff1a;<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\u9632\u706b\u5899\u5e76\u4e0d\u80fd\u5f88\u6709\u6548\u7684\u62b5\u6321\u75c5\u6bd2\u6216\u6728\u9a6c\u7a0b\u5e8f<\/span> \u5047\u8bbe\u4f60\u5df2\u7ecf\u5f00\u653e\u4e86 WWW \u7684\u670d\u52a1&#xff0c;\u90a3\u4e48\u4f60\u7684 WWW \u4e3b\u673a\u4e0a\u9762&#xff0c;\u9632\u706b\u5899\u4e00\u5b9a\u5f97\u8981\u5c06 WWW \u670d\u52a1\u7684 port \u5f00\u653e\u7ed9 Client \u7aef\u767b\u5165\u624d\u884c\u5427&#xff01;\u5426\u5219\u4f60\u7684 WWW \u4e3b\u673a\u8bbe\u5b9a\u4e86\u7b49\u4e8e\u6ca1\u6709\u7528\u5bf9\u5427&#xff01;\u4e5f\u5c31\u662f\u8bf4&#xff0c;\u53ea\u8981\u8fdb\u5165\u4f60\u7684\u4e3b\u673a\u7684\u5c01\u5305\u662f\u8981\u6c42 WWW \u6570\u636e\u7684&#xff0c;\u5c31\u53ef\u4ee5\u901a\u8fc7\u4f60\u7684\u9632\u706b\u5899\u3002\u90a3\u597d\u4e86&#xff0c;\u300e\u4e07\u4e00\u4f60\u7684 WWW \u670d\u52a1\u5668\u8f6f\u4ef6\u6709\u6f0f\u6d1e&#xff0c;\u6216\u8005\u672c\u8eab\u5411\u4f60\u8981\u6c42 WWW \u670d\u52a1\u7684\u8be5\u5c01\u5305\u5c31\u662f\u75c5\u6bd2\u5728\u4fa6\u6d4b\u4f60\u7684\u7cfb\u7edf\u300f\u65f6&#xff0c;\u4f60\u7684\u9632\u706b\u5899\u53ef\u662f\u4e00\u70b9\u529e\u6cd5\u4e5f\u6ca1\u6709\u554a&#xff01; \u56e0\u4e3a\u672c\u6765\u8bbe\u5b9a\u7684\u89c4\u5219\u5c31\u662f\u4f1a\u8ba9\u4ed6\u901a\u8fc7\u554a\u3002<\/span><\/span> \u00a0<\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\u9632\u706b\u5899\u5bf9\u4e8e\u6765\u81ea\u5185\u90e8 LAN \u7684\u653b\u51fb\u8f83\u65e0\u627f\u53d7\u529b<\/span> \u4e00\u822c\u6765\u8bf4&#xff0c;\u6211\u4eec\u5bf9\u4e8e LAN \u91cc\u9762\u7684\u4e3b\u673a\u90fd\u6ca1\u6709\u4ec0\u4e48\u9632\u706b\u5899\u7684\u8bbe\u5b9a&#xff0c;\u56e0\u4e3a\u662f\u6211\u4eec\u81ea\u5df1\u7684 LAN \u554a&#xff0c;\u6240\u4ee5\u5f53\u7136\u5c31\u8bbe\u5b9a\u4e3a\u4fe1\u4efb\u7f51\u57df\u4e86&#xff01;\u4e0d\u8fc7&#xff0c; LAN \u91cc\u9762\u603b\u662f\u53ef\u80fd\u6709\u4e9b\u7f51\u7edc\u5c0f\u767d\u554a&#xff0c;\u867d\u7136\u4ed6\u4eec\u4e0d\u662f\u6545\u610f\u8981\u641e\u7834\u574f&#xff0c; \u4f46\u662f\u4ed6\u4eec\u5c31\u662f\u4e0d\u61c2\u561b&#xff01;\u6240\u4ee5\u5c31\u4e71\u7528\u7f51\u7edc\u4e86\u3002\u8fd9\u4e2a\u65f6\u5019\u5c31\u5f88\u7cdf\u7cd5&#xff0c;\u56e0\u4e3a\u9632\u706b\u5899\u5bf9\u4e8e\u5185\u90e8\u7684\u89c4\u5219\u8bbe\u5b9a\u901a\u5e38\u6bd4\u8f83\u5c11&#xff0c; \u6240\u4ee5\u5c31\u5bb9\u6613\u9020\u6210\u5185\u90e8\u5458\u5de5\u5bf9\u4e8e\u7f51\u7edc\u8bef\u7528\u6216\u6ee5\u7528\u7684\u60c5\u51b5\u3002<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6240\u4ee5\u5566&#xff0c;\u8fd8\u662f\u56de\u5230\u7b2c\u4e03\u7ae0\u7684\u56fe 7.1-1\u00a0\u7684\u8bf4\u660e\u53bb\u770b\u770b&#xff0c;\u5206\u6790\u4e00\u4e0b\u8be5\u56fe\u793a&#xff0c;\u4f60\u5c31\u4f1a\u77e5\u9053&#xff0c;\u5728\u4f60\u7684 Linux \u4e3b\u673a\u5b9e\u5730\u4e0a\u7f51\u4e4b\u524d&#xff0c;\u8fd8\u662f\u5f97\u5148&#xff1a;<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5173\u95ed\u51e0\u4e2a\u4e0d\u5b89\u5168\u7684\u670d\u52a1&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5347\u7ea7\u51e0\u4e2a\u53ef\u80fd\u6709\u95ee\u9898\u7684\u5957\u4ef6&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u67b6\u8bbe\u597d\u6700\u8d77\u7801\u7684\u5b89\u5168\u9632\u62a4&#8211;\u9632\u706b\u5899&#8211;<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5176\u4ed6\u76f8\u5173\u7684\u8baf\u606f\u8fd8\u662f\u8bf7\u5230\u7b2c\u4e03\u7ae0\u8ba4\u8bc6\u7f51\u7edc\u5b89\u5168\u91cc\u9762\u53bb\u770b\u4e00\u770b\u600e\u4e48\u589e\u52a0\u81ea\u8eab\u7684\u5b89\u5168\u5427&#xff01;<\/span><\/span><\/p>\n<hr \/>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5927\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043651-6803286310ce1.jpg\" width=\"534\" \/><\/p>\n<p><span style=\"color:#0000bb\"><span style=\"background-color:#ffffff\">9.2 TCP Wrappers<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5728\u8fdb\u5165\u4e3b\u9898\u4e4b\u524d&#xff0c;\u6211\u4eec\u5148\u6765\u73a9\u4e00\u4e2a\u7b80\u5355\u7684\u9632\u706b\u5899\u673a\u5236&#xff0c;\u90a3\u5c31\u662f TCP Wrappers \u8fd9\u73a9\u610f\u513f\u3002\u5982\u540c\u524d\u9762\u8bf4\u7684&#xff0c; TCP wrappers \u662f\u900f\u8fc7\u5ba2\u6237\u7aef\u60f3\u8981\u94fe\u63a5\u7684\u7a0b\u5e8f\u6587\u4ef6\u540d&#xff0c;\u7136\u540e\u5206\u6790\u5ba2\u6237\u7aef\u7684 IP &#xff0c;\u770b\u770b\u662f\u5426\u9700\u8981\u653e\u884c\u3002\u90a3\u4e48\u54ea\u4e9b\u7a0b\u5e8f\u652f\u6301 TCP wrappers \u7684\u529f\u80fd&#xff1f;\u8fd9\u4e2a TCP wrappers \u53c8\u8be5\u5982\u4f55\u8bbe\u5b9a&#xff1f;\u6211\u4eec\u8fd9\u91cc\u5148\u7b80\u5355\u7684\u8c08\u8c08\u5427&#xff01;(\u8fd9\u4e2a\u5c0f\u8282\u4ec5\u662f\u7b80\u5355\u7684\u4ecb\u7ecd\u8fc7 TCP wrappers &#xff0c;\u66f4\u591a\u76f8\u5173\u529f\u80fd\u8bf7\u53c2\u8003\u57fa\u7840\u5b66\u4e60\u7bc7\u7684\u7b2c\u5341\u516b\u7ae0\u5185\u5bb9\u5594&#xff01;)<\/span><\/span><\/p>\n<p> \u00a0 <\/p>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043651-680328636985d.jpg\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.2.1 \u54ea\u4e9b\u670d\u52a1\u6709\u652f\u6301<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u8bf4\u7a7f\u4e86&#xff0c; TCP wrappers \u5c31\u662f\u900f\u8fc7 \/etc\/hosts.allow, \/etc\/hosts.deny \u8fd9\u4e24\u4e2a\u5b9d\u8d1d\u86cb\u6765\u7ba1\u7406\u7684\u4e00\u4e2a\u7c7b\u4f3c\u9632\u706b\u5899\u7684\u673a\u5236&#xff0c; \u4f46\u5e76\u975e\u6240\u6709\u7684\u8f6f\u4ef6\u90fd\u53ef\u4ee5\u900f\u8fc7\u8fd9\u4e24\u4e2a\u6863\u6848\u6765\u63a7\u7ba1&#xff0c;\u53ea\u6709\u5e95\u4e0b\u7684\u8f6f\u4ef6\u624d\u80fd\u591f\u900f\u8fc7\u8fd9\u4e24\u4e2a\u6863\u6848\u6765\u7ba1\u7406\u9632\u706b\u5899\u89c4\u5219&#xff0c;\u5206\u522b\u662f&#xff1a;<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7531 super daemon (xinetd) \u6240\u7ba1\u7406\u7684\u670d\u52a1&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6709\u652f\u63f4 libwrap.so \u6a21\u5757\u7684\u670d\u52a1\u3002<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7ecf\u7531 xinetd \u7ba1\u7406\u7684\u670d\u52a1\u8fd8\u597d\u7406\u89e3&#xff0c;\u5c31\u662f\u914d\u7f6e\u6587\u4ef6\u5728 \/etc\/xinetd.d\/ \u91cc\u9762\u7684\u670d\u52a1\u5c31\u662f xinetd \u6240\u7ba1\u7406\u7684\u554a&#xff01; \u90a3\u4e48\u4ec0\u4e48\u662f\u6709\u652f\u6301 libwrap.so \u6a21\u5757\u5462&#xff1f;\u5c31\u8ba9\u6211\u4eec\u6765\u8fdb\u884c\u5e95\u4e0b\u7684\u4f8b\u9898&#xff0c;\u4f60\u5c31\u6bd4\u8f83\u5bb9\u6613\u660e\u767d\u5570&#xff1a;<\/span><\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4f8b\u9898&#xff1a;<\/span><\/span> <\/p>\n<p>       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u8bf7\u67e5\u51fa\u4f60\u7684\u7cfb\u7edf\u6709\u6ca1\u6709\u5b89\u88c5 xinetd &#xff0c;\u82e5\u6ca1\u6709\u8bf7\u5b89\u88c5\u3002\u5b89\u88c5\u5b8c\u6bd5\u540e&#xff0c;\u8bf7\u67e5\u8be2 xinetd \u7ba1\u7406\u7684\u670d\u52a1\u6709\u54ea\u4e9b&#xff1f;<\/span><\/span><br \/>\n       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7b54&#xff1a;<\/span><\/span> <\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">yum install xinetd<\/span><br \/>\nSetting up Install Process<br \/>\nPackage 2:xinetd-2.3.14-29.el6.x86_64 <span style=\"color:#FFFF00\">already installed and latest version<\/span><br \/>\nNothing to do<br \/>\n<span style=\"color:#ff6666\"># \u753b\u9762\u4e2d\u663e\u793a&#xff0c;\u5df2\u7ecf\u662f\u6700\u65b0\u7684 xinetd &#xff01;\u6240\u4ee5&#xff0c;\u5df2\u7ecf\u6709\u5b89\u88c5\u5570&#xff01;<br \/>\n# \u63a5\u4e0b\u6765\u627e\u51fa xinetd \u6240\u7ba1\u7406\u7684\u670d\u52a1\u7fa4&#xff01;<\/span><\/p>\n<p>[root&#064;www ~]# <span style=\"color:#FFFF00\">chkconfig xinetd on<\/span>   <span style=\"color:#777777\">&lt;&#061;&#061;\u8981\u5148\u8ba9 xinetd on \u540e\u624d\u80fd\u770b\u5230\u5e95\u4e0b\u7684<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">chkconfig &#8211;list<\/span><br \/>\n<span style=\"color:#ff6666\">&#8230;.(\u524d\u9762\u7701\u7565)&#8230;.<\/span><br \/>\nxinetd based services:<br \/>\n        chargen-dgram:  off<br \/>\n        chargen-stream: off<br \/>\n<span style=\"color:#ff6666\">&#8230;.(\u4e2d\u95f4\u7701\u7565)&#8230;.<\/span><br \/>\n        <span style=\"color:#FFFF00\">rsync:          off<\/span>   <span style=\"color:#777777\">&lt;&#061;&#061;\u4e0b\u4e00\u5c0f\u8282\u7684\u8303\u4f8b\u5c31\u7528\u8fd9\u73a9\u610f\u513f\u6765\u89e3\u91ca<\/span><br \/>\n        tcpmux-server:  off<br \/>\n        telnet:         on<br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e0a\u8ff0\u7ed3\u679c\u6700\u7ec8\u8f93\u51fa\u7684\u90e8\u5206\u5c31\u662f xinetd \u6240\u7ba1\u7406\u7684\u670d\u52a1\u7fa4\u5570&#xff01;\u4e0a\u8ff0\u7684\u670d\u52a1\u4e4b\u9632\u706b\u5899\u7b80\u6613\u8bbe\u5b9a&#xff0c;\u90fd\u53ef\u4ee5\u900f\u8fc7 TCP wrappers \u6765\u7ba1\u7406\u7684\u565c&#xff01;<\/span><\/span>\n       <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>  <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4f8b\u9898&#xff1a;<\/span><\/span> <\/p>\n<p>       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u8bf7\u95ee&#xff0c; rsyslogd, sshd, xinetd, httpd (\u82e5\u8be5\u670d\u52a1\u4e0d\u5b58\u5728&#xff0c;\u8bf7\u81ea\u884c\u5b89\u88c5\u8f6f\u4ef6)&#xff0c;\u8fd9\u56db\u4e2a\u7a0b\u5e8f\u6709\u6ca1\u6709\u652f\u6301 tcp wrappers \u7684\u62b5\u6321\u529f\u80fd&#xff1f;<\/span><\/span><br \/>\n       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7b54&#xff1a;<\/span><\/span> <\/p>\n<p>       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7531\u4e8e\u652f\u6301 tcp wrappers \u7684\u670d\u52a1\u5fc5\u5b9a\u5305\u542b libwrap \u8fd9\u4e00\u4e2a\u52a8\u6001\u51fd\u5f0f\u5e93&#xff0c;\u56e0\u6b64\u53ef\u4ee5\u4f7f\u7528 ldd \u6765\u89c2\u5bdf\u8be5\u670d\u52a1\u5373\u53ef\u3002 \u7b80\u5355\u7684\u4f7f\u7528\u65b9\u5f0f\u4e3a&#xff1a;<\/span><\/span> <\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">ldd $(which rsyslogd sshd xinetd httpd)<\/span><br \/>\n<span style=\"color:#ff6666\"># \u8fd9\u4e2a\u65b9\u5f0f\u53ef\u4ee5\u5c06\u6240\u6709\u7684\u52a8\u6001\u51fd\u5f0f\u5e93\u53d6\u51fa\u6765\u67e5\u9605&#xff0c;\u4e0d\u8fc7\u9700\u8981\u773c\u775b\u641c\u5bfb\u3002<br \/>\n# \u53ef\u4ee5\u900f\u8fc7\u5e95\u4e0b\u7684\u65b9\u5f0f\u6765\u5904\u7406\u66f4\u5feb&#xff01;<\/span><\/p>\n<p>[root&#064;www ~]# <span style=\"color:#FFFF00\">for name in rsyslogd sshd xinetd httpd; do echo $name; \\\\<\/span><br \/>\n&gt; <span style=\"color:#FFFF00\">ldd $(which $name) | grep libwrap; done<\/span><br \/>\nrsyslogd<br \/>\nsshd<br \/>\n        libwrap.so.0 &#061;&gt; \/lib64\/libwrap.so.0 (0x00007fb41d3c9000)<br \/>\nxinetd<br \/>\n        libwrap.so.0 &#061;&gt; \/lib64\/libwrap.so.0 (0x00007f6314821000)<br \/>\nhttpd<br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e0a\u8ff0\u7684\u7ed3\u679c\u4e2d&#xff0c;\u5728\u8be5\u6863\u540d\u6863\u4e0b\u6709\u51fa\u73b0 libwrap \u7684&#xff0c;\u4ee3\u8868\u6709\u627e\u5230\u8be5\u51fd\u5f0f\u5e93&#xff0c;\u624d\u6709\u652f\u6301 tcp wrappers\u3002 \u6240\u4ee5&#xff0c; sshd, xinetd \u6709\u652f\u6301&#xff0c;\u4f46\u662f rsyslogd, httpd \u8fd9\u4e24\u652f\u7a0b\u5e8f\u5219\u4e0d\u652f\u6301\u3002\u4e5f\u5c31\u662f\u8bf4&#xff0c; httpd \u4e0e rsyslogd \u4e0d\u80fd\u591f\u4f7f\u7528 \/etc\/hosts.{allow|deny} \u6765\u8fdb\u884c\u9632\u706b\u5899\u673a\u5236\u7684\u63a7\u7ba1\u3002<\/span><\/span>\n       <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043651-68032863c0a89.jpg\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.2.2 \/etc\/hosts.{allow|deny} \u7684\u8bbe\u5b9a\u65b9\u5f0f<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u90a3\u5982\u4f55\u900f\u8fc7\u8fd9\u4e24\u4e2a\u6863\u6848\u6765\u62b5\u6321\u6709\u95ee\u9898\u7684 IP \u6765\u6e90\u5462&#xff1f;\u8fd9\u4e24\u4e2a\u6863\u6848\u7684\u8bed\u6cd5\u90fd\u4e00\u6837&#xff0c;\u5f88\u7b80\u5355\u7684&#xff1a;<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">&lt;service(program_name)&gt; : &lt;IP, domain, hostname&gt;<br \/>\n&lt;\u670d\u52a1   (\u4ea6\u5373\u7a0b\u5e8f\u540d\u79f0)&gt; : &lt;IP \u6216\u9886\u57df \u6216\u4e3b\u673a\u540d&gt;<br \/>\n<span style=\"color:#ff6666\"># \u4e0a\u5934\u7684 &gt; &lt; \u662f\u4e0d\u5b58\u5728\u4e8e\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u5594&#xff01;<\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6211\u4eec\u77e5\u9053\u9632\u706b\u5899\u7684\u89c4\u5219\u90fd\u662f\u6709\u987a\u5e8f\u7684&#xff0c;\u90a3\u8fd9\u4e24\u4e2a\u6863\u6848\u4e0e\u89c4\u5219\u7684\u987a\u5e8f\u4f18\u5148\u662f\u600e\u6837\u5462&#xff1f;\u57fa\u672c\u4e0a\u662f\u8fd9\u6837\u7684&#xff1a;<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5148\u4ee5 \/etc\/hosts.allow \u4e3a\u4f18\u5148\u6bd4\u5bf9&#xff0c;\u8be5\u89c4\u5219\u7b26\u5408\u5c31\u4e88\u4ee5\u653e\u884c&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u518d\u4ee5 \/etc\/hosts.deny \u6bd4\u5bf9&#xff0c;\u89c4\u5219\u7b26\u5408\u5c31\u4e88\u4ee5\u62b5\u6321&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u82e5\u4e0d\u5728\u8fd9\u4e24\u4e2a\u6863\u6848\u5185&#xff0c;\u4ea6\u5373\u89c4\u5219\u90fd\u4e0d\u7b26\u5408&#xff0c;\u6700\u7ec8\u5219\u4e88\u4ee5\u653e\u884c\u3002<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6211\u4eec\u62ff rsync \u8fd9\u4e2a xinetd \u7ba1\u7406\u7684\u670d\u52a1\u6765\u8fdb\u884c\u8bf4\u660e\u597d\u4e86&#xff0c;\u8bf7\u53c2\u8003\u5e95\u4e0b\u7684\u4f8b\u9898\u5427&#xff1a;<\/span><\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4f8b\u9898&#xff1a;<\/span><\/span> <\/p>\n<p>       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5148\u5f00\u653e\u672c\u673a\u7684 127.0.0.1 \u53ef\u4ee5\u8fdb\u884c\u4efb\u4f55\u672c\u673a\u7684\u670d\u52a1&#xff0c;\u7136\u540e&#xff0c;\u8ba9\u533a\u7f51 (192.168.1.0\/24) \u53ef\u4ee5\u4f7f\u7528 rsync &#xff0c; \u540c\u65f6 10.0.0.100 \u4e5f\u80fd\u591f\u4f7f\u7528 rsync &#xff0c;\u4f46\u5176\u4ed6\u6765\u6e90\u5219\u4e0d\u5141\u8bb8\u4f7f\u7528 rsync \u5594\u3002<\/span><\/span><br \/>\n       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7b54&#xff1a;<\/span><\/span> <\/p>\n<p>       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\u6211\u4eec\u5f97\u8981\u5148\u77e5\u9053 rsync \u7684\u670d\u52a1\u542f\u52a8\u7684\u6863\u540d\u4e3a\u4f55&#xff0c;\u56e0\u4e3a tcp wrappers \u662f\u900f\u8fc7\u542f\u52a8\u670d\u52a1\u7684\u6863\u540d\u6765\u7ba1\u7406\u7684\u3002<\/span>\u00a0\u5f53\u6211\u4eec\u89c2\u5bdf rsync \u7684\u914d\u7f6e\u6587\u4ef6\u65f6&#xff0c;\u53ef\u4ee5\u53d1\u73b0&#xff1a;<\/span><\/span> <\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">cat \/etc\/xinetd.d\/rsync<\/span><br \/>\nservice rsync<br \/>\n{<br \/>\n        disable &#061; yes<br \/>\n        flags           &#061; IPv6<br \/>\n        socket_type     &#061; stream<br \/>\n        wait            &#061; no<br \/>\n        user            &#061; root<br \/>\n        <span style=\"color:#FFFF00\">server          &#061; \/usr\/bin\/rsync<\/span>   <span style=\"color:#777777\">&lt;&#061;&#061;\u6a94\u540d\u53eb\u505a rsync<\/span><br \/>\n        server_args     &#061; &#8211;daemon<br \/>\n        log_on_failure  &#043;&#061; USERID<br \/>\n}<br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u56e0\u6b64\u7a0b\u5e8f\u5b57\u6bb5\u7684\u9879\u76ee\u8981\u5199\u7684\u662f rsync \u5594&#xff01;\u56e0\u6b64&#xff0c;\u6211\u4eec\u5e94\u8be5\u8981\u8fd9\u6837\u8bbe\u5b9a\u7684&#xff1a;<\/span><\/span> <\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">vim \/etc\/hosts.allow<\/span><br \/>\n<span style=\"color:#FFFF00\">ALL: 127.0.0.1<\/span>    <span style=\"color:#777777\">&lt;&#061;&#061;\u8fd9\u5c31\u662f\u672c\u673a\u5168\u90e8\u7684\u670d\u52a1\u90fd\u63a5\u53d7&#xff01;<\/span><br \/>\n<span style=\"color:#FFFF00\">rsync: 192.168.1.0\/255.255.255.0 10.0.0.100<\/span><\/p>\n<p>[root&#064;www ~]# <span style=\"color:#FFFF00\">vim \/etc\/hosts.deny<\/span><br \/>\n<span style=\"color:#FFFF00\">rsync: ALL<\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p> \u00a0 <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e0a\u9762\u7684\u4f8b\u9898\u6709\u51e0\u4e2a\u91cd\u70b9&#xff0c;\u9996\u5148&#xff0c; tcp wrappers \u7406\u8bba\u4e0a\u4e0d\u652f\u6301 192.168.1.0\/24 \u8fd9\u79cd\u900f\u8fc7 bit \u6570\u503c\u6765\u5b9a\u4e49\u7684\u7f51\u57df&#xff0c; \u53ea\u652f\u6301 netmask \u7684\u5730\u5740\u663e\u793a\u65b9\u5f0f\u3002\u53e6\u5916&#xff0c;\u5982\u679c\u6709\u591a\u4e2a\u7f51\u57df\u6216\u8005\u662f\u5355\u4e00\u6765\u6e90&#xff0c;\u53ef\u4ee5\u900f\u8fc7\u7a7a\u683c\u6765\u7d2f\u52a0\u3002 \u5982\u679c\u60f3\u8981\u5199\u6210\u591a\u884c\u5462&#xff1f;\u4e5f\u53ef\u4ee5\u554a&#xff01;\u591a\u5199\u51e0\u884c\u300e kshd: IP \u300f\u7684\u65b9\u5f0f\u4e5f\u53ef\u4ee5&#xff0c;\u4e0d\u5fc5\u8981\u5c06\u6240\u6709\u6570\u636e\u96c6\u4e2d\u5728\u4e00\u884c\u5566&#xff01;\u56e0\u4e3a tcp wrappers \u4e5f\u662f\u4e00\u6761\u4e00\u6761\u89c4\u5219\u6bd4\u5bf9\u561b&#xff01;<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u57fa\u672c\u4e0a&#xff0c;\u4f60\u53ea\u8981\u7406\u89e3\u8fd9\u4e9b\u6570\u636e\u5373\u53ef&#xff01;\u56e0\u4e3a\u7edd\u5927\u90e8\u5206\u7684\u65f6\u523b&#xff0c;\u6211\u4eec\u90fd\u4f1a\u5efa\u8bae\u4f7f\u7528\u5e95\u4e0b\u4ecb\u7ecd\u7684 Netfilter \u7684\u673a\u5236\u6765\u62b5\u6321\u5c01\u5305\u3002 \u90a3\u8ba9\u6211\u4eec\u51c6\u5907\u5f00\u59cb\u6765\u73a9\u73a9 iptables \u5c01\u5305\u8fc7\u6ee4\u9632\u706b\u5899\u5427&#xff01;<\/span><\/span><\/p>\n<hr \/>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5927\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043652-6803286424636.jpg\" width=\"534\" \/><\/p>\n<p><span style=\"color:#0000bb\"><span style=\"background-color:#ffffff\">9.3 Linux \u7684\u5c01\u5305\u8fc7\u6ee4\u8f6f\u4ef6&#xff1a;iptables<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e0a\u9762\u8c08\u4e86\u8fd9\u4e48\u591a&#xff0c;\u4e3b\u8981\u8fd8\u662f\u5e0c\u671b\u4f60\u80fd\u4e86\u89e3\u5230\u9632\u706b\u5899\u662f\u4ec0\u4e48\u8fd9\u4e2a\u8bae\u9898&#xff01;\u800c\u4e14\u4e5f\u5e0c\u671b\u4f60\u77e5\u9053\u9632\u706b\u5899\u5e76\u975e\u4e07\u80fd\u7684\u3002 \u597d\u4e86&#xff0c;\u90a3\u4e48\u5e95\u4e0b\u6211\u4eec\u7ec8\u4e8e\u53ef\u4ee5\u6765\u77a7\u4e00\u77a7&#xff0c;\u90a3\u76ee\u524d\u6211\u4eec\u7684 2.6 \u7248\u8fd9\u4e2a Linux \u6838\u5fc3\u5230\u5e95\u4f7f\u7528\u4ec0\u4e48\u6838\u5fc3\u529f\u80fd\u6765\u8fdb\u884c\u9632\u706b\u5899\u8bbe\u5b9a&#xff1f;<\/span><\/span><\/p>\n<p> \u00a0 <\/p>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043652-680328647c451.jpg\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.3.1 \u4e0d\u540c Linux \u6838\u5fc3\u7248\u672c\u7684\u9632\u706b\u5899\u8f6f\u4ef6<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">Linux \u7684\u9632\u706b\u5899\u4e3a\u4ec0\u4e48\u529f\u80fd\u8fd9\u4e48\u597d&#xff1f;\u8fd9\u662f\u56e0\u4e3a\u4ed6\u672c\u8eab\u5c31\u662f\u7531 Linux \u6838\u5fc3\u6240\u63d0\u4f9b&#xff0c;\u7531\u4e8e\u76f4\u63a5\u7ecf\u8fc7\u6838\u5fc3\u6765\u5904\u7406&#xff0c;\u56e0\u6b64\u6548\u80fd\u975e\u5e38\u597d&#xff01; \u4e0d\u8fc7&#xff0c;\u4e0d\u540c\u6838\u5fc3\u7248\u672c\u6240\u4f7f\u7528\u7684\u9632\u706b\u5899\u8f6f\u4ef6\u662f\u4e0d\u4e00\u6837\u7684&#xff01;\u56e0\u4e3a\u6838\u5fc3\u652f\u6301\u7684\u9632\u706b\u5899\u662f\u9010\u6e10\u6f14\u8fdb\u800c\u6765\u7684\u561b&#xff01;<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">Version 2.0&#xff1a;\u4f7f\u7528 ipfwadm \u8fd9\u4e2a\u9632\u706b\u5899\u673a\u5236&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">Version 2.2&#xff1a;\u4f7f\u7528\u7684\u662f ipchains \u8fd9\u4e2a\u9632\u706b\u5899\u673a\u5236&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">Version 2.4 \u4e0e 2.6 &#xff1a;\u4e3b\u8981\u662f\u4f7f\u7528 iptables \u8fd9\u4e2a\u9632\u706b\u5899\u673a\u5236&#xff0c;\u4e0d\u8fc7\u5728\u67d0\u4e9b\u65e9\u671f\u7684 Version 2.4 \u7248\u672c\u7684 distributions \u5f53\u4e2d&#xff0c;\u4ea6\u540c\u65f6\u652f\u6301 ipchains (\u7f16\u8bd1\u6210\u4e3a\u6a21\u5757)&#xff0c;\u597d\u8ba9\u7528\u6237\u4ecd\u7136\u53ef\u4ee5\u4f7f\u7528\u6765\u81ea 2.2 \u7248\u7684 ipchains \u7684\u9632\u706b\u5899\u89c4\u5212\u3002\u4e0d\u8fc7&#xff0c;\u4e0d\u5efa\u8bae\u5728 2.4 \u4ee5\u4e0a\u7684\u6838\u5fc3\u7248\u672c\u4f7f\u7528 ipchains \u5594&#xff01;<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u56e0\u4e3a\u4e0d\u540c\u7684\u6838\u5fc3\u4f7f\u7528\u7684\u9632\u706b\u5899\u673a\u5236\u4e0d\u540c&#xff0c;\u4e14\u652f\u6301\u7684\u8f6f\u4ef6\u6307\u4ee4\u4e0e\u8bed\u6cd5\u4e5f\u4e0d\u76f8\u540c&#xff0c;\u6240\u4ee5\u5728 Linux \u4e0a\u5934\u8bbe\u5b9a\u5c5e\u4e8e\u4f60\u81ea\u5df1\u7684\u9632\u706b\u5899\u89c4\u5219\u65f6&#xff0c;\u8981\u6ce8\u610f\u554a&#xff0c;\u5148\u7528\u00a0uname -r\u00a0\u8ffd\u8e2a\u4e00\u4e0b\u4f60\u7684\u6838\u5fc3\u7248\u672c\u518d\u8bf4&#xff01;\u5982\u679c\u4f60\u662f\u5b89\u88c5 2004 \u5e74\u4ee5\u540e\u63a8\u51fa\u7684 distributions &#xff0c;\u90a3\u5c31\u4e0d\u9700\u8981\u62c5\u5fc3\u4e86&#xff0c;\u56e0\u4e3a\u8fd9\u4e9b distributions \u51e0\u4e4e\u90fd\u4f7f\u7528 kernel 2.6 \u7248\u7684\u6838\u5fc3\u554a&#xff01; ^_^<\/span><\/span><\/p>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043652-68032864d408e.jpg\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.3.2 \u5c01\u5305\u8fdb\u5165\u6d41\u7a0b&#xff1a;\u89c4\u5219\u987a\u5e8f\u7684\u91cd\u8981\u6027&#xff01;<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u524d\u9762\u7684\u51e0\u4e2a\u5c0f\u8282\u91cc\u9762\u6211\u4eec\u4e00\u76f4\u8c08\u5230&#xff1a;\u300e\u9632\u706b\u5899\u89c4\u5219\u300f&#xff0c;\u54a6&#xff01;\u5565\u662f\u89c4\u5219\u554a&#xff1f;\u56e0\u4e3a iptables \u662f\u5229\u7528\u5c01\u5305\u8fc7\u6ee4\u7684\u673a\u5236&#xff0c; \u6240\u4ee5\u4ed6\u4f1a\u5206\u6790\u5c01\u5305\u7684\u8868\u5934\u6570\u636e\u3002\u6839\u636e\u8868\u5934\u6570\u636e\u4e0e\u5b9a\u4e49\u7684\u300e\u89c4\u5219\u300f\u6765\u51b3\u5b9a\u8be5\u5c01\u5305\u662f\u5426\u53ef\u4ee5\u8fdb\u5165\u4e3b\u673a\u6216\u8005\u662f\u88ab\u4e22\u5f03\u3002 \u610f\u601d\u5c31\u662f\u8bf4&#xff1a;\u300e<span style=\"color:#000088\">\u6839\u636e\u5c01\u5305\u7684\u5206\u6790\u8d44\u6599 &#034;\u6bd4\u5bf9&#034; \u4f60\u9884\u5148\u5b9a\u4e49\u7684\u89c4\u5219\u5185\u5bb9&#xff0c; \u82e5\u5c01\u5305\u6570\u636e\u4e0e\u89c4\u5219\u5185\u5bb9\u76f8\u540c\u5219\u8fdb\u884c\u52a8\u4f5c&#xff0c;\u5426\u5219\u5c31\u7ee7\u7eed\u4e0b\u4e00\u6761\u89c4\u5219\u7684\u6bd4\u5bf9&#xff01;<\/span>\u300f \u91cd\u70b9\u5728\u90a3\u4e2a\u300e\u6bd4\u5bf9\u4e0e\u5206\u6790\u987a\u5e8f\u300f\u4e0a\u3002<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e3e\u4e2a\u7b80\u5355\u7684\u4f8b\u5b50&#xff0c;\u5047\u8bbe\u6211\u9884\u5148\u5b9a\u4e49 10 \u6761\u9632\u706b\u5899\u89c4\u5219\u597d\u4e86&#xff0c;\u90a3\u4e48\u5f53 Internet \u6765\u4e86\u4e00\u4e2a\u5c01\u5305\u60f3\u8981\u8fdb\u5165\u6211\u7684\u4e3b\u673a&#xff0c; \u90a3\u4e48\u9632\u706b\u5899\u662f\u5982\u4f55\u5206\u6790\u8fd9\u4e2a\u5c01\u5305\u7684\u5462&#xff1f;\u6211\u4eec\u4ee5\u5e95\u4e0b\u7684\u56fe\u793a\u6765\u8bf4\u660e\u597d\u4e86&#xff1a;<\/span><\/span><\/p>\n<p>  <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c01\u5305\u8fc7\u6ee4\u7684\u89c4\u5219\u52a8\u4f5c\u53ca\u5206\u6790\u6d41\u7a0b\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043653-680328653a460.jpg\" width=\"534\" \/><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u56fe 9.3-1\u3001\u5c01\u5305\u8fc7\u6ee4\u7684\u89c4\u5219\u52a8\u4f5c\u53ca\u5206\u6790\u6d41\u7a0b<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5f53\u4e00\u4e2a\u7f51\u7edc\u5c01\u5305\u8981\u8fdb\u5165\u5230\u4e3b\u673a\u4e4b\u524d&#xff0c;\u4f1a\u5148\u7ecf\u7531 NetFilter \u8fdb\u884c\u68c0\u67e5&#xff0c;\u90a3\u5c31\u662f iptables \u7684\u89c4\u5219\u4e86\u3002 \u68c0\u67e5\u901a\u8fc7\u5219\u63a5\u53d7 (ACCEPT) \u8fdb\u5165\u672c\u673a\u53d6\u5f97\u8d44\u6e90&#xff0c;\u5982\u679c\u68c0\u67e5\u4e0d\u901a\u8fc7&#xff0c;\u5219\u53ef\u80fd\u4e88\u4ee5\u4e22\u5f03 (DROP) &#xff01; \u4e0a\u56fe\u4e2d\u4e3b\u8981\u7684\u76ee\u7684\u5728\u544a\u77e5\u4f60&#xff1a;\u300e\u89c4\u5219\u662f\u6709\u987a\u5e8f\u7684\u300f&#xff01;\u4f8b\u5982\u5f53\u7f51\u7edc\u5c01\u5305\u8fdb\u5165 Rule 1 \u7684\u6bd4\u5bf9\u65f6&#xff0c; \u5982\u679c<span style=\"color:#000088\">\u6bd4\u5bf9\u7ed3\u679c\u7b26\u5408 Rule 1 &#xff0c;\u6b64\u65f6\u8fd9\u4e2a\u7f51\u7edc\u5c01\u5305\u5c31\u4f1a\u8fdb\u884c Action 1 \u7684\u52a8\u4f5c&#xff0c;\u800c\u4e0d\u4f1a\u7406\u4f1a\u540e\u7eed\u7684 Rule 2, Rule 3&#8230;. \u7b49\u89c4\u5219\u7684\u5206\u6790\u4e86<\/span>\u3002<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u800c\u5982\u679c\u8fd9\u4e2a\u5c01\u5305\u5e76\u4e0d\u7b26\u5408 Rule 1 \u7684\u6bd4\u5bf9&#xff0c;\u90a3\u5c31\u4f1a\u8fdb\u5165 Rule 2 \u7684\u6bd4\u5bf9\u4e86&#xff01;\u5982\u6b64\u4e00\u4e2a\u4e00\u4e2a\u89c4\u5219\u53bb\u8fdb\u884c\u6bd4\u5bf9\u5c31\u662f\u4e86\u3002 \u90a3\u5982\u679c\u6240\u6709\u7684\u89c4\u5219\u90fd\u4e0d\u7b26\u5408\u600e\u529e&#xff1f;\u6b64\u65f6\u5c31\u4f1a\u900f\u8fc7\u9884\u8bbe\u52a8\u4f5c (\u5c01\u5305\u653f\u7b56, Policy) \u6765\u51b3\u5b9a\u8fd9\u4e2a\u5c01\u5305\u7684\u53bb\u5411\u3002 \u6240\u4ee5\u5566&#xff0c;<span style=\"color:#000088\">\u5f53\u4f60\u7684\u89c4\u5219\u987a\u5e8f\u6392\u5217\u9519\u8bef\u65f6&#xff0c;\u5c31\u4f1a\u4ea7\u751f\u5f88\u4e25\u91cd\u7684\u9519\u8bef\u4e86<\/span>\u3002 \u600e\u4e48\u8bf4\u5462&#xff1f;\u8ba9\u6211\u4eec\u770b\u770b\u5e95\u4e0b\u8fd9\u4e2a\u4f8b\u5b50&#xff1a;<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5047\u8bbe\u4f60\u7684 Linux \u4e3b\u673a\u63d0\u4f9b\u4e86 WWW \u7684\u670d\u52a1&#xff0c;\u90a3\u4e48\u81ea\u7136\u5c31\u8981\u9488\u5bf9 port 80 \u6765\u542f\u7528\u901a\u8fc7\u7684\u5c01\u5305\u89c4\u5219&#xff0c;\u4f46\u662f\u4f60\u53d1\u73b0 IP \u6765\u6e90\u4e3a 192.168.100.100 \u8001\u662f\u6076\u610f\u7684\u5c1d\u8bd5\u5165\u4fb5\u4f60\u7684\u7cfb\u7edf&#xff0c;\u6240\u4ee5\u4f60\u60f3\u8981\u5c06\u8be5 IP \u62d2\u7edd\u5f80\u6765&#xff0c;\u6700\u540e&#xff0c;\u6240\u6709\u7684\u975e WWW \u7684\u5c01\u5305\u90fd\u7ed9\u4ed6\u4e22\u5f03&#xff0c;\u5c31\u8fd9\u4e09\u4e2a\u89c4\u5219\u6765\u8bf4&#xff0c;\u4f60\u8981\u5982\u4f55\u8bbe\u5b9a\u9632\u706b\u5899\u68c0\u9a8c\u987a\u5e8f\u5462&#xff1f;<\/span><\/span><\/p>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">Rule 1 \u5148\u62b5\u6321 192.168.100.100 &#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">Rule 2 \u518d\u8ba9\u8981\u6c42 WWW \u670d\u52a1\u7684\u5c01\u5305\u901a\u8fc7&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">Rule 3 \u5c06\u6240\u6709\u7684\u5c01\u5305\u4e22\u5f03\u3002<\/span><\/span><\/li>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u8fd9\u6837\u7684\u6392\u5217\u987a\u5e8f\u5c31\u80fd\u7b26\u5408\u4f60\u7684\u9700\u6c42&#xff0c;\u4e0d\u8fc7&#xff0c;\u4e07\u4e00\u4f60\u7684\u987a\u5e8f\u6392\u9519\u4e86&#xff0c;\u53d8\u6210&#xff1a;<\/span><\/span><\/p>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">Rule 1 \u5148\u8ba9\u8981\u6c42 WWW \u670d\u52a1\u7684\u5c01\u5305\u901a\u8fc7&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">Rule 2 \u518d\u62b5\u6321 192.168.100.100 &#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">Rule 3 \u5c06\u6240\u6709\u7684\u5c01\u5305\u4e22\u5f03\u3002<\/span><\/span><\/li>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6b64\u65f6&#xff0c;\u90a3\u4e2a 192.168.100.100 \u300e\u53ef\u4ee5\u4f7f\u7528\u4f60\u7684 WWW \u670d\u52a1\u300f\u5594&#xff01;\u53ea\u8981\u4ed6\u5bf9\u4f60\u7684\u4e3b\u673a\u9001\u51fa WWW \u8981\u6c42\u5c01\u5305&#xff0c;\u5c31\u53ef\u4ee5\u4f7f\u7528\u4f60\u7684 WWW \u529f\u80fd\u4e86&#xff0c;\u56e0\u4e3a\u4f60\u7684\u89c4\u5219\u987a\u5e8f\u5b9a\u4e49\u7b2c\u4e00\u6761\u5c31\u4f1a\u8ba9\u4ed6\u901a\u8fc7&#xff0c;\u800c\u4e0d\u53bb\u8003\u8651\u7b2c\u4e8c\u6761\u89c4\u5219&#xff01;\u8fd9\u6837\u53ef\u4ee5\u7406\u89e3\u89c4\u5219\u987a\u5e8f\u7684\u610f\u4e49\u4e86\u5417&#xff01; \u73b0\u5728\u518d\u6765\u60f3\u4e00\u60f3&#xff0c;\u5982\u679c Rule 1 \u53d8\u6210\u4e86\u300e\u5c06\u6240\u6709\u7684\u5c01\u5305\u4e22\u5f03\u300f&#xff0c;Rule 2 \u624d\u8bbe\u5b9a\u300eWWW \u670d\u52a1\u5c01\u5305\u901a\u8fc7\u300f&#xff0c;\u8bf7\u95ee&#xff0c;\u6211\u7684 client \u53ef\u4ee5\u4f7f\u7528\u6211\u7684 WWW \u670d\u52a1\u5417&#xff1f;\u5475\u5475&#xff01;\u7b54\u6848\u662f\u300e\u5426&#xff5e;\u300f\u60f3\u901a\u4e86\u5417&#xff1f; ^_^<\/span><\/span><\/p>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043653-680328659844b.jpg\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.3.3 iptables \u7684\u8868\u683c (table) \u4e0e\u94fe (chain)<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e8b\u5b9e\u4e0a&#xff0c;\u90a3\u4e2a\u56fe 9.3-1\u00a0\u6240\u5217\u51fa\u7684\u89c4\u5219\u4ec5\u662f iptables \u4f17\u591a\u8868\u683c\u5f53\u4e2d\u7684\u4e00\u4e2a\u94fe (chain) \u800c\u5df2\u3002 \u4ec0\u4e48\u662f\u94fe\u5462&#xff1f;\u8fd9\u5f97\u7531 iptables \u7684\u540d\u79f0\u8bf4\u8d77\u3002\u4e3a\u4ec0\u4e48\u79f0\u4e3a ip&#034;tables&#034; \u5462&#xff1f; \u56e0\u4e3a<span style=\"color:#000088\">\u8fd9\u4e2a\u9632\u706b\u5899\u8f6f\u4ef6\u91cc\u9762\u6709\u591a\u4e2a\u8868\u683c (table) &#xff0c;\u6bcf\u4e2a\u8868\u683c\u90fd\u5b9a\u4e49\u51fa\u81ea\u5df1\u7684\u9ed8\u8ba4\u653f\u7b56\u4e0e\u89c4\u5219&#xff0c; \u4e14\u6bcf\u4e2a\u8868\u683c\u7684\u7528\u9014\u90fd\u4e0d\u76f8\u540c<\/span>\u3002\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528\u5e95\u4e0b\u8fd9\u5f20\u56fe\u6765\u7a0d\u5fae\u4e86\u89e3\u4e00\u4e0b&#xff1a;<\/span><\/span><\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"iptables \u7684\u8868\u683c\u4e0e\u76f8\u5173\u94fe\u793a\u610f\u56fe\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043653-68032865efdff.jpg\" width=\"534\" \/><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u56fe 9.3-2\u3001iptables \u7684\u8868\u683c\u4e0e\u76f8\u5173\u94fe\u793a\u610f\u56fe<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u521a\u521a<span style=\"color:#000088\">\u56fe 9.3-1 \u7684\u89c4\u5219\u5185\u5bb9\u4ec5\u53ea\u662f\u56fe 9.3-2 \u5185\u7684\u67d0\u4e2a chain \u800c\u5df2<\/span>&#xff01; \u800c\u9884\u8bbe\u7684\u60c5\u51b5\u4e0b&#xff0c;\u54b1\u4eec Linux \u7684 iptables \u81f3\u5c11\u5c31\u6709\u4e09\u4e2a\u8868\u683c&#xff0c;\u5305\u62ec\u7ba1\u7406\u672c\u673a\u8fdb\u51fa\u7684 filter \u3001\u7ba1\u7406\u540e\u7aef\u4e3b\u673a (\u9632\u706b\u5899\u5185\u90e8\u7684\u5176\u4ed6\u8ba1\u7b97\u673a) \u7684 nat \u3001\u7ba1\u7406\u7279\u6b8a\u65d7\u6807\u4f7f\u7528\u7684 mangle (\u8f83\u5c11\u4f7f\u7528) \u3002\u66f4\u6709\u751a\u8005&#xff0c;\u6211\u4eec\u8fd8\u53ef\u4ee5\u81ea\u5b9a\u4e49\u989d\u5916\u7684\u94fe\u5462&#xff01; \u771f\u662f\u5f88\u795e\u5947\u5427&#xff01;\u6bcf\u4e2a\u8868\u683c\u4e0e\u5176\u4e2d\u94fe\u7684\u7528\u9014\u5206\u522b\u662f\u8fd9\u6837\u7684&#xff1a;<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">filter (\u8fc7\u6ee4\u5668)<\/span>&#xff1a;\u4e3b\u8981\u8ddf\u8fdb\u5165 Linux \u672c\u673a\u7684\u5c01\u5305\u6709\u5173&#xff0c;\u8fd9\u4e2a\u662f\u9884\u8bbe\u7684 table \u5594&#xff01;<\/span><\/span>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">INPUT<\/span>&#xff1a;\u4e3b\u8981\u4e0e\u60f3\u8981\u8fdb\u5165\u6211\u4eec Linux \u672c\u673a\u7684\u5c01\u5305\u6709\u5173&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">OUTPUT<\/span>&#xff1a;\u4e3b\u8981\u4e0e\u6211\u4eec Linux \u672c\u673a\u6240\u8981\u9001\u51fa\u7684\u5c01\u5305\u6709\u5173&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">FORWARD<\/span>&#xff1a;\u8fd9\u4e2a\u549a\u549a\u4e0e Linux \u672c\u673a\u6bd4\u8f83\u6ca1\u6709\u5173\u7cfb&#xff0c; \u4ed6\u53ef\u4ee5\u300e\u8f6c\u9012\u5c01\u5305\u300f\u5230\u540e\u7aef\u7684\u8ba1\u7b97\u673a\u4e2d&#xff0c;\u4e0e\u4e0b\u5217 nat table \u76f8\u5173\u6027\u8f83\u9ad8\u3002<\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">nat (\u5730\u5740\u8f6c\u6362)<\/span>&#xff1a;\u662f Network Address Translation \u7684\u7f29\u5199&#xff0c; \u8fd9\u4e2a\u8868\u683c\u4e3b\u8981\u5728\u8fdb\u884c\u6765\u6e90\u4e0e\u76ee\u7684\u4e4b IP \u6216 port \u7684\u8f6c\u6362&#xff0c;\u4e0e Linux \u672c\u673a\u8f83\u65e0\u5173&#xff0c;\u4e3b\u8981\u4e0e Linux \u4e3b\u673a\u540e\u7684\u5c40\u57df\u7f51\u7edc\u5185\u8ba1\u7b97\u673a\u8f83\u6709\u76f8\u5173\u3002<\/span><\/span>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">PREROUTING<\/span>&#xff1a;\u5728\u8fdb\u884c\u8def\u7531\u5224\u65ad\u4e4b\u524d\u6240\u8981\u8fdb\u884c\u7684\u89c4\u5219(DNAT\/REDIRECT)<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">POSTROUTING<\/span>&#xff1a;\u5728\u8fdb\u884c\u8def\u7531\u5224\u65ad\u4e4b\u540e\u6240\u8981\u8fdb\u884c\u7684\u89c4\u5219(SNAT\/MASQUERADE)<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">OUTPUT<\/span>&#xff1a;\u4e0e\u53d1\u9001\u51fa\u53bb\u7684\u5c01\u5305\u6709\u5173<\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">mangle (\u7834\u574f\u8005)<\/span>&#xff1a;\u8fd9\u4e2a\u8868\u683c\u4e3b\u8981\u662f\u4e0e\u7279\u6b8a\u7684\u5c01\u5305\u7684\u8def\u7531\u65d7\u6807\u6709\u5173&#xff0c; \u65e9\u671f\u4ec5\u6709 PREROUTING \u53ca OUTPUT \u94fe&#xff0c;\u4e0d\u8fc7\u4ece kernel 2.4.18 \u4e4b\u540e\u52a0\u5165\u4e86 INPUT \u53ca FORWARD \u94fe\u3002 \u7531\u4e8e\u8fd9\u4e2a\u8868\u683c\u4e0e\u7279\u6b8a\u65d7\u6807\u76f8\u5173\u6027\u8f83\u9ad8&#xff0c;\u6240\u4ee5\u50cf\u54b1\u4eec\u8fd9\u79cd\u5355\u7eaf\u7684\u73af\u5883\u5f53\u4e2d&#xff0c;\u8f83\u5c11\u4f7f\u7528 mangle \u8fd9\u4e2a\u8868\u683c\u3002<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6240\u4ee5\u8bf4&#xff0c;\u5982\u679c\u4f60\u7684 Linux \u662f\u4f5c\u4e3a www \u670d\u52a1&#xff0c;\u90a3\u4e48\u8981\u5f00\u653e\u5ba2\u6237\u7aef\u5bf9\u4f60\u7684 www \u8981\u6c42\u6709\u54cd\u5e94&#xff0c;\u5c31\u5f97\u8981\u5904\u7406 filter \u7684 INPUT \u94fe&#xff1b; \u800c\u5982\u679c\u4f60\u7684 Linux \u662f\u4f5c\u4e3a\u5c40\u57df\u7f51\u7edc\u7684\u8def\u7531\u5668&#xff0c;\u90a3\u4e48\u5c31\u5f97\u8981\u5206\u6790 nat \u7684\u5404\u4e2a\u94fe\u4ee5\u53ca filter \u7684 FORWARD \u94fe\u624d\u884c\u3002\u4e5f\u5c31\u662f\u8bf4&#xff0c; \u5176\u5b9e\u5404\u4e2a\u8868\u683c\u7684\u94fe\u7ed3\u4e4b\u95f4\u662f\u6709\u5173\u7cfb\u7684&#xff01;\u7b80\u5355\u7684\u5173\u7cfb\u53ef\u4ee5\u7531\u4e0b\u56fe\u8fd9\u4e48\u770b&#xff1a;<\/span><\/span><\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"iptables \u5185\u5efa\u5404\u8868\u683c\u4e0e\u94fe\u7684\u76f8\u5173\u6027\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043654-68032866542ae.jpg\" width=\"534\" \/><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u56fe 9.3-3\u3001iptables \u5185\u5efa\u5404\u8868\u683c\u4e0e\u94fe\u7684\u76f8\u5173\u6027<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e0a\u9762\u7684\u56fe\u793a\u5f88\u590d\u6742\u5594&#xff01;\u4e0d\u8fc7\u57fa\u672c\u4e0a\u4f60\u4f9d\u65e7\u53ef\u4ee5\u770b\u51fa\u6765&#xff0c;\u6211\u4eec\u7684 iptables \u53ef\u4ee5\u63a7\u5236\u4e09\u79cd\u5c01\u5305\u7684\u6d41\u5411&#xff1a;<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\u5c01\u5305\u8fdb\u5165 Linux \u4e3b\u673a\u4f7f\u7528\u8d44\u6e90 (\u8def\u5f84 A)<\/span>&#xff1a; \u5728\u8def\u7531\u5224\u65ad\u540e\u786e\u5b9a\u662f\u5411 Linux \u4e3b\u673a\u8981\u6c42\u6570\u636e\u7684\u5c01\u5305&#xff0c;\u4e3b\u8981\u5c31\u4f1a\u900f\u8fc7 filter \u7684 INPUT \u94fe\u6765\u8fdb\u884c\u63a7\u7ba1&#xff1b;<\/span><\/span> \u00a0<\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\u5c01\u5305\u7ecf\u7531 Linux \u4e3b\u673a\u7684\u8f6c\u9012&#xff0c;\u6ca1\u6709\u4f7f\u7528\u4e3b\u673a\u8d44\u6e90&#xff0c;\u800c\u662f\u5411\u540e\u7aef\u4e3b\u673a\u6d41\u52a8 (\u8def\u5f84 B)<\/span>&#xff1a; \u5728\u8def\u7531\u5224\u65ad\u4e4b\u524d\u8fdb\u884c\u5c01\u5305\u8868\u5934\u7684\u4fee\u8ba2\u4f5c\u4e1a\u540e&#xff0c;\u53d1\u73b0\u5230\u5c01\u5305\u4e3b\u8981\u662f\u8981\u900f\u8fc7\u9632\u706b\u5899\u800c\u53bb\u540e\u7aef&#xff0c;\u6b64\u65f6\u5c01\u5305\u5c31\u4f1a\u900f\u8fc7\u8def\u5f84 B \u6765\u8dd1\u52a8\u3002 \u4e5f\u5c31\u662f\u8bf4&#xff0c;\u8be5\u5c01\u5305\u7684\u76ee\u6807\u5e76\u975e\u6211\u4eec\u7684 Linux \u672c\u673a\u3002\u4e3b\u8981\u7ecf\u8fc7\u7684\u94fe\u662f filter \u7684 FORWARD \u4ee5\u53ca nat \u7684 POSTROUTING, PREROUTING\u3002 \u8fd9\u8def\u5f84 B \u7684\u5c01\u5305\u6d41\u5411\u4f7f\u7528\u60c5\u51b5&#xff0c;\u6211\u4eec\u4f1a\u5728\u672c\u7ae0\u7684 9.5 \u5c0f\u8282\u6765\u8ddf\u5927\u5bb6\u4f5c\u4e2a\u7b80\u5355\u7684\u4ecb\u7ecd\u3002<\/span><\/span> \u00a0<\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\u5c01\u5305\u7531 Linux \u672c\u673a\u53d1\u9001\u51fa\u53bb (\u8def\u5f84 C)<\/span>&#xff1a; \u4f8b\u5982\u54cd\u5e94\u5ba2\u6237\u7aef\u7684\u8981\u6c42&#xff0c;\u6216\u8005\u662f Linux \u672c\u673a\u4e3b\u52a8\u9001\u51fa\u7684\u5c01\u5305&#xff0c;\u90fd\u662f\u900f\u8fc7\u8def\u5f84 C \u6765\u8dd1\u7684\u3002\u5148\u662f\u900f\u8fc7\u8def\u7531\u5224\u65ad&#xff0c; \u51b3\u5b9a\u4e86\u8f93\u51fa\u7684\u8def\u5f84\u540e&#xff0c;\u518d\u900f\u8fc7 filter \u7684 OUTPUT \u94fe\u6765\u4f20\u9001\u7684&#xff01;\u5f53\u7136&#xff0c;\u6700\u7ec8\u8fd8\u662f\u4f1a\u7ecf\u8fc7 nat \u7684 POSTROUTING \u94fe\u3002<\/span><\/span><\/li>\n<\/ul>\n<table>\n<tbody>\n<tr>\n<td><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">Tips:<span style=\"color:#009000\">\u6709\u6ca1\u6709\u53d1\u73b0\u6709\u4e24\u4e2a\u300e\u8def\u7531\u5224\u65ad\u300f\u5462&#xff1f;\u56e0\u4e3a\u7f51\u7edc\u662f\u53cc\u5411\u7684&#xff0c;\u6240\u4ee5\u8fdb\u4e0e\u51fa\u8981\u5206\u5f00\u6765\u770b&#xff01;\u56e0\u6b64&#xff0c;\u8fdb\u5165\u7684\u5c01\u5305\u9700\u8981\u8def\u7531\u5224\u65ad&#xff0c; \u9001\u51fa\u7684\u5c01\u5305\u5f53\u7136\u4e5f\u8981\u8fdb\u884c\u8def\u7531\u5224\u65ad\u624d\u80fd\u591f\u53d1\u9001\u51fa\u53bb\u554a&#xff01;\u4e86\u89e3\u4e4e&#xff1f;<\/span><\/span><\/span><\/td>\n<td>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u9e1f\u54e5\u7684\u56fe\u793a\" height=\"299\" src=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043654-68032866ac618.jpg\" width=\"534\" \/><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7531\u4e8e mangle \u8fd9\u4e2a\u8868\u683c\u5f88\u5c11\u88ab\u4f7f\u7528&#xff0c;\u5982\u679c\u5c06\u56fe 9.3-3 \u7684 mangle \u62ff\u6389\u7684\u8bdd&#xff0c;\u90a3\u5c31\u5bb9\u6613\u770b\u7684\u591a\u4e86&#xff1a;<\/span><\/span><\/p>\n<p>  <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"iptables \u5185\u5efa\u5404\u8868\u683c\u4e0e\u94fe\u7684\u76f8\u5173\u6027(\u7b80\u56fe)\" height=\"299\" src=\"2025-04-19er1q3rqatkk.png\" width=\"534\" \/><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u56fe 9.3-4\u3001iptables \u5185\u5efa\u5404\u8868\u683c\u4e0e\u94fe\u7684\u76f8\u5173\u6027(\u7b80\u56fe)<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u900f\u8fc7\u56fe 9.3-4 \u4f60\u5c31\u53ef\u4ee5\u66f4\u8f7b\u677e\u7684\u4e86\u89e3\u5230&#xff0c;\u4e8b\u5b9e\u4e0a\u4e0e\u672c\u673a\u6700\u6709\u5173\u7684\u5176\u5b9e\u662f filter \u8fd9\u4e2a\u8868\u683c\u5185\u7684 INPUT \u4e0e OUTPUT \u8fd9\u4e24\u6761\u94fe&#xff0c;\u5982\u679c\u4f60\u7684 iptables \u53ea\u662f\u7528\u6765\u4fdd\u62a4 Linux \u4e3b\u673a\u672c\u8eab\u7684\u8bdd&#xff0c;\u90a3 nat \u7684\u89c4\u5219\u6839\u672c\u5c31\u4e0d\u9700\u8981\u7406\u4ed6&#xff0c;\u76f4\u63a5\u8bbe\u5b9a\u4e3a\u5f00\u653e\u5373\u53ef\u3002<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e0d\u8fc7&#xff0c;\u5982\u679c\u4f60\u7684\u9632\u706b\u5899\u4e8b\u5b9e\u4e0a\u662f\u7528\u6765\u7ba1\u5236 LAN \u5185\u7684\u5176\u4ed6\u4e3b\u673a\u7684\u8bdd&#xff0c;\u90a3\u4e48\u4f60\u5c31\u5fc5\u987b\u8981\u518d\u9488\u5bf9 filter \u7684 FORWARD \u8fd9\u6761\u94fe&#xff0c;\u8fd8\u6709 nat \u7684 PREROUTING, POSTROUTING \u4ee5\u53ca OUTPUT \u8fdb\u884c\u989d\u5916\u7684\u89c4\u5219\u8ba2\u5b9a\u624d\u884c\u3002 nat \u8868\u683c\u7684\u4f7f\u7528\u9700\u8981\u5f88\u6e05\u6670\u7684\u8def\u7531\u6982\u5ff5\u624d\u80fd\u591f\u8bbe\u5b9a\u7684\u597d&#xff0c;\u5efa\u8bae\u65b0\u624b\u5148\u4e0d\u8981\u78b0&#xff01;\u6700\u591a\u5c31\u662f\u5148\u73a9\u4e00\u73a9\u6700\u9633\u6625\u7684 nat \u529f\u80fd\u300eIP \u5206\u4eab\u5668\u7684\u529f\u80fd\u300f\u5c31\u597d\u4e86&#xff01; ^_^&#xff01;\u8fd9\u90e8\u4efd\u6211\u4eec\u5728\u672c\u7ae0\u7684\u6700\u540e\u4e00\u5c0f\u8282\u4f1a\u4ecb\u7ecd\u7684\u5566&#xff01;<\/span><\/span><\/p>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19cgvwxt2hyhi.png\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.3.4 \u672c\u673a\u7684 iptables \u8bed\u6cd5<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7406\u8bba\u4e0a&#xff0c;\u5f53\u4f60\u5b89\u88c5\u597d Linux \u4e4b\u540e&#xff0c;\u7cfb\u7edf\u5e94\u8be5\u4f1a\u4e3b\u52a8\u7684\u5e2e\u4f60\u542f\u52a8\u4e00\u4e2a\u9633\u6625\u7684\u9632\u706b\u5899\u89c4\u5219\u624d\u662f&#xff0c; \u4e0d\u8fc7\u8fd9\u4e2a\u9633\u6625\u9632\u706b\u5899\u53ef\u80fd\u4e0d\u662f\u6211\u4eec\u60f3\u8981\u7684\u6a21\u5f0f&#xff0c;\u56e0\u6b64\u6211\u4eec\u9700\u8981\u989d\u5916\u8fdb\u884c\u4e00\u4e9b\u4fee\u8ba2\u7684\u884c\u4e3a\u3002\u4e0d\u8fc7&#xff0c;\u5728\u5f00\u59cb\u8fdb\u884c\u5e95\u4e0b\u7684\u7ec3\u4e60\u4e4b\u524d&#xff0c; \u9e1f\u54e5\u8fd9\u91cc\u6709\u4e2a\u5f88\u91cd\u8981\u7684\u4e8b\u60c5\u8981\u544a\u77e5\u4e00\u4e0b\u3002\u56e0\u4e3a iptables \u7684\u6307\u4ee4\u4f1a\u5c06\u7f51\u7edc\u5c01\u5305\u8fdb\u884c\u8fc7\u6ee4\u53ca\u62b5\u6321\u7684\u52a8\u4f5c&#xff0c;\u6240\u4ee5&#xff0c;\u00a0<span style=\"color:#000088\">\u8bf7\u4e0d\u8981\u5728\u8fdc\u7a0b\u4e3b\u673a\u4e0a\u8fdb\u884c\u9632\u706b\u5899\u7684\u7ec3\u4e60<\/span>&#xff0c;\u56e0\u4e3a\u4f60\u5f88\u6709\u53ef\u80fd\u4e00\u4e0d\u5c0f\u5fc3\u5c06\u81ea\u5df1\u5173\u5728\u5bb6\u95e8\u5916&#xff01; \u5c3d\u91cf\u5728\u672c\u673a\u524d\u9762\u767b\u5165 tty1-tty6 \u7ec8\u7aef\u673a\u8fdb\u884c\u7ec3\u4e60&#xff0c;\u5426\u5219\u5e38\u5e38\u4f1a\u53d1\u751f\u60b2\u5267\u554a&#xff01;\u9e1f\u54e5\u4ee5\u524d\u521a\u521a\u5728\u73a9 iptables \u65f6&#xff0c;\u5c31\u5e38\u5e38\u56e0\u4e3a\u4e0d\u5c0f\u5fc3\u89c4\u5219\u8bbe\u5b9a\u9519\u8bef&#xff0c;\u5bfc\u81f4\u5e38\u5e38\u8981\u8bf7\u8fdc\u7a0b\u7684\u670b\u53cb\u5e2e\u5fd9\u91cd\u65b0\u542f\u52a8&#8230;<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u521a\u521a\u63d0\u5230\u54b1\u4eec\u7684 iptables \u81f3\u5c11\u6709\u4e09\u4e2a\u9884\u8bbe\u7684 table (filter, nat, mangle)&#xff0c;\u8f83\u5e38\u7528\u7684\u662f\u672c\u673a\u7684 filter \u8868\u683c&#xff0c; \u8fd9\u4e5f\u662f\u9ed8\u8ba4\u8868\u683c\u5566\u3002\u53e6\u4e00\u4e2a\u5219\u662f\u540e\u7aef\u4e3b\u673a\u7684 nat \u8868\u683c&#xff0c;\u81f3\u4e8e mangle \u8f83\u5c11\u4f7f\u7528&#xff0c;\u6240\u4ee5\u8fd9\u4e2a\u7ae0\u8282\u6211\u4eec\u5e76\u4e0d\u4f1a\u8ba8\u8bba mangle\u3002 \u7531\u4e8e\u4e0d\u540c\u7684 table \u4ed6\u4eec\u7684\u94fe\u4e0d\u4e00\u6837&#xff0c;\u5bfc\u81f4\u4f7f\u7528\u7684\u6307\u4ee4\u8bed\u6cd5\u6216\u591a\u6216\u5c11\u90fd\u6709\u70b9\u5dee\u5f02\u3002 \u5728\u8fd9\u4e2a\u5c0f\u8282\u5f53\u4e2d&#xff0c;\u6211\u4eec\u4e3b\u8981\u5c06\u9488\u5bf9 filter \u8fd9\u4e2a\u9ed8\u8ba4\u8868\u683c\u7684\u4e09\u6761\u94fe\u6765\u505a\u4ecb\u7ecd\u3002\u5e95\u4e0b\u5c31\u6765\u73a9\u4e00\u73a9\u5427&#xff01;<\/span><\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">Tips:<span style=\"color:#009000\">\u9632\u706b\u5899\u7684\u8bbe\u5b9a\u4e3b\u8981\u4f7f\u7528\u7684\u5c31\u662f iptables \u8fd9\u4e2a\u6307\u4ee4\u800c\u5df2\u3002\u800c\u9632\u706b\u5899\u662f\u7cfb\u7edf\u7ba1\u7406\u5458\u7684\u4e3b\u8981\u4efb\u52a1\u4e4b\u4e00&#xff0c; \u4e14\u5bf9\u4e8e\u7cfb\u7edf\u7684\u5f71\u54cd\u76f8\u5f53\u7684\u5927&#xff0c;\u56e0\u6b64\u300e\u53ea\u80fd\u8ba9 root \u4f7f\u7528 iptables \u300f&#xff0c;\u4e0d\u8bba\u662f\u8bbe\u5b9a\u8fd8\u662f\u89c2\u5bdf\u9632\u706b\u5899\u89c4\u5219\u5594&#xff01;<\/span><\/span><\/span><\/td>\n<td>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u9e1f\u54e5\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19r5gaj2nmspp.png\" width=\"534\" \/><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19jng40ynfbcn.png\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.3.4-1 \u89c4\u5219\u7684\u89c2\u5bdf\u4e0e\u6e05\u9664<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5982\u679c\u4f60\u5728\u5b89\u88c5\u7684\u65f6\u5019\u9009\u62e9\u6ca1\u6709\u9632\u706b\u5899\u7684\u8bdd&#xff0c;\u90a3\u4e48 iptables \u5728\u4e00\u5f00\u59cb\u7684\u65f6\u5019\u5e94\u8be5\u662f\u6ca1\u6709\u89c4\u5219\u7684&#xff0c;\u4e0d\u8fc7&#xff0c; \u53ef\u80fd\u56e0\u4e3a\u4f60\u5728\u5b89\u88c5\u7684\u65f6\u5019\u5c31\u6709\u9009\u62e9\u7cfb\u7edf\u81ea\u52a8\u5e2e\u4f60\u5efa\u7acb\u9632\u706b\u5899\u673a\u5236&#xff0c;\u90a3\u7cfb\u7edf\u5c31\u4f1a\u6709\u9ed8\u8ba4\u7684\u9632\u706b\u5899\u89c4\u5219\u4e86&#xff01; \u65e0\u8bba\u5982\u4f55&#xff0c;\u6211\u4eec\u5148\u6765\u770b\u770b\u76ee\u524d\u672c\u673a\u7684\u9632\u706b\u5899\u89c4\u5219\u662f\u5982\u4f55\u5427&#xff01;<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables [-t tables] [-L] [-nv]<\/span><br \/>\n<span style=\"color:#ff6666\">\u9009\u9879\u4e0e\u53c2\u6570&#xff1a;<br \/>\n-t &#xff1a;\u540e\u9762\u63a5 table &#xff0c;\u4f8b\u5982 nat \u6216 filter &#xff0c;\u82e5\u7701\u7565\u6b64\u9879\u76ee&#xff0c;\u5219\u4f7f\u7528\u9ed8\u8ba4\u7684 filter<br \/>\n-L &#xff1a;\u5217\u51fa\u76ee\u524d\u7684 table \u7684\u89c4\u5219<br \/>\n-n &#xff1a;\u4e0d\u8fdb\u884c IP \u4e0e HOSTNAME \u7684\u53cd\u67e5&#xff0c;\u663e\u793a\u8baf\u606f\u7684\u901f\u5ea6\u4f1a\u5feb\u5f88\u591a&#xff01;<br \/>\n-v &#xff1a;\u5217\u51fa\u66f4\u591a\u7684\u4fe1\u606f&#xff0c;\u5305\u62ec\u901a\u8fc7\u8be5\u89c4\u5219\u7684\u5c01\u5305\u603b\u4f4d\u6570\u3001\u76f8\u5173\u7684\u7f51\u7edc\u63a5\u53e3\u7b49<\/span><\/p>\n<p><span style=\"color:#bbbbbb\">\u8303\u4f8b&#xff1a;\u5217\u51fa filter table \u4e09\u6761\u94fe\u7684\u89c4\u5219<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -L -n<\/span><br \/>\nChain INPUT (policy ACCEPT)   <span style=\"color:#777777\">&lt;&#061;&#061;\u9488\u5bf9 INPUT \u94fe&#xff0c;\u4e14\u9884\u8bbe\u653f\u7b56\u4e3a\u53ef\u63a5\u53d7<\/span><br \/>\ntarget  prot opt source     destination <span style=\"color:#777777\">&lt;&#061;&#061;\u8bf4\u660e\u680f<\/span><br \/>\nACCEPT  all  &#8212;  0.0.0.0\/0  0.0.0.0\/0   state RELATED,ESTABLISHED <span style=\"color:#777777\">&lt;&#061;&#061;\u7b2c 1 \u6761\u89c4\u5219<\/span><br \/>\nACCEPT  icmp &#8212;  0.0.0.0\/0  0.0.0.0\/0                             <span style=\"color:#777777\">&lt;&#061;&#061;\u7b2c 2 \u6761\u89c4\u5219<\/span><br \/>\nACCEPT  all  &#8212;  0.0.0.0\/0  0.0.0.0\/0                             <span style=\"color:#777777\">&lt;&#061;&#061;\u7b2c 3 \u6761\u89c4\u5219<\/span><br \/>\nACCEPT  tcp  &#8212;  0.0.0.0\/0  0.0.0.0\/0   state NEW tcp dpt:22      <span style=\"color:#777777\">&lt;&#061;&#061;\u4ee5\u4e0b\u7c7b\u63a8<\/span><br \/>\nREJECT  all  &#8212;  0.0.0.0\/0  0.0.0.0\/0   reject-with icmp-host-prohibited<\/p>\n<p>Chain FORWARD (policy ACCEPT)  <span style=\"color:#777777\">&lt;&#061;&#061;\u9488\u5bf9 FORWARD \u94fe&#xff0c;\u4e14\u9884\u8bbe\u653f\u7b56\u4e3a\u53ef\u63a5\u53d7<\/span><br \/>\ntarget  prot opt source     destination<br \/>\nREJECT  all  &#8212;  0.0.0.0\/0  0.0.0.0\/0   reject-with icmp-host-prohibited<\/p>\n<p>Chain OUTPUT (policy ACCEPT)  <span style=\"color:#777777\">&lt;&#061;&#061;\u9488\u5bf9 OUTPUT \u94fe&#xff0c;\u4e14\u9884\u8bbe\u653f\u7b56\u4e3a\u53ef\u63a5\u53d7<\/span><br \/>\ntarget  prot opt source     destination<\/p>\n<p><span style=\"color:#bbbbbb\">\u8303\u4f8b&#xff1a;\u5217\u51fa nat table \u4e09\u6761\u94fe\u7684\u89c4\u5219<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -t nat -L -n<\/span><br \/>\nChain PREROUTING (policy ACCEPT)<br \/>\ntarget     prot opt source               destination<\/p>\n<p>Chain POSTROUTING (policy ACCEPT)<br \/>\ntarget     prot opt source               destination<\/p>\n<p>Chain OUTPUT (policy ACCEPT)<br \/>\ntarget     prot opt source               destination<br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5728\u4e0a\u8868\u4e2d&#xff0c;\u6bcf\u4e00\u4e2a Chain \u5c31\u662f\u524d\u9762\u63d0\u5230\u7684\u6bcf\u4e2a\u94fe\u5570&#xff5e; Chain \u90a3\u4e00\u884c\u91cc\u9762\u62ec\u53f7\u7684 policy \u5c31\u662f\u9884\u8bbe\u7684\u653f\u7b56&#xff0c; \u90a3\u5e95\u4e0b\u7684 target, prot \u4ee3\u8868\u4ec0\u4e48\u5462&#xff1f;<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">target&#xff1a;\u4ee3\u8868\u8fdb\u884c\u7684\u52a8\u4f5c&#xff0c; ACCEPT \u662f\u653e\u884c&#xff0c;\u800c REJECT \u5219\u662f\u62d2\u7edd&#xff0c;\u6b64\u5916&#xff0c;\u5c1a\u6709 DROP (\u4e22\u5f03) \u7684\u9879\u76ee&#xff01;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">prot&#xff1a;\u4ee3\u8868\u4f7f\u7528\u7684\u5c01\u5305\u534f\u8bae&#xff0c;\u4e3b\u8981\u6709 tcp, udp \u53ca icmp \u4e09\u79cd\u5c01\u5305\u683c\u5f0f&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">opt&#xff1a;\u989d\u5916\u7684\u9009\u9879\u8bf4\u660e<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">source &#xff1a;\u4ee3\u8868\u6b64\u89c4\u5219\u662f\u9488\u5bf9\u54ea\u4e2a\u300e\u6765\u6e90 IP\u300f\u8fdb\u884c\u9650\u5236&#xff1f;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">destination &#xff1a;\u4ee3\u8868\u6b64\u89c4\u5219\u662f\u9488\u5bf9\u54ea\u4e2a\u300e\u76ee\u6807 IP\u300f\u8fdb\u884c\u9650\u5236&#xff1f;<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5728\u8f93\u51fa\u7ed3\u679c\u4e2d&#xff0c;\u7b2c\u4e00\u4e2a\u8303\u4f8b\u56e0\u4e3a\u6ca1\u6709\u52a0\u4e0a -t \u7684\u9009\u9879&#xff0c;\u6240\u4ee5\u9ed8\u8ba4\u5c31\u662f filter \u8fd9\u4e2a\u8868\u683c\u5185\u7684 INPUT, OUTPUT, FORWARD \u4e09\u6761\u94fe\u7684\u89c4\u5219\u5570\u3002\u82e5\u9488\u5bf9\u5355\u673a\u6765\u8bf4&#xff0c;INPUT \u4e0e FORWARD \u7b97\u662f\u6bd4\u8f83\u91cd\u8981\u7684\u7ba1\u5236\u9632\u706b\u5899\u94fe&#xff0c; \u6240\u4ee5\u4f60\u53ef\u4ee5\u53d1\u73b0\u6700\u540e\u4e00\u6761\u89c4\u5219\u7684\u653f\u7b56\u662f REJECT (\u62d2\u7edd) \u5594&#xff01;\u867d\u7136 INPUT \u4e0e FORWARD \u7684\u653f\u7b56\u662f\u653e\u884c (ACCEPT)&#xff0c; \u4e0d\u8fc7\u5728\u6700\u540e\u4e00\u6761\u89c4\u5219\u5c31\u5df2\u7ecf\u5c06\u5168\u90e8\u7684\u5c01\u5305\u90fd\u62d2\u7edd\u4e86&#xff01;<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e0d\u8fc7\u8fd9\u4e2a\u6307\u4ee4\u7684\u89c2\u5bdf\u53ea\u662f\u4f5c\u4e2a\u683c\u5f0f\u5316\u7684\u67e5\u9605&#xff0c;\u8981\u8be6\u7ec6\u89e3\u91ca\u6bcf\u4e2a\u89c4\u5219\u4f1a\u6bd4\u8f83\u4e0d\u5bb9\u6613\u89e3\u6790\u3002\u4e3e\u4f8b\u6765\u8bf4&#xff0c; \u6211\u4eec\u5c06 INPUT \u7684 5 \u6761\u89c4\u5219\u4f9d\u636e\u8f93\u51fa\u7ed3\u679c\u6765\u8bf4\u660e\u4e00\u4e0b&#xff0c;\u7ed3\u679c\u4f1a\u53d8\u6210&#xff1a;<\/span><\/span><\/p>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u53ea\u8981\u662f\u5c01\u5305\u72b6\u6001\u4e3a RELATED,ESTABLISHED \u5c31\u4e88\u4ee5\u63a5\u53d7<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u53ea\u8981\u5c01\u5305\u534f\u8bae\u662f icmp \u7c7b\u578b\u7684&#xff0c;\u5c31\u4e88\u4ee5\u653e\u884c<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u65e0\u8bba\u4efb\u4f55\u6765\u6e90 (0.0.0.0\/0) \u4e14\u8981\u53bb\u4efb\u4f55\u76ee\u6807\u7684\u5c01\u5305&#xff0c;\u4e0d\u8bba\u4efb\u4f55\u5c01\u5305\u683c\u5f0f (prot \u4e3a all)&#xff0c;\u901a\u901a\u90fd\u63a5\u53d7<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u53ea\u8981\u662f\u4f20\u7ed9 port 22 \u7684\u4e3b\u52a8\u5f0f\u8054\u673a tcp \u5c01\u5305\u5c31\u63a5\u53d7<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5168\u90e8\u7684\u5c01\u5305\u4fe1\u606f\u901a\u901a\u62d2\u7edd<\/span><\/span><\/li>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6700\u6709\u8da3\u7684\u5e94\u8be5\u662f\u7b2c 3 \u6761\u89c4\u5219\u4e86&#xff0c;\u600e\u4e48\u4f1a\u6240\u6709\u7684\u5c01\u5305\u4fe1\u606f\u90fd\u4e88\u4ee5\u63a5\u53d7&#xff1f;\u5982\u679c\u90fd\u63a5\u53d7\u7684\u8bdd&#xff0c;\u90a3\u4e48\u540e\u7eed\u7684\u89c4\u5219\u6839\u672c\u5c31\u4e0d\u4f1a\u6709\u7528\u561b&#xff01; \u5176\u5b9e\u90a3\u6761\u89c4\u5219\u662f\u4ec5\u9488\u5bf9\u6bcf\u90e8\u4e3b\u673a\u90fd\u6709\u7684\u5185\u90e8\u5faa\u73af\u6d4b\u8bd5\u7f51\u7edc (lo) \u63a5\u53e3\u5566&#xff01;\u5982\u679c\u6ca1\u6709\u5217\u51fa\u63a5\u53e3&#xff0c;\u90a3\u4e48\u6211\u4eec\u5c31\u5f88\u5bb9\u6613\u641e\u9519\u5570&#xff5e; \u6240\u4ee5&#xff0c;\u8fd1\u6765\u9e1f\u54e5\u90fd\u5efa\u8bae\u4f7f\u7528 iptables-save \u8fd9\u4e2a\u6307\u4ee4\u6765\u89c2\u5bdf\u9632\u706b\u5899\u89c4\u5219\u5566&#xff01;\u56e0\u4e3a iptables-save \u4f1a\u5217\u51fa\u5b8c\u6574\u7684\u9632\u706b\u5899\u89c4\u5219&#xff0c;\u53ea\u662f\u5e76\u6ca1\u6709\u89c4\u683c\u5316\u8f93\u51fa\u800c\u5df2\u3002<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables-save [-t table]<\/span><br \/>\n<span style=\"color:#ff6666\">\u9009\u9879\u4e0e\u53c2\u6570&#xff1a;<br \/>\n-t &#xff1a;\u53ef\u4ee5\u4ec5\u9488\u5bf9\u67d0\u4e9b\u8868\u683c\u6765\u8f93\u51fa&#xff0c;\u4f8b\u5982\u4ec5\u9488\u5bf9 nat \u6216 filter \u7b49\u7b49<\/span><\/p>\n<p>[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables-save<\/span><br \/>\n# Generated by iptables-save v1.4.7 on Fri Jul 22 15:51:52 2011<br \/>\n*filter                      <span style=\"color:#777777\">&lt;&#061;&#061;\u661f\u53f7\u5f00\u5934\u7684\u6307\u7684\u662f\u8868\u683c&#xff0c;\u8fd9\u91cc\u4e3a filter<\/span><br \/>\n:INPUT ACCEPT [0:0]          <span style=\"color:#777777\">&lt;&#061;&#061;\u5192\u53f7\u5f00\u5934\u7684\u6307\u7684\u662f\u94fe&#xff0c;\u4e09\u6761\u5185\u5efa\u7684\u94fe<\/span><br \/>\n:FORWARD ACCEPT [0:0]        <span style=\"color:#777777\">&lt;&#061;&#061;\u4e09\u6761\u5185\u5efa\u94fe\u7684\u653f\u7b56\u90fd\u662f ACCEPT \u5570&#xff01;<\/span><br \/>\n:OUTPUT ACCEPT [680:100461]<br \/>\n-A INPUT -m state &#8211;state RELATED,ESTABLISHED -j ACCEPT <span style=\"color:#777777\">&lt;&#061;&#061;\u9488\u5bf9 INPUT \u7684\u89c4\u5219<\/span><br \/>\n-A INPUT -p icmp -j ACCEPT<br \/>\n-A INPUT -i lo -j ACCEPT  <span style=\"color:#777777\">&lt;&#061;&#061;\u8fd9\u6761\u5f88\u91cd\u8981&#xff01;\u9488\u5bf9\u672c\u673a\u5185\u90e8\u63a5\u53e3\u5f00\u653e&#xff01;<\/span><br \/>\n-A INPUT -p tcp -m state &#8211;state NEW -m tcp &#8211;dport 22 -j ACCEPT<br \/>\n-A INPUT -j REJECT &#8211;reject-with icmp-host-prohibited<br \/>\n-A FORWARD -j REJECT &#8211;reject-with icmp-host-prohibited <span style=\"color:#777777\">&lt;&#061;&#061;\u9488\u5bf9 FORWARD \u7684\u89c4\u5219<\/span><br \/>\nCOMMIT<br \/>\n# Completed on Fri Jul 22 15:51:52 2011<br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7531\u4e0a\u9762\u7684\u8f93\u51fa\u6765\u770b&#xff0c;\u6709\u5e95\u7ebf\u4e14\u5185\u5bb9\u542b\u6709 lo \u7684\u90a3\u6761\u89c4\u5219\u5f53\u4e2d&#xff0c;\u300e -i lo \u300f\u6307\u7684\u5c31\u662f\u7531 lo \u9002\u914d\u5361\u8fdb\u6765\u7684\u5c01\u5305&#xff01; \u8fd9\u6837\u770b\u5c31\u6e05\u695a\u591a\u4e86&#xff01;\u56e0\u4e3a\u6709\u5199\u5230\u63a5\u53e3\u7684\u5173\u7cfb\u554a&#xff01;\u4e0d\u50cf\u4e4b\u524d\u7684 iptables -L -n \u561b&#xff01;\u8fd9\u6837\u4e86\u89e3\u4e4e&#xff01; \u4e0d\u8fc7&#xff0c;\u65e2\u7136\u8fd9\u4e2a\u89c4\u5219\u4e0d\u662f\u6211\u4eec\u60f3\u8981\u7684&#xff0c;\u90a3\u8be5\u5982\u4f55\u4fee\u6539\u89c4\u5219\u5462&#xff1f;\u9e1f\u54e5\u5efa\u8bae&#xff0c;\u5148\u5220\u9664\u89c4\u5219\u518d\u6162\u6162\u5efa\u7acb\u5404\u4e2a\u9700\u8981\u7684\u89c4\u5219&#xff01; \u90a3\u5982\u4f55\u6e05\u9664\u89c4\u5219&#xff1f;\u8fd9\u6837\u505a\u5c31\u5bf9\u4e86&#xff1a;<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables [-t tables] [-FXZ]<\/span><br \/>\n<span style=\"color:#ff6666\">\u9009\u9879\u4e0e\u53c2\u6570&#xff1a;<br \/>\n-F &#xff1a;\u6e05\u9664\u6240\u6709\u7684\u5df2\u8ba2\u5b9a\u7684\u89c4\u5219&#xff1b;<br \/>\n-X &#xff1a;\u6740\u6389\u6240\u6709\u4f7f\u7528\u8005 &#034;\u81ea\u5b9a\u4e49&#034; \u7684 chain (\u5e94\u8be5\u8bf4\u7684\u662f tables &#xff09;\u5570&#xff1b;<br \/>\n-Z &#xff1a;\u5c06\u6240\u6709\u7684 chain \u7684\u8ba1\u6570\u4e0e\u6d41\u91cf\u7edf\u8ba1\u90fd\u5f52\u96f6<\/span><\/p>\n<p><span style=\"color:#bbbbbb\">\u8303\u4f8b&#xff1a;\u6e05\u9664\u672c\u673a\u9632\u706b\u5899 (filter) \u7684\u6240\u6709\u89c4\u5219<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -F<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -X<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -Z<\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7531\u4e8e\u8fd9\u4e09\u4e2a\u6307\u4ee4\u4f1a\u5c06\u672c\u673a\u9632\u706b\u5899\u7684\u6240\u6709\u89c4\u5219\u90fd\u6e05\u9664&#xff0c;\u4f46\u5374\u4e0d\u4f1a\u6539\u53d8\u9884\u8bbe\u653f\u7b56 (policy) &#xff0c; \u6240\u4ee5\u5982\u679c\u4f60\u4e0d\u662f\u5728\u672c\u673a\u4e0b\u8fbe\u8fd9\u4e09\u884c\u6307\u4ee4\u65f6&#xff0c;\u5f88\u53ef\u80fd\u4f60\u4f1a\u88ab\u81ea\u5df1\u6321\u5728\u5bb6\u95e8\u5916 (\u82e5 INPUT \u8bbe\u5b9a\u4e3a DROP \u65f6)&#xff01;\u8981\u5c0f\u5fc3\u554a&#xff01;<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e00\u822c\u6765\u8bf4&#xff0c;\u6211\u4eec\u5728\u91cd\u65b0\u5b9a\u4e49\u9632\u706b\u5899\u7684\u65f6\u5019&#xff0c;\u90fd\u4f1a\u5148\u5c06\u89c4\u5219\u7ed9\u4ed6\u6e05\u9664\u6389\u3002\u8fd8\u8bb0\u5f97\u6211\u4eec\u524d\u9762\u8c08\u5230\u7684&#xff0c;\u00a0<span style=\"color:#000088\">\u9632\u706b\u5899\u7684\u300e\u89c4\u5219\u987a\u5e8f\u300f\u662f\u6709\u7279\u6b8a\u610f\u4e49\u7684<\/span>&#xff0c;\u6240\u4ee5\u5570&#xff0c; \u5f53\u7136\u5148\u6e05\u9664\u6389\u89c4\u5219&#xff0c;\u7136\u540e\u4e00\u6761\u4e00\u6761\u6765\u8bbe\u5b9a\u4f1a\u6bd4\u8f83\u5bb9\u6613\u4e00\u70b9\u5566\u3002\u5e95\u4e0b\u5c31\u6765\u8c08\u8c08\u5b9a\u4e49\u9884\u8bbe\u653f\u7b56\u5427&#xff01;<\/span><\/span><\/p>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19chk3opemjzk.png\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.3.4-2 \u5b9a\u4e49\u9884\u8bbe\u653f\u7b56 (policy)<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6e05\u9664\u89c4\u5219\u4e4b\u540e&#xff0c;\u518d\u63a5\u4e0b\u6765\u5c31\u662f\u8981\u8bbe\u5b9a\u89c4\u5219\u7684\u653f\u7b56\u5566&#xff01;\u8fd8\u8bb0\u5f97\u653f\u7b56\u6307\u7684\u662f\u4ec0\u4e48\u5417&#xff1f;\u300e\u00a0<span style=\"color:#000088\">\u5f53\u4f60\u7684\u5c01\u5305\u4e0d\u5728\u4f60\u8bbe\u5b9a\u7684\u89c4\u5219\u4e4b\u5185\u65f6&#xff0c;\u5219\u8be5\u5c01\u5305\u7684\u901a\u8fc7\u4e0e\u5426&#xff0c;\u662f\u4ee5 Policy \u7684\u8bbe\u5b9a\u4e3a\u51c6<\/span>\u300f&#xff0c;\u5728\u672c\u673a\u65b9\u9762\u7684\u9884\u8bbe\u653f\u7b56\u4e2d&#xff0c;\u5047\u8bbe\u4f60\u5bf9\u4e8e\u5185\u90e8\u7684\u4f7f\u7528\u8005\u6709\u4fe1\u5fc3\u7684\u8bdd&#xff0c; \u90a3\u4e48 filter \u5185\u7684 INPUT \u94fe\u65b9\u9762\u53ef\u4ee5\u5b9a\u4e49\u7684\u6bd4\u8f83\u4e25\u683c\u4e00\u70b9&#xff0c;\u800c FORWARD \u4e0e OUTPUT \u5219\u53ef\u4ee5\u8ba2\u5b9a\u7684\u677e\u4e00\u4e9b&#xff01;\u901a\u5e38\u9e1f\u54e5\u90fd\u662f\u5c06 INPUT \u7684 policy \u5b9a\u4e49\u4e3a DROP \u5566&#xff0c;\u5176\u4ed6\u4e24\u4e2a\u5219\u5b9a\u4e49\u4e3a ACCEPT\u3002 \u81f3\u4e8e nat table \u5219\u6682\u65f6\u5148\u4e0d\u7406\u4f1a\u4ed6\u3002<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables [-t nat] -P [INPUT,OUTPUT,FORWARD] [ACCEPT,DROP]<\/span><br \/>\n<span style=\"color:#ff6666\">\u9009\u9879\u4e0e\u53c2\u6570&#xff1a;<br \/>\n-P &#xff1a;\u5b9a\u4e49\u653f\u7b56( Policy )\u3002\u6ce8\u610f&#xff0c;\u8fd9\u4e2a P \u4e3a\u5927\u5199\u554a&#xff01;<br \/>\nACCEPT &#xff1a;\u8be5\u5c01\u5305\u53ef\u63a5\u53d7<br \/>\nDROP   &#xff1a;\u8be5\u5c01\u5305\u76f4\u63a5\u4e22\u5f03&#xff0c;\u4e0d\u4f1a\u8ba9 client \u7aef\u77e5\u9053\u4e3a\u4f55\u88ab\u4e22\u5f03\u3002<\/span><\/p>\n<p><span style=\"color:#bbbbbb\">\u8303\u4f8b&#xff1a;\u5c06\u672c\u673a\u7684 INPUT \u8bbe\u5b9a\u4e3a DROP &#xff0c;\u5176\u4ed6\u8bbe\u5b9a\u4e3a ACCEPT<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -P INPUT   DROP<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -P OUTPUT  ACCEPT<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -P FORWARD ACCEPT<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables-save<\/span><br \/>\n# Generated by iptables-save v1.4.7 on Fri Jul 22 15:56:34 2011<br \/>\n*filter<br \/>\n:INPUT <span style=\"color:#FFFF00\">DROP<\/span> [0:0]<br \/>\n:FORWARD ACCEPT [0:0]<br \/>\n:OUTPUT ACCEPT [0:0]<br \/>\nCOMMIT<br \/>\n# Completed on Fri Jul 22 15:56:34 2011<br \/>\n<span style=\"color:#ff6666\"># \u7531\u4e8e INPUT \u8bbe\u5b9a\u4e3a DROP \u800c\u53c8\u5c1a\u672a\u6709\u4efb\u4f55\u89c4\u5219&#xff0c;\u6240\u4ee5\u4e0a\u9762\u7684\u8f93\u51fa\u7ed3\u679c\u663e\u793a&#xff1a;<br \/>\n# \u6240\u6709\u7684\u5c01\u5305\u90fd\u65e0\u6cd5\u8fdb\u5165\u4f60\u7684\u4e3b\u673a&#xff01;\u662f\u4e0d\u901a\u7684\u9632\u706b\u5899\u8bbe\u5b9a&#xff01;(\u7f51\u7edc\u8054\u673a\u662f\u53cc\u5411\u7684)<\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u770b\u5230\u8f93\u51fa\u7684\u7ed3\u679c\u4e86\u5427&#xff1f;INPUT \u88ab\u4fee\u6539\u4e86\u8bbe\u5b9a\u5594&#xff01;\u5176\u4ed6\u7684 nat table \u4e09\u6761\u94fe\u7684\u9884\u8bbe\u653f\u7b56\u8bbe\u5b9a\u4e5f\u662f\u4e00\u6837\u7684\u65b9\u5f0f&#xff0c;\u4f8b\u5982&#xff1a;\u300e\u00a0<span style=\"color:#000088\">iptables -t nat -P PREROUTING ACCEPT<\/span>\u00a0\u300f\u5c31\u8bbe\u5b9a\u4e86 nat table \u7684 PREROUTING \u94fe\u4e3a\u53ef\u63a5\u53d7\u7684\u610f\u601d&#xff01;\u9884\u8bbe\u653f\u7b56\u8bbe\u5b9a\u5b8c\u6bd5\u540e&#xff0c;\u6765\u8c08\u4e00\u8c08\u5173\u4e8e\u5404\u89c4\u5219\u7684\u5c01\u5305\u57fa\u7840\u6bd4\u5bf9\u8bbe\u5b9a\u5427\u3002<\/span><\/span><\/p>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19ncuuctcqszt.png\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.3.4-3 \u5c01\u5305\u7684\u57fa\u7840\u6bd4\u5bf9&#xff1a;IP, \u7f51\u57df\u53ca\u63a5\u53e3\u88c5\u7f6e<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5f00\u59cb\u6765\u8fdb\u884c\u9632\u706b\u5899\u89c4\u5219\u7684\u5c01\u5305\u6bd4\u5bf9\u8bbe\u5b9a\u5427&#xff01;\u65e2\u7136\u662f\u56e0\u7279\u7f51&#xff0c;\u90a3\u4e48\u6211\u4eec\u5c31\u7531\u6700\u57fa\u7840\u7684 IP, \u7f51\u57df\u53ca\u57e0\u53e3&#xff0c;\u4ea6\u5373\u662f OSI \u7684\u7b2c\u4e09\u5c42\u8c08\u8d77&#xff0c;\u518d\u6765\u8c08\u8c08\u88c5\u7f6e (\u7f51\u7edc\u5361) \u7684\u9650\u5236\u7b49\u7b49\u3002\u8fd9\u4e00\u5c0f\u8282\u4e0e\u4e0b\u4e00\u5c0f\u8282\u7684\u8bed\u6cd5\u4f60\u4e00\u5b9a\u8981\u8bb0\u4f4f&#xff0c;\u56e0\u4e3a\u8fd9\u662f\u6700\u57fa\u7840\u7684\u6bd4\u5bf9\u8bed\u6cd5\u5594&#xff01;<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables [-AI \u94fe\u540d] [-io \u7f51\u7edc\u63a5\u53e3] [-p \u534f\u8bae] \\\\<\/span><br \/>\n&gt; <span style=\"color:#FFFF00\">[-s \u6765\u6e90IP\/\u7f51\u57df] [-d \u76ee\u6807IP\/\u7f51\u57df] -j [ACCEPT|DROP|REJECT|LOG]<\/span><br \/>\n<span style=\"color:#ff6666\">\u9009\u9879\u4e0e\u53c2\u6570&#xff1a;<br \/>\n-AI \u94fe\u540d&#xff1a;\u9488\u5bf9\u67d0\u7684\u94fe\u8fdb\u884c\u89c4\u5219\u7684 &#034;\u63d2\u5165&#034; \u6216 &#034;\u7d2f\u52a0&#034;<br \/>\n    -A &#xff1a;\u65b0\u589e\u52a0\u4e00\u6761\u89c4\u5219&#xff0c;\u8be5\u89c4\u5219\u589e\u52a0\u5728\u539f\u672c\u89c4\u5219\u7684\u6700\u540e\u9762\u3002\u4f8b\u5982\u539f\u672c\u5df2\u7ecf\u6709\u56db\u6761\u89c4\u5219&#xff0c;<br \/>\n         \u4f7f\u7528 -A \u5c31\u53ef\u4ee5\u52a0\u4e0a\u7b2c\u4e94\u6761\u89c4\u5219&#xff01;<br \/>\n    -I &#xff1a;\u63d2\u5165\u4e00\u6761\u89c4\u5219\u3002\u5982\u679c\u6ca1\u6709\u6307\u5b9a\u6b64\u89c4\u5219\u7684\u987a\u5e8f&#xff0c;\u9ed8\u8ba4\u662f\u63d2\u5165\u53d8\u6210\u7b2c\u4e00\u6761\u89c4\u5219\u3002<br \/>\n         \u4f8b\u5982\u539f\u672c\u6709\u56db\u6761\u89c4\u5219&#xff0c;\u4f7f\u7528 -I \u5219\u8be5\u89c4\u5219\u53d8\u6210\u7b2c\u4e00\u6761&#xff0c;\u800c\u539f\u672c\u56db\u6761\u53d8\u6210 2~5 \u53f7<br \/>\n    \u94fe &#xff1a;\u6709 INPUT, OUTPUT, FORWARD \u7b49&#xff0c;\u6b64\u94fe\u540d\u79f0\u53c8\u4e0e -io \u6709\u5173&#xff0c;\u8bf7\u770b\u5e95\u4e0b\u3002<\/p>\n<p>-io \u7f51\u7edc\u63a5\u53e3&#xff1a;\u8bbe\u5b9a\u5c01\u5305\u8fdb\u51fa\u7684\u63a5\u53e3\u89c4\u8303<br \/>\n    -i &#xff1a;\u5c01\u5305\u6240\u8fdb\u5165\u7684\u90a3\u4e2a\u7f51\u7edc\u63a5\u53e3&#xff0c;\u4f8b\u5982 eth0, lo \u7b49\u63a5\u53e3\u3002\u9700\u4e0e INPUT \u94fe\u914d\u5408&#xff1b;<br \/>\n    -o &#xff1a;\u5c01\u5305\u6240\u4f20\u51fa\u7684\u90a3\u4e2a\u7f51\u7edc\u63a5\u53e3&#xff0c;\u9700\u4e0e OUTPUT \u94fe\u914d\u5408&#xff1b;<\/p>\n<p>-p \u534f\u5b9a&#xff1a;\u8bbe\u5b9a\u6b64\u89c4\u5219\u9002\u7528\u4e8e\u54ea\u79cd\u5c01\u5305\u683c\u5f0f<br \/>\n   \u4e3b\u8981\u7684\u5c01\u5305\u683c\u5f0f\u6709&#xff1a; tcp, udp, icmp \u53ca all \u3002<\/p>\n<p>-s \u6765\u6e90 IP\/\u7f51\u57df&#xff1a;\u8bbe\u5b9a\u6b64\u89c4\u5219\u4e4b\u5c01\u5305\u7684\u6765\u6e90\u9879\u76ee&#xff0c;\u53ef\u6307\u5b9a\u5355\u7eaf\u7684 IP \u6216\u5305\u62ec\u7f51\u57df&#xff0c;\u4f8b\u5982&#xff1a;<br \/>\n   IP  &#xff1a;192.168.0.100<br \/>\n   \u7f51\u57df&#xff1a;192.168.0.0\/24, 192.168.0.0\/255.255.255.0 \u5747\u53ef\u3002<br \/>\n   \u82e5\u89c4\u8303\u4e3a\u300e\u4e0d\u8bb8\u300f\u65f6&#xff0c;\u5219\u52a0\u4e0a ! \u5373\u53ef&#xff0c;\u4f8b\u5982&#xff1a;<br \/>\n   -s ! 192.168.100.0\/24 \u8868\u793a\u4e0d\u8bb8 192.168.100.0\/24 \u4e4b\u5c01\u5305\u6765\u6e90&#xff1b;<\/p>\n<p>-d \u76ee\u6807 IP\/\u7f51\u57df&#xff1a;\u540c -s &#xff0c;\u53ea\u4e0d\u8fc7\u8fd9\u91cc\u6307\u7684\u662f\u76ee\u6807\u7684 IP \u6216\u7f51\u57df\u3002<\/p>\n<p>-j &#xff1a;\u540e\u9762\u63a5\u52a8\u4f5c&#xff0c;\u4e3b\u8981\u7684\u52a8\u4f5c\u6709\u63a5\u53d7(ACCEPT)\u3001\u4e22\u5f03(DROP)\u3001\u62d2\u7edd(REJECT)\u53ca\u8bb0\u5f55(LOG)<\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">iptables \u7684\u57fa\u672c\u53c2\u6570\u5c31\u5982\u540c\u4e0a\u9762\u6240\u793a\u7684&#xff0c;\u4ec5\u53ea\u8c08\u5230 IP \u3001\u7f51\u57df\u4e0e\u88c5\u7f6e\u7b49\u7b49\u7684\u4fe1\u606f&#xff0c; \u81f3\u4e8e TCP, UDP \u5c01\u5305\u7279\u6709\u7684\u57e0\u53e3 (port number) \u4e0e\u72b6\u6001 (\u5982 SYN \u65d7\u6807) \u5219\u5728\u4e0b\u5c0f\u8282\u624d\u4f1a\u8c08\u5230\u3002 \u597d&#xff0c;\u5148\u8ba9\u6211\u4eec\u6765\u770b\u770b\u6700\u57fa\u7840\u7684\u51e0\u4e2a\u89c4\u5219&#xff0c;\u4f8b\u5982\u5f00\u653e lo \u8fd9\u4e2a\u672c\u673a\u7684\u63a5\u53e3\u4ee5\u53ca\u67d0\u4e2a IP \u6765\u6e90\u5427&#xff01;<\/span><\/span><\/p>\n<p>  <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\"><span style=\"color:#bbbbbb\">\u8303\u4f8b&#xff1a;\u8bbe\u5b9a lo \u6210\u4e3a\u53d7\u4fe1\u4efb\u7684\u88c5\u7f6e&#xff0c;\u4ea6\u5373\u8fdb\u51fa lo \u7684\u5c01\u5305\u90fd\u4e88\u4ee5\u63a5\u53d7<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -A INPUT -i lo -j ACCEPT<\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4ed4\u7ec6\u770b\u4e0a\u9762\u5e76\u6ca1\u6709\u5217\u51fa -s, -d \u7b49\u7b49\u7684\u89c4\u5219&#xff0c;\u8fd9\u8868\u793a&#xff1a;<span style=\"color:#000088\">\u4e0d\u8bba\u5c01\u5305\u6765\u81ea\u4f55\u5904\u6216\u53bb\u5230\u54ea\u91cc&#xff0c;\u53ea\u8981\u662f\u6765\u81ea lo \u8fd9\u4e2a\u754c\u9762&#xff0c;\u5c31\u4e88\u4ee5\u63a5\u53d7<\/span>&#xff01;\u8fd9\u4e2a\u89c2\u5ff5\u633a\u91cd\u8981\u7684&#xff0c;\u5c31\u662f\u300e\u6ca1\u6709\u6307\u5b9a\u7684\u9879\u76ee&#xff0c;\u5219\u8868\u793a\u8be5\u9879\u76ee\u5b8c\u5168\u63a5\u53d7\u300f\u7684\u610f\u601d&#xff01; \u4f8b\u5982\u8fd9\u4e2a\u6848\u4f8b\u5f53\u4e2d&#xff0c;\u5173\u4e8e -s, -d&#8230;\u7b49\u7b49\u7684\u53c2\u6570\u6ca1\u6709\u89c4\u5b9a\u65f6&#xff0c;\u5c31\u4ee3\u8868\u4e0d\u8bba\u4ec0\u4e48\u503c\u90fd\u4f1a\u88ab\u63a5\u53d7\u5570\u3002<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u8fd9\u5c31\u662f\u6240\u8c13\u7684\u4fe1\u4efb\u88c5\u7f6e\u5566&#xff01;\u5047\u5982\u4f60\u7684\u4e3b\u673a\u6709\u4e24\u5f20\u4ee5\u592a\u7f51\u7edc\u5361&#xff0c;\u5176\u4e2d\u4e00\u5f20\u662f\u5bf9\u5185\u90e8\u7684\u7f51\u57df&#xff0c;\u5047\u8bbe\u8be5\u7f51\u5361\u7684\u4ee3\u53f7\u4e3a eth1 \u597d\u4e86&#xff0c; \u5982\u679c\u5185\u90e8\u7f51\u57df\u662f\u53ef\u4fe1\u4efb\u7684&#xff0c;\u90a3\u4e48\u8be5\u7f51\u5361\u7684\u8fdb\u51fa\u5c01\u5305\u5c31\u901a\u901a\u4f1a\u88ab\u63a5\u53d7&#xff0c;\u90a3\u4f60\u5c31\u80fd\u591f\u7528&#xff1a;\u300eiptables -A INPUT -i eth1 -j ACCEPT\u300f \u6765\u5c06\u8be5\u88c5\u7f6e\u8bbe\u5b9a\u4e3a\u4fe1\u4efb\u88c5\u7f6e\u3002\u4e0d\u8fc7&#xff0c;\u4e0b\u8fbe\u8fd9\u4e2a\u6307\u4ee4\u524d\u8981\u7279\u522b\u6ce8\u610f&#xff0c;\u56e0\u4e3a\u8fd9\u6837\u7b49\u4e8e\u8be5\u7f51\u5361\u6ca1\u6709\u4efb\u4f55\u9632\u5907\u4e86\u5594&#xff01;<\/span><\/span><\/p>\n<p>  <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\"><span style=\"color:#bbbbbb\">\u8303\u4f8b&#xff1a;\u53ea\u8981\u662f\u6765\u81ea\u5185\u7f51\u7684 (192.168.100.0\/24) \u7684\u5c01\u5305\u901a\u901a\u63a5\u53d7<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -A INPUT -i eth1 -s 192.168.100.0\/24 -j ACCEPT<\/span><br \/>\n<span style=\"color:#ff6666\"># \u7531\u4e8e\u662f\u5185\u7f51\u5c31\u63a5\u53d7&#xff0c;\u56e0\u6b64\u4e5f\u53ef\u4ee5\u79f0\u4e4b\u4e3a\u300e\u4fe1\u4efb\u7f51\u57df\u300f\u5570\u3002<\/span><\/p>\n<p><span style=\"color:#bbbbbb\">\u8303\u4f8b&#xff1a;\u53ea\u8981\u662f\u6765\u81ea 192.168.100.10 \u5c31\u63a5\u53d7&#xff0c;\u4f46 192.168.100.230 \u8fd9\u4e2a\u6076\u610f\u6765\u6e90\u5c31\u4e22\u5f03<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -A INPUT -i eth1 -s 192.168.100.10 -j ACCEPT<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -A INPUT -i eth1 -s 192.168.100.230 -j DROP<\/span><br \/>\n<span style=\"color:#ff6666\"># \u9488\u5bf9\u5355\u4e00 IP \u6765\u6e90&#xff0c;\u53ef\u89c6\u4e3a\u4fe1\u4efb\u4e3b\u673a\u6216\u8005\u662f\u4e0d\u4fe1\u4efb\u7684\u6076\u610f\u6765\u6e90\u5594&#xff01;<\/span><\/p>\n<p>[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables-save<\/span><br \/>\n# Generated by iptables-save v1.4.7 on Fri Jul 22 16:00:43 2011<br \/>\n*filter<br \/>\n:INPUT DROP [0:0]<br \/>\n:FORWARD ACCEPT [0:0]<br \/>\n:OUTPUT ACCEPT [17:1724]<br \/>\n-A INPUT -i lo -j ACCEPT<br \/>\n<span style=\"color:#FFFF00\">-A INPUT -s 192.168.100.0\/24 -i eth1 -j ACCEPT<\/span><br \/>\n-A INPUT -s 192.168.100.10\/32 -i eth1 -j ACCEPT<br \/>\n<span style=\"color:#FFFF00\">-A INPUT -s 192.168.100.230\/32 -i eth1 -j DROP<\/span><br \/>\nCOMMIT<br \/>\n# Completed on Fri Jul 22 16:00:43 2011<br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u8fd9\u5c31\u662f\u6700\u5355\u7eaf\u7b80\u5355\u7684\u9632\u706b\u5899\u89c4\u5219\u7684\u8bbe\u5b9a\u4e0e\u89c2\u5bdf\u65b9\u5f0f\u3002\u4e0d\u8fc7&#xff0c;\u5728\u4e0a\u9762\u7684\u6848\u4f8b\u4e2d&#xff0c;\u5176\u5b9e\u4f60\u4e5f\u53d1\u73b0\u5230\u6709\u4e24\u6761\u89c4\u5219\u53ef\u80fd\u6709\u95ee\u9898&#xff5e; \u90a3\u5c31\u662f\u4e0a\u9762\u7684\u7279\u6b8a\u5b57\u4f53\u5708\u8d77\u6765\u7684\u89c4\u5219\u987a\u5e8f\u3002\u660e\u660e\u5df2\u7ecf\u653e\u884c\u4e86 192.168.100.0\/24 \u4e86&#xff0c;\u6240\u4ee5\u90a3\u4e2a 192.168.100.230 \u7684\u89c4\u5219\u5c31\u4e0d\u53ef\u80fd\u4f1a\u88ab\u7528\u5230&#xff01;\u8fd9\u5c31\u662f\u6709\u95ee\u9898\u7684\u9632\u706b\u5899\u8bbe\u5b9a\u554a&#xff01;\u4e86\u89e3\u4e4e&#xff1f;\u90a3\u8be5\u600e\u529e&#xff1f;\u5c31\u91cd\u6253\u554a&#xff01;&#064;_&#064;&#xff01; \u90a3\u5982\u679c\u4f60\u60f3\u8981\u8bb0\u5f55\u67d0\u4e2a\u89c4\u5219\u7684\u7eaa\u5f55\u600e\u4e48\u529e&#xff1f;\u53ef\u4ee5\u8fd9\u6837\u505a&#xff1a;<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -A INPUT -s 192.168.2.200 -j LOG<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -L -n<\/span><br \/>\ntarget prot opt source         destination<br \/>\n<span style=\"color:#FFFF00\">LOG<\/span>    all  &#8212;  192.168.2.200  0.0.0.0\/0   LOG flags 0 level 4<br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u770b\u5230\u8f93\u51fa\u7ed3\u679c\u7684\u6700\u5de6\u8fb9&#xff0c;\u4f1a\u51fa\u73b0\u7684\u662f LOG \u5594&#xff01;\u53ea\u8981\u6709\u5c01\u5305\u6765\u81ea 192.168.2.200 \u8fd9\u4e2a IP \u65f6&#xff0c; \u90a3\u4e48\u8be5\u5c01\u5305\u7684\u76f8\u5173\u4fe1\u606f\u5c31\u4f1a\u88ab\u5199\u5165\u5230\u6838\u5fc3\u8baf\u606f&#xff0c;\u4ea6\u5373\u662f \/var\/log\/messages \u8fd9\u4e2a\u6863\u6848\u5f53\u4e2d\u3002\u00a0<span style=\"color:#000088\">\u7136\u540e\u8be5\u5c01\u5305\u4f1a\u7ee7\u7eed\u8fdb\u884c\u540e\u7eed\u7684\u89c4\u5219\u6bd4\u5bf9\u3002<\/span>\u6240\u4ee5\u8bf4&#xff0c; LOG \u8fd9\u4e2a\u52a8\u4f5c\u4ec5\u5728\u8fdb\u884c\u8bb0\u5f55\u800c\u5df2&#xff0c;\u5e76\u4e0d\u4f1a\u5f71\u54cd\u5230\u8fd9\u4e2a\u5c01\u5305\u7684\u5176\u4ed6\u89c4\u5219\u6bd4\u5bf9\u7684\u3002 \u597d\u4e86&#xff0c;\u63a5\u4e0b\u6765\u6211\u4eec\u5206\u522b\u6765\u770b\u770b TCP,UDP \u4ee5\u53ca ICMP \u5c01\u5305\u7684\u5176\u4ed6\u89c4\u5219\u6bd4\u5bf9\u5427&#xff01;<\/span><\/span><\/p>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19uktdeukgk2l.png\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.3.4-4 TCP, UDP \u7684\u89c4\u5219\u6bd4\u5bf9&#xff1a;\u9488\u5bf9\u57e0\u53e3\u8bbe\u5b9a<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6211\u4eec\u5728\u7b2c\u4e8c\u7ae0\u7f51\u7edc\u57fa\u7840\u8c08\u8fc7\u5404\u79cd\u4e0d\u540c\u7684\u5c01\u5305\u683c\u5f0f&#xff0c; \u5728\u8c08\u5230 TCP \u4e0e UDP \u65f6&#xff0c;\u6bd4\u8f83\u7279\u6b8a\u7684\u5c31\u662f\u90a3\u4e2a\u57e0\u53e3 (port)&#xff0c;\u5728 TCP \u65b9\u9762\u5219\u53e6\u5916\u6709\u6240\u8c13\u7684\u8054\u673a\u5c01\u5305\u72b6\u6001&#xff0c; \u5305\u62ec\u6700\u5e38\u89c1\u7684 SYN \u4e3b\u52a8\u8054\u673a\u7684\u5c01\u5305\u683c\u5f0f\u3002\u90a3\u4e48\u5982\u4f55\u9488\u5bf9\u8fd9\u4e24\u79cd\u5c01\u5305\u683c\u5f0f\u8fdb\u884c\u9632\u706b\u5899\u89c4\u5219\u7684\u8bbe\u5b9a\u5462&#xff1f;\u4f60\u53ef\u4ee5\u8fd9\u6837\u770b&#xff1a;<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables [-AI \u94fe] [-io \u7f51\u7edc\u63a5\u53e3] [-p tcp,udp] \\\\<\/span><br \/>\n&gt; <span style=\"color:#FFFF00\">[-s \u6765\u6e90IP\/\u7f51\u57df] [&#8211;sport \u57e0\u53e3\u8303\u56f4] \\\\<\/span><br \/>\n&gt; <span style=\"color:#FFFF00\">[-d \u76ee\u6807IP\/\u7f51\u57df] [&#8211;dport \u57e0\u53e3\u8303\u56f4] -j [ACCEPT|DROP|REJECT]<\/span><br \/>\n<span style=\"color:#ff6666\">\u9009\u9879\u4e0e\u53c2\u6570&#xff1a;<br \/>\n&#8211;sport \u57e0\u53e3\u8303\u56f4&#xff1a;\u9650\u5236\u6765\u6e90\u7684\u7aef\u53e3\u53f7\u7801&#xff0c;\u7aef\u53e3\u53f7\u7801\u53ef\u4ee5\u662f\u8fde\u7eed\u7684&#xff0c;\u4f8b\u5982 1024:65535<br \/>\n&#8211;dport \u57e0\u53e3\u8303\u56f4&#xff1a;\u9650\u5236\u76ee\u6807\u7684\u7aef\u53e3\u53f7\u7801\u3002<\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e8b\u5b9e\u4e0a\u5c31\u662f\u591a\u4e86\u90a3\u4e2a &#8211;sport \u53ca &#8211;dport \u8fd9\u4e24\u4e2a\u73a9\u610f\u513f&#xff0c;\u91cd\u70b9\u5728\u90a3\u4e2a port \u4e0a\u9762\u5566&#xff01; \u4e0d\u8fc7\u4f60\u5f97\u8981\u7279\u522b\u6ce8\u610f&#xff0c;<span style=\"color:#000088\">\u56e0\u4e3a\u4ec5\u6709 tcp \u4e0e udp \u5c01\u5305\u5177\u6709\u57e0\u53e3&#xff0c;\u56e0\u6b64\u4f60\u60f3\u8981\u4f7f\u7528 &#8211;dport, &#8211;sport \u65f6&#xff0c;\u5f97\u8981\u52a0\u4e0a -p tcp \u6216 -p udp \u7684\u53c2\u6570\u624d\u4f1a\u6210\u529f\u5594<\/span>&#xff01;\u5e95\u4e0b\u8ba9\u6211\u4eec\u6765\u8fdb\u884c\u51e0\u4e2a\u5c0f\u6d4b\u8bd5&#xff1a;<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\"><span style=\"color:#bbbbbb\">\u8303\u4f8b&#xff1a;\u60f3\u8981\u8054\u673a\u8fdb\u5165\u672c\u673a port 21 \u7684\u5c01\u5305\u90fd\u62b5\u6321\u6389&#xff1a;<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -A INPUT -i eth0 -p tcp &#8211;dport 21 -j DROP<\/span><\/p>\n<p><span style=\"color:#bbbbbb\">\u8303\u4f8b&#xff1a;\u60f3\u8fde\u5230\u6211\u8fd9\u90e8\u4e3b\u673a\u7684\u7f51\u82b3 (upd port 137,138 tcp port 139,445) \u5c31\u653e\u884c<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -A INPUT -i eth0 -p udp &#8211;dport 137:138 -j ACCEPT<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -A INPUT -i eth0 -p tcp &#8211;dport 139 -j ACCEPT<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -A INPUT -i eth0 -p tcp &#8211;dport 445 -j ACCEPT<\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u77a7&#xff01;\u4f60\u53ef\u4ee5\u5229\u7528 UDP \u4e0e TCP \u534f\u8bae\u6240\u62e5\u6709\u7684\u7aef\u53e3\u53f7\u7801\u6765\u8fdb\u884c\u67d0\u4e9b\u670d\u52a1\u7684\u5f00\u653e\u6216\u5173\u95ed\u5594&#xff01;\u4f60\u8fd8\u53ef\u4ee5\u7efc\u5408\u5904\u7406\u5462&#xff01;\u4f8b\u5982&#xff1a;\u53ea\u8981\u6765\u81ea 192.168.1.0\/24 \u7684 1024:65535 \u57e0\u53e3\u7684\u5c01\u5305&#xff0c;\u4e14\u60f3\u8981\u8054\u673a\u5230\u672c\u673a\u7684 ssh port \u5c31\u4e88\u4ee5\u62b5\u6321&#xff0c;\u53ef\u4ee5\u8fd9\u6837\u505a&#xff1a;<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -A INPUT -i eth0 -p tcp -s 192.168.1.0\/24 \\\\<\/span><br \/>\n&gt; <span style=\"color:#FFFF00\">&#8211;sport 1024:65534 &#8211;dport ssh -j DROP<\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5982\u679c\u5fd8\u8bb0\u52a0\u4e0a -p tcp \u5c31\u4f7f\u7528\u4e86 &#8211;dport \u65f6&#xff0c;\u4f1a\u53d1\u751f\u5565\u95ee\u9898\u5462&#xff1f;<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -A INPUT -i eth0 &#8211;dport 21 -j DROP<\/span><br \/>\niptables v1.4.7: unknown option &#096;&#8211;dport&#039;<br \/>\nTry &#096;iptables -h&#039; or &#039;iptables &#8211;help&#039; for more information.<br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4f60\u5e94\u8be5\u4f1a\u89c9\u5f97\u5f88\u5947\u602a&#xff0c;\u600e\u4e48\u300e &#8211;dport \u300f\u4f1a\u662f\u672a\u77e5\u7684\u53c2\u6570 (arg) \u5462&#xff1f;\u8fd9\u662f\u56e0\u4e3a\u4f60\u6ca1\u6709\u52a0\u4e0a -p tcp \u6216 -p udp \u7684\u7f18\u6545\u554a&#xff01;\u5f88\u91cd\u8981\u5594&#xff01;<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u9664\u4e86\u57e0\u53e3\u4e4b\u5916&#xff0c;\u5728 TCP \u8fd8\u6709\u7279\u6b8a\u7684\u65d7\u6807\u554a&#xff01;\u6700\u5e38\u89c1\u7684\u5c31\u662f\u90a3\u4e2a\u4e3b\u52a8\u8054\u673a\u7684 SYN \u65d7\u6807\u4e86\u3002 \u6211\u4eec\u5728 iptables \u91cc\u9762\u8fd8\u652f\u6301\u300e &#8211;syn \u300f\u7684\u5904\u7406\u65b9\u5f0f&#xff0c;\u6211\u4eec\u4ee5\u5e95\u4e0b\u7684\u4f8b\u5b50\u6765\u8bf4\u660e\u597d\u4e86&#xff1a;<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\"><span style=\"color:#bbbbbb\">\u8303\u4f8b&#xff1a;\u5c06\u6765\u81ea\u4efb\u4f55\u5730\u65b9\u6765\u6e90 port 1:1023 \u7684\u4e3b\u52a8\u8054\u673a\u5230\u672c\u673a\u7aef\u7684 1:1023 \u8054\u673a\u4e22\u5f03<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -A INPUT -i eth0 -p tcp &#8211;sport 1:1023 \\\\<\/span><br \/>\n&gt; <span style=\"color:#FFFF00\">&#8211;dport 1:1023 &#8211;syn -j DROP<\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e00\u822c\u6765\u8bf4&#xff0c;client \u7aef\u542f\u7528\u7684 port \u90fd\u662f\u5927\u4e8e 1024 \u4ee5\u4e0a\u7684\u57e0\u53e3&#xff0c;\u800c server \u7aef\u5219\u662f\u542f\u7528\u5c0f\u4e8e 1023 \u4ee5\u4e0b\u7684\u57e0\u53e3\u5728\u76d1\u542c\u7684\u3002\u6240\u4ee5\u6211\u4eec\u53ef\u4ee5\u8ba9\u6765\u81ea\u8fdc\u7a0b\u7684\u5c0f\u4e8e 1023 \u4ee5\u4e0b\u7684\u7aef\u53e3\u6570\u636e\u7684\u4e3b\u52a8\u8054\u673a\u90fd\u7ed9\u4ed6\u4e22\u5f03&#xff01; \u4f46\u4e0d\u9002\u7528\u5728 FTP \u7684\u4e3b\u52a8\u8054\u673a\u4e2d&#xff01;\u8fd9\u90e8\u4efd\u6211\u4eec\u672a\u6765\u5728\u4e8c\u5341\u4e00\u7ae0\u7684 FTP \u670d\u52a1\u5668\u518d\u6765\u8c08\u5427&#xff01;<\/span><\/span><\/p>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19hviwv00wsje.png\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.3.4-5 iptables \u5916\u6302\u6a21\u5757&#xff1a;mac \u4e0e state<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5728 kernel 2.2 \u4ee5\u524d\u4f7f\u7528 ipchains \u7ba1\u7406\u9632\u706b\u5899\u65f6&#xff0c;\u901a\u5e38\u4f1a\u8ba9\u7cfb\u7edf\u7ba1\u7406\u5458\u76f8\u5f53\u5934\u75db&#xff01;\u56e0\u4e3a ipchains \u6ca1\u6709\u6240\u8c13\u7684\u5c01\u5305\u72b6\u6001\u6a21\u5757&#xff0c;\u56e0\u6b64\u6211\u4eec\u5fc5\u987b\u8981\u9488\u5bf9\u5c01\u5305\u7684\u8fdb\u3001\u51fa\u65b9\u5411\u8fdb\u884c\u7ba1\u63a7\u3002\u4e3e\u4f8b\u6765\u8bf4&#xff0c;\u5982\u679c\u4f60\u60f3\u8981\u8054\u673a\u5230\u8fdc\u7a0b\u4e3b\u673a\u7684 port 22 \u65f6&#xff0c;\u4f60\u5fc5\u987b\u8981\u9488\u5bf9\u4e24\u6761\u89c4\u5219\u6765\u8bbe\u5b9a&#xff1a;<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u672c\u673a\u7aef\u7684 1024:65535 \u5230\u8fdc\u7a0b\u7684 port 22 \u5fc5\u987b\u8981\u653e\u884c (OUTPUT \u94fe)&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u8fdc\u7a0b\u4e3b\u673a port 22 \u5230\u672c\u673a\u7684 1024:65535 \u5fc5\u987b\u653e\u884c (INPUT \u94fe)&#xff1b;<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u8fd9\u4f1a\u5f88\u9ebb\u70e6&#xff01;\u56e0\u4e3a\u5982\u679c\u4f60\u8981\u8054\u673a\u5230 10 \u90e8\u4e3b\u673a\u7684 port 22 \u65f6&#xff0c;\u5047\u8bbe OUTPUT \u4e3a\u9884\u8bbe\u5f00\u542f (ACCEPT)&#xff0c; \u4f60\u4f9d\u65e7\u9700\u8981\u586b\u5199\u5341\u884c\u89c4\u5219&#xff0c;\u8ba9\u90a3\u5341\u90e8\u8fdc\u7a0b\u4e3b\u673a\u7684 port 22 \u53ef\u4ee5\u8054\u673a\u5230\u4f60\u7684\u672c\u5730\u7aef\u4e3b\u673a\u4e0a\u3002 \u90a3\u5982\u679c\u5f00\u542f\u5168\u90e8\u7684 port 22 \u5462&#xff1f;\u53c8\u62c5\u5fc3\u67d0\u4e9b\u6076\u610f\u4e3b\u673a\u4f1a\u4e3b\u52a8\u4ee5 port 22 \u8054\u673a\u5230\u4f60\u7684\u673a\u5668\u4e0a&#xff01; \u540c\u6837\u7684\u9053\u7406&#xff0c;\u5982\u679c\u4f60\u8981\u8ba9\u672c\u5730\u7aef\u4e3b\u673a\u53ef\u4ee5\u8fde\u5230\u5916\u90e8\u7684 port 80 (WWW \u670d\u52a1)&#xff0c;\u90a3\u5c31\u66f4\u4e0d\u5f97\u4e86&#xff5e; \u8fd9\u5c31\u662f\u7f51\u7edc\u8054\u673a\u662f\u53cc\u5411\u7684\u4e00\u4e2a\u5f88\u91cd\u8981\u7684\u6982\u5ff5&#xff01;<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u597d\u5728\u6211\u4eec\u7684 iptables \u514d\u9664\u4e86\u8fd9\u4e2a\u56f0\u6270&#xff01;\u4ed6\u53ef\u4ee5\u900f\u8fc7\u4e00\u4e2a\u72b6\u6001\u6a21\u5757\u6765\u5206\u6790 \u300e<span style=\"color:#000088\">\u8fd9\u4e2a\u60f3\u8981\u8fdb\u5165\u7684\u5c01\u5305\u662f\u5426\u4e3a\u521a\u521a\u6211\u53d1\u51fa\u53bb\u7684\u54cd\u5e94&#xff1f;<\/span>\u300f \u5982\u679c\u662f\u521a\u521a\u6211\u53d1\u51fa\u53bb\u7684\u54cd\u5e94&#xff0c;\u90a3\u4e48\u5c31\u53ef\u4ee5\u4e88\u4ee5\u63a5\u53d7\u653e\u884c&#xff01;\u54c7&#xff01;\u771f\u68d2&#xff01;\u8fd9\u6837\u5c31\u4e0d\u7528\u7ba1\u8fdc\u7a0b\u4e3b\u673a\u662f\u5426\u8054\u673a\u8fdb\u6765\u7684\u95ee\u9898\u4e86&#xff01; \u90a3\u5982\u4f55\u8fbe\u5230\u5462&#xff1f;\u770b\u770b\u5e95\u4e0b\u7684\u8bed\u6cd5&#xff1a;<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -A INPUT [-m state] [&#8211;state \u72b6\u6001]<\/span><br \/>\n<span style=\"color:#ff6666\">\u9009\u9879\u4e0e\u53c2\u6570&#xff1a;<br \/>\n-m &#xff1a;\u4e00\u4e9b iptables \u7684\u5916\u6302\u6a21\u5757&#xff0c;\u4e3b\u8981\u5e38\u89c1\u7684\u6709&#xff1a;<br \/>\n     state &#xff1a;\u72b6\u6001\u6a21\u5757<br \/>\n     mac   &#xff1a;\u7f51\u7edc\u5361\u786c\u4ef6\u5730\u5740 (hardware address)<br \/>\n&#8211;state &#xff1a;\u4e00\u4e9b\u5c01\u5305\u7684\u72b6\u6001&#xff0c;\u4e3b\u8981\u6709&#xff1a;<br \/>\n     INVALID    &#xff1a;\u65e0\u6548\u7684\u5c01\u5305&#xff0c;\u4f8b\u5982\u6570\u636e\u7834\u635f\u7684\u5c01\u5305\u72b6\u6001<br \/>\n     ESTABLISHED&#xff1a;\u5df2\u7ecf\u8054\u673a\u6210\u529f\u7684\u8054\u673a\u72b6\u6001&#xff1b;<br \/>\n     NEW        &#xff1a;\u60f3\u8981\u65b0\u5efa\u7acb\u8054\u673a\u7684\u5c01\u5305\u72b6\u6001&#xff1b;<br \/>\n     RELATED    &#xff1a;\u8fd9\u4e2a\u6700\u5e38\u7528&#xff01;\u8868\u793a\u8fd9\u4e2a\u5c01\u5305\u662f\u4e0e\u6211\u4eec\u4e3b\u673a\u53d1\u9001\u51fa\u53bb\u7684\u5c01\u5305\u6709\u5173<\/span><\/p>\n<p><span style=\"color:#bbbbbb\">\u8303\u4f8b&#xff1a;\u53ea\u8981\u5df2\u5efa\u7acb\u6216\u76f8\u5173\u5c01\u5305\u5c31\u4e88\u4ee5\u901a\u8fc7&#xff0c;\u53ea\u8981\u662f\u4e0d\u5408\u6cd5\u5c01\u5305\u5c31\u4e22\u5f03<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -A INPUT -m state \\\\<\/span><br \/>\n&gt; <span style=\"color:#FFFF00\">&#8211;state RELATED,ESTABLISHED -j ACCEPT<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -A INPUT -m state &#8211;state INVALID -j DROP<\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5982\u6b64\u4e00\u6765&#xff0c;\u6211\u4eec\u7684 iptables \u5c31\u4f1a\u4e3b\u52a8\u5206\u6790\u51fa\u8be5\u5c01\u5305\u662f\u5426\u4e3a\u54cd\u5e94\u72b6\u6001&#xff0c;\u82e5\u662f\u7684\u8bdd&#xff0c;\u5c31\u76f4\u63a5\u4e88\u4ee5\u63a5\u53d7\u3002\u5475\u5475&#xff01; \u8fd9\u6837\u4e00\u6765\u4f60\u5c31\u4e0d\u9700\u8981\u9488\u5bf9\u54cd\u5e94\u7684\u5c01\u5305\u6765\u64b0\u5199\u4e2a\u522b\u7684\u9632\u706b\u5899\u89c4\u5219\u4e86&#xff01;\u8fd9\u771f\u662f\u592a\u68d2\u4e86&#xff01;\u5e95\u4e0b\u6211\u4eec\u7ee7\u7eed\u8c08\u4e00\u4e0b iptables \u7684\u53e6\u4e00\u4e2a\u5916\u6302&#xff0c; \u90a3\u5c31\u662f\u9488\u5bf9\u7f51\u5361\u6765\u8fdb\u884c\u653e\u884c\u4e0e\u9632\u5fa1&#xff1a;<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\"><span style=\"color:#bbbbbb\">\u8303\u4f8b&#xff1a;\u9488\u5bf9\u5c40\u57df\u7f51\u7edc\u5185\u7684 aa:bb:cc:dd:ee:ff \u4e3b\u673a\u5f00\u653e\u5176\u8054\u673a<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -A INPUT -m mac &#8211;mac-source aa:bb:cc:dd:ee:ff \\\\<\/span><br \/>\n&gt; <span style=\"color:#FFFF00\">-j ACCEPT<\/span><br \/>\n<span style=\"color:#ff6666\">\u9009\u9879\u4e0e\u53c2\u6570&#xff1a;<br \/>\n&#8211;mac-source &#xff1a;\u5c31\u662f\u6765\u6e90\u4e3b\u673a\u7684 MAC \u5566&#xff01;<\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5982\u679c\u4f60\u7684\u533a\u7f51\u5f53\u4e2d\u6709\u67d0\u4e9b\u7f51\u7edc\u9ad8\u624b&#xff0c;\u8001\u662f\u53ef\u4ee5\u900f\u8fc7\u4fee\u6539 IP \u53bb\u5c1d\u8bd5\u900f\u8fc7\u8def\u7531\u5668\u5f80\u5916\u8dd1&#xff0c;\u90a3\u4f60\u8be5\u600e\u4e48\u529e&#xff1f; \u96be\u9053\u5c06\u6574\u4e2a\u533a\u7f51\u62d2\u7edd&#xff1f;\u5e76\u4e0d\u9700\u8981\u7684&#xff0c;\u4f60\u53ef\u4ee5\u900f\u8fc7\u4e4b\u524d\u8c08\u5230\u7684 ARP \u76f8\u5173\u6982\u5ff5&#xff0c;\u53bb\u6349\u5230\u90a3\u90e8\u4e3b\u673a\u7684 MAC &#xff0c;\u7136\u540e\u900f\u8fc7\u4e0a\u5934\u7684\u8fd9\u4e2a\u673a\u5236&#xff0c; \u5c06\u8be5\u4e3b\u673a\u6574\u4e2a DROP \u6389\u5373\u53ef\u3002\u4e0d\u7ba1\u4ed6\u6539\u4e86\u4ec0\u4e48 IP &#xff0c;\u9664\u975e\u4ed6\u77e5\u9053\u4f60\u662f\u7528\u7f51\u5361\u7684 MAC \u6765\u7ba1\u7406&#xff0c;\u5426\u5219\u4ed6\u5c31\u662f\u51fa\u4e0d\u53bb\u5566&#xff01;\u4e86\u89e3\u4e4e&#xff1f;<\/span><\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">Tips:<span style=\"color:#009000\">\u5176\u5b9e MAC \u4e5f\u662f\u53ef\u4ee5\u4f2a\u88c5\u7684&#xff0c;\u53ef\u4ee5\u900f\u8fc7\u67d0\u4e9b\u8f6f\u4ef6\u6765\u4fee\u6539\u7f51\u5361\u7684 MAC\u3002\u4e0d\u8fc7&#xff0c;\u8fd9\u91cc\u6211\u4eec\u662f\u5047\u8bbe MAC \u662f\u65e0\u6cd5\u4fee\u6539\u7684\u60c5\u51b5\u6765\u8bf4\u660e\u7684\u3002 \u6b64\u5916&#xff0c;MAC \u662f\u4e0d\u80fd\u8de8\u8def\u7531\u7684&#xff0c;\u56e0\u6b64\u4e0a\u8ff0\u7684\u6848\u4f8b\u4e2d\u624d\u7279\u522b\u8bf4\u660e\u662f\u5728\u533a\u7f51\u5185&#xff0c;\u800c\u4e0d\u662f\u6307 Internet \u5916\u90e8\u7684\u6765\u6e90\u5537&#xff01;<\/span><\/span><\/span><\/td>\n<td>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u9e1f\u54e5\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19tyhmibzjesu.png\" width=\"534\" \/><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19rhnmoiezwsc.png\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.3.4-6 ICMP \u5c01\u5305\u89c4\u5219\u7684\u6bd4\u5bf9&#xff1a;\u9488\u5bf9\u662f\u5426\u54cd\u5e94 ping \u6765\u8bbe\u8ba1<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5728\u7b2c\u4e8c\u7ae0 ICMP \u534f\u8bae\u5f53\u4e2d\u6211\u4eec\u77e5\u9053 ICMP \u7684\u7c7b\u578b\u76f8\u5f53\u7684\u591a&#xff0c;\u800c\u4e14\u5f88\u591a ICMP \u5c01\u5305\u7684\u7c7b\u578b\u90fd\u662f\u4e3a\u4e86\u8981\u7528\u6765\u8fdb\u884c\u7f51\u7edc\u68c0\u6d4b\u7528\u7684&#xff01;\u6240\u4ee5\u6700\u597d\u4e0d\u8981\u5c06\u6240\u6709\u7684 ICMP \u5c01\u5305\u90fd\u4e22\u5f03&#xff01;\u5982\u679c\u4e0d\u662f\u505a\u4e3a\u8def\u7531\u5668\u7684\u4e3b\u673a\u65f6&#xff0c;\u901a\u5e38\u6211\u4eec\u4f1a\u628a ICMP type 8 (echo request) \u62ff\u6389\u800c\u5df2&#xff0c;\u8ba9\u8fdc\u7a0b\u4e3b\u673a\u4e0d\u77e5\u9053\u6211\u4eec\u662f\u5426\u5b58\u5728&#xff0c;\u4e5f\u4e0d\u4f1a\u63a5\u53d7 ping \u7684\u54cd\u5e94\u5c31\u662f\u4e86\u3002ICMP \u5c01\u5305\u683c\u5f0f\u7684\u5904\u7406\u662f\u8fd9\u6837\u7684&#xff1a;<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -A INPUT [-p icmp] [&#8211;icmp-type \u7c7b\u578b] -j ACCEPT<\/span><br \/>\n<span style=\"color:#ff6666\">\u9009\u9879\u4e0e\u53c2\u6570&#xff1a;<br \/>\n&#8211;icmp-type &#xff1a;\u540e\u9762\u5fc5\u987b\u8981\u63a5 ICMP \u7684\u5c01\u5305\u7c7b\u578b&#xff0c;\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee3\u53f7&#xff0c;<br \/>\n              \u4f8b\u5982 8  \u4ee3\u8868 echo request \u7684\u610f\u601d\u3002<\/span><\/p>\n<p><span style=\"color:#bbbbbb\">\u8303\u4f8b&#xff1a;\u8ba9 0,3,4,11,12,14,16,18 \u7684 ICMP type \u53ef\u4ee5\u8fdb\u5165\u672c\u673a&#xff1a;<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">vi somefile<\/span><br \/>\n#!\/bin\/bash<br \/>\nicmp_type&#061;&#034;0 3 4 11 12 14 16 18&#034;<br \/>\nfor typeicmp in $icmp_type<br \/>\ndo<br \/>\n   iptables -A INPUT -i eth0 -p icmp &#8211;icmp-type $typeicmp -j ACCEPT<br \/>\ndone<\/p>\n<p>[root&#064;www ~]# <span style=\"color:#FFFF00\">sh  somefile<\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u8fd9\u6837\u5c31\u80fd\u591f\u5f00\u653e\u90e8\u5206\u7684 ICMP \u5c01\u5305\u683c\u5f0f\u8fdb\u5165\u672c\u673a\u8fdb\u884c\u7f51\u7edc\u68c0\u6d4b\u7684\u5de5\u4f5c\u4e86&#xff01;\u4e0d\u8fc7&#xff0c;\u5982\u679c\u4f60\u7684\u4e3b\u673a\u662f\u4f5c\u4e3a\u533a\u7f51\u7684\u8def\u7531\u5668&#xff0c; \u90a3\u4e48\u5efa\u8bae icmp \u5c01\u5305\u8fd8\u662f\u8981\u901a\u901a\u653e\u884c\u624d\u597d&#xff01;\u8fd9\u662f\u56e0\u4e3a\u5ba2\u6237\u7aef\u68c0\u6d4b\u7f51\u7edc\u65f6&#xff0c;\u5e38\u5e38\u4f1a\u4f7f\u7528 ping \u6765\u6d4b\u8bd5\u5230\u8def\u7531\u5668\u7684\u7ebf\u8def\u662f\u5426\u7545\u901a\u4e4b\u6545\u5466&#xff01; \u6240\u4ee5\u4e0d\u8981\u5c06\u8def\u7531\u5668\u7684 icmp \u5173\u6389&#xff0c;\u4f1a\u6709\u72b6\u51b5\u5566&#xff01;<\/span><\/span><\/p>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19fyoyqwehp2j.png\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.3.4-7 \u8d85\u9633\u6625\u5ba2\u6237\u7aef\u9632\u706b\u5899\u8bbe\u8ba1\u4e0e\u9632\u706b\u5899\u89c4\u5219\u50a8\u5b58<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7ecf\u8fc7\u4e0a\u8ff0\u7684\u672c\u673a iptables \u8bed\u6cd5\u5206\u6790\u540e&#xff0c;\u63a5\u4e0b\u6765\u6211\u4eec\u6765\u60f3\u60f3&#xff0c;\u5982\u679c\u7ad9\u5728\u5ba2\u6237\u7aef\u4e14\u4e0d\u63d0\u4f9b\u7f51\u7edc\u670d\u52a1\u7684 Linux \u672c\u673a\u89d2\u8272\u65f6&#xff0c; \u4f60\u5e94\u8be5\u8981\u5982\u4f55\u8bbe\u8ba1\u4f60\u7684\u9632\u706b\u5899\u5462&#xff1f;\u8001\u5b9e\u8bf4&#xff0c;\u4f60\u53ea\u8981\u5206\u6790\u8fc7 CentOS \u9ed8\u8ba4\u7684\u9632\u706b\u5899\u89c4\u5219\u5c31\u4f1a\u77e5\u9053\u4e86&#xff0c;\u7406\u8bba\u4e0a&#xff0c; \u5e94\u8be5\u8981\u6709\u7684\u89c4\u5219\u5982\u4e0b&#xff1a;<\/span><\/span><\/p>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u89c4\u5219\u5f52\u96f6&#xff1a;\u6e05\u9664\u6240\u6709\u5df2\u7ecf\u5b58\u5728\u7684\u89c4\u5219 (iptables -F&#8230;)<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u9884\u8bbe\u653f\u7b56&#xff1a;\u9664\u4e86 INPUT \u8fd9\u4e2a\u81ea\u5b9a\u4e49\u94fe\u8bbe\u4e3a DROP \u5916&#xff0c;\u5176\u4ed6\u4e3a\u9884\u8bbe ACCEPT&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4fe1\u4efb\u672c\u673a&#xff1a;\u7531\u4e8e lo \u5bf9\u672c\u673a\u6765\u8bf4\u662f\u76f8\u5f53\u91cd\u8981\u7684&#xff0c;\u56e0\u6b64 lo \u5fc5\u987b\u8bbe\u5b9a\u4e3a\u4fe1\u4efb\u88c5\u7f6e&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u56de\u5e94\u5c01\u5305&#xff1a;\u8ba9\u672c\u673a\u4e3b\u52a8\u5411\u5916\u8981\u6c42\u800c\u54cd\u5e94\u7684\u5c01\u5305\u53ef\u4ee5\u8fdb\u5165\u672c\u673a (ESTABLISHED,RELATED)<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4fe1\u4efb\u7528\u6237&#xff1a;\u8fd9\u662f\u975e\u5fc5\u8981\u7684&#xff0c;\u5982\u679c\u4f60\u60f3\u8981\u8ba9\u533a\u7f51\u7684\u6765\u6e90\u53ef\u7528\u4f60\u7684\u4e3b\u673a\u8d44\u6e90\u65f6<\/span><\/span><\/li>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u8fd9\u5c31\u662f\u6700\u6700\u9633\u6625\u7684\u9632\u706b\u5899&#xff0c;\u4f60\u53ef\u4ee5\u900f\u8fc7\u7b2c\u4e8c\u6b65\u9aa4\u62b5\u6321\u6240\u6709\u8fdc\u7a0b\u7684\u6765\u6e90\u5c01\u5305&#xff0c;\u800c\u900f\u8fc7\u7b2c\u56db\u6b65\u9aa4\u8ba9\u4f60\u8981\u6c42\u7684\u8fdc\u7a0b\u4e3b\u673a\u54cd\u5e94\u5c01\u5305\u53ef\u4ee5\u8fdb\u5165&#xff0c; \u52a0\u4e0a\u8ba9\u672c\u673a\u7684 lo \u8fd9\u4e2a\u5185\u90e8\u5faa\u73af\u88c5\u7f6e\u53ef\u4ee5\u653e\u884c&#xff0c;\u563f\u563f&#xff01;\u4e00\u90e8 client \u4e13\u7528\u7684\u9632\u706b\u5899\u89c4\u5219\u5c31 OK \u4e86&#xff01;\u4f60\u53ef\u4ee5\u5728\u67d0\u4e2a script \u4e0a\u9762\u8fd9\u6837\u505a\u5373\u53ef&#xff1a;<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">vim bin\/firewall.sh<\/span><br \/>\n<span style=\"color:#FFFF00\">#!\/bin\/bash<br \/>\nPATH&#061;\/sbin:\/bin:\/usr\/sbin:\/usr\/bin; export PATH<\/p>\n<p># 1. \u6e05\u9664\u89c4\u5219<br \/>\niptables -F<br \/>\niptables -X<br \/>\niptables -Z<\/p>\n<p># 2. \u8bbe\u5b9a\u653f\u7b56<br \/>\niptables -P   INPUT DROP<br \/>\niptables -P  OUTPUT ACCEPT<br \/>\niptables -P FORWARD ACCEPT<\/p>\n<p># 3~5. \u5236\u8ba2\u5404\u9879\u89c4\u5219<br \/>\niptables -A INPUT -i lo -j ACCEPT<br \/>\niptables -A INPUT -i eth0 -m state &#8211;state RELATED,ESTABLISHED -j ACCEPT<br \/>\n#iptables -A INPUT -i eth0 -s 192.168.1.0\/24 -j ACCEPT<\/p>\n<p># 6. \u5199\u5165\u9632\u706b\u5899\u89c4\u5219\u914d\u7f6e\u6587\u4ef6<br \/>\n\/etc\/init.d\/iptables save<\/span><\/p>\n<p>[root&#064;www ~]# <span style=\"color:#FFFF00\">sh bin\/firewall.sh<\/span><br \/>\niptables: Saving firewall rules to <span style=\"color:#FFFF00\">\/etc\/sysconfig\/iptables<\/span>:[  OK  ]<br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5176\u5b9e\u9632\u706b\u5899\u4e5f\u662f\u4e00\u4e2a\u670d\u52a1&#xff0c;\u4f60\u53ef\u4ee5\u900f\u8fc7\u300echkconfig &#8211;list iptables\u300f\u53bb\u5bdf\u770b\u5c31\u77e5\u9053\u4e86\u3002 \u56e0\u6b64&#xff0c;\u4f60\u8fd9\u6b21\u4fee\u6539\u7684\u5404\u79cd\u8bbe\u5b9a\u60f3\u8981\u5728\u4e0b\u6b21\u5f00\u673a\u8fd8\u4fdd\u5b58&#xff0c;\u90a3\u5c31\u5f97\u8981\u8fdb\u884c\u300e \/etc\/init.d\/iptables save \u300f\u8fd9\u4e2a\u6307\u4ee4\u52a0\u53c2\u6570\u3002 \u56e0\u6b64&#xff0c;\u9e1f\u54e5\u73b0\u5728\u90fd\u662f\u5c06\u50a8\u5b58\u7684\u52a8\u4f5c\u5199\u5165\u8fd9\u4e2a firewall.sh \u811a\u672c\u4e2d&#xff0c;\u6bd4\u8f83\u5355\u7eaf\u4e9b\u5570&#xff01;\u73b0\u5728&#xff0c;\u4f60\u7684 Linux \u4e3b\u673a\u5df2\u7ecf\u6709\u76f8\u5f53\u7684\u4fdd\u62a4\u4e86&#xff0c; \u53ea\u662f\u5982\u679c\u60f3\u8981\u4f5c\u4e3a\u670d\u52a1\u5668&#xff0c;\u6216\u8005\u662f\u4f5c\u4e3a\u8def\u7531\u5668&#xff0c;\u90a3\u5c31\u5f97\u8981\u81ea\u884c\u52a0\u4e0a\u67d0\u4e9b\u81ea\u5b9a\u4e49\u7684\u89c4\u5219\u5570\u3002<\/span><\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">Tips:<span style=\"color:#009000\">\u8001\u5b9e\u8bf4&#xff0c;\u5982\u679c\u4f60\u5bf9 Linux \u591f\u719f\u6089\u7684\u8bdd&#xff0c;\u76f4\u63a5\u53bb\u4fee\u6539 \/etc\/sysconfig\/iptables \u7136\u540e\u5c06 iptables \u8fd9\u4e2a\u670d\u52a1 restart&#xff0c; \u90a3\u4f60\u7684\u9632\u706b\u5899\u89c4\u5219\u5c31\u662f\u4f1a\u5728\u5f00\u673a\u540e\u6301\u7eed\u5b58\u5728\u5570&#xff01;\u4e0d\u8fc7&#xff0c;\u9e1f\u54e5\u4e2a\u4eba\u8fd8\u662f\u559c\u6b22\u5199 scripts \u5c31\u662f\u4e86\u3002<\/span><\/span><\/span><\/td>\n<td>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u9e1f\u54e5\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19qx2ddfq4s4n.png\" width=\"534\" \/><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5236\u8ba2\u597d\u89c4\u5219\u540e\u5f53\u7136\u5c31\u662f\u8981\u6d4b\u8bd5\u5570&#xff01;\u90a3\u4e48\u5982\u4f55\u6d4b\u8bd5\u5462&#xff1f;<\/span><\/span><\/p>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5148\u7531\u4e3b\u673a\u5411\u5916\u9762\u4e3b\u52a8\u8054\u673a\u8bd5\u770b\u770b&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u518d\u7531\u79c1\u6709\u7f51\u57df\u5185\u7684 PC \u5411\u5916\u9762\u4e3b\u52a8\u8054\u673a\u8bd5\u770b\u770b&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6700\u540e&#xff0c;\u7531 Internet \u4e0a\u9762\u7684\u4e3b\u673a&#xff0c;\u4e3b\u52a8\u8054\u673a\u5230\u4f60\u7684 Linux \u4e3b\u673a\u8bd5\u770b\u770b&#xff1b;<\/span><\/span><\/li>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e00\u6b65\u4e00\u6b65\u4f5c\u4e0b\u6765&#xff0c;\u770b\u770b\u95ee\u9898\u51fa\u5728\u54ea\u91cc&#xff0c;\u7136\u540e\u591a\u591a\u7684\u53bb\u6539\u8fdb\u3001\u6539\u826f&#xff01;\u57fa\u672c\u4e0a&#xff0c;\u7f51\u7edc\u4e0a\u76ee\u524d\u5f88\u591a\u7684\u8d44\u6599\u53ef\u4ee5\u63d0\u4f9b\u4f60\u4e0d\u9519\u7684\u53c2\u8003\u4e86&#xff01; \u8fd9\u4e00\u7bc7\u7684\u8bbe\u5b9a\u5199\u7684\u662f\u5f88\u7b80\u5355&#xff0c;\u5927\u90e8\u5206\u90fd\u8fd8\u5728\u4ecb\u7ecd\u9636\u6bb5\u800c\u5df2&#xff01;\u5e0c\u671b\u5bf9\u5927\u5bb6\u6709\u5e2e\u52a9&#xff01; \u9e1f\u54e5\u5728\u53c2\u8003\u6570\u636e(\u6ce82)\u5f53\u4e2d\u5217\u51fa\u51e0\u4e2a\u6709\u7528\u7684\u9632\u706b\u5899\u7f51\u9875&#xff0c;\u5e0c\u671b\u5927\u5bb6\u6709\u7a7a\u771f\u7684\u8981\u591a\u591a\u7684\u53bb\u770b\u770b&#xff01;\u4f1a\u5f88\u6709\u5e2e\u52a9\u7684&#xff01;<\/span><\/span><\/p>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19vvyqsrr5oo2.png\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.3.5 IPv4 \u7684\u6838\u5fc3\u7ba1\u7406\u529f\u80fd&#xff1a; \/proc\/sys\/net\/ipv4\/*<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u9664\u4e86 iptables \u8fd9\u4e2a\u9632\u706b\u5899\u8f6f\u4ef6\u4e4b\u5916&#xff0c;\u5176\u5b9e\u54b1\u4eec Linux kernel 2.6 \u63d0\u4f9b\u5f88\u591a\u6838\u5fc3\u9884\u8bbe\u7684\u653b\u51fb\u62b5\u6321\u673a\u5236\u5594&#xff01; \u7531\u4e8e\u662f\u6838\u5fc3\u7684\u7f51\u7edc\u529f\u80fd&#xff0c;\u6240\u4ee5\u76f8\u5173\u7684\u8bbe\u5b9a\u6570\u636e\u90fd\u662f\u653e\u7f6e\u5728 \/proc\/sys\/net\/ipv4\/ \u8fd9\u4e2a\u76ee\u5f55\u5f53\u4e2d\u3002 \u81f3\u4e8e\u8be5\u76ee\u5f55\u4e0b\u5404\u4e2a\u6863\u6848\u7684\u8be6\u7ec6\u8d44\u6599&#xff0c;\u53ef\u4ee5\u53c2\u8003\u6838\u5fc3\u7684\u8bf4\u660e\u6587\u4ef6 (\u4f60\u5f97\u8981\u5148\u5b89\u88c5 kernel-doc \u8f6f\u4ef6)&#xff1a;<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\/usr\/share\/doc\/kernel-doc-2.6.32\/Documentation\/networking\/ip-sysctl.txt<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u9e1f\u54e5\u8fd9\u91cc\u4e5f\u653e\u4e00\u4efd\u5907\u4efd&#xff1a;<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">http:\/linux.vbird.org\/linux_server\/0250simple_firewall\/ip-sysctl.txt<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6709\u5174\u8da3\u7684\u8bdd\u5e94\u8be5\u8981\u81ea\u884c\u53bb\u67e5\u4e00\u67e5\u6bd4\u8f83\u597d\u7684\u5594&#xff01;\u6211\u4eec\u5e95\u4e0b\u5c31\u62ff\u51e0\u4e2a\u7b80\u5355\u7684\u6863\u6848\u6765\u4f5c\u8bf4\u660e\u5427&#xff01;<\/span><\/span> \u00a0<\/p>\n<ul>\n<li>\n<hr \/>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\/proc\/sys\/net\/ipv4\/tcp_syncookies<\/span> \u6211\u4eec\u5728\u524d\u4e00\u7ae0\u8c08\u5230\u6240\u8c13\u7684\u963b\u65ad\u5f0f\u670d\u52a1 (DoS)\u00a0\u653b\u51fb\u6cd5\u5f53\u4e2d\u7684\u4e00\u79cd\u65b9\u5f0f&#xff0c;\u5c31\u662f\u5229\u7528 TCP \u5c01\u5305\u7684\u00a0SYN \u4e09\u5411\u4ea4\u63e1\u539f\u7406\u6240\u8fbe\u6210\u7684&#xff0c; \u8fd9\u79cd\u65b9\u5f0f\u79f0\u4e3a SYN Flooding \u3002\u90a3\u5982\u4f55\u9884\u9632\u8fd9\u79cd\u65b9\u5f0f\u7684\u653b\u51fb\u5462&#xff1f;\u6211\u4eec\u53ef\u4ee5\u542f\u7528\u6838\u5fc3\u7684 SYN Cookie \u6a21\u5757\u554a&#xff01; \u8fd9\u4e2a SYN Cookie \u6a21\u5757\u53ef\u4ee5\u5728\u7cfb\u7edf\u7528\u6765\u542f\u52a8\u968f\u673a\u8054\u673a\u7684\u57e0\u53e3 (1024:65535) \u5373\u5c06\u7528\u5b8c\u65f6\u81ea\u52a8\u542f\u52a8\u3002<span style=\"color:#000088\">\u5f53\u542f\u52a8 SYN Cookie \u65f6&#xff0c;\u4e3b\u673a\u5728\u53d1\u9001 SYN\/ACK \u786e\u8ba4\u5c01\u5305\u524d&#xff0c;\u4f1a\u8981\u6c42 Client \u7aef\u5728\u77ed\u65f6\u95f4\u5185\u56de\u590d\u4e00\u4e2a\u5e8f\u53f7&#xff0c;\u8fd9\u4e2a\u5e8f\u53f7\u5305\u542b\u8bb8\u591a\u539f\u672c SYN \u5c01\u5305\u5185\u7684\u4fe1\u606f&#xff0c;\u5305\u62ec IP\u3001port \u7b49\u3002\u82e5 Client \u7aef\u53ef\u4ee5\u56de\u590d\u6b63\u786e\u7684\u5e8f\u53f7&#xff0c;\u90a3\u4e48\u4e3b\u673a\u5c31\u786e\u5b9a\u8be5\u5c01\u5305\u4e3a\u53ef\u4fe1\u7684&#xff0c;\u56e0\u6b64\u4f1a\u53d1\u9001 SYN\/ACK \u5c01\u5305&#xff0c;\u5426\u5219\u5c31\u4e0d\u7406\u4f1a\u6b64\u4e00\u5c01\u5305<\/span>\u3002 \u900f\u8fc7\u6b64\u4e00\u673a\u5236\u53ef\u4ee5\u5927\u5927\u7684\u964d\u4f4e\u65e0\u6548\u7684 SYN \u7b49\u5f85\u57e0\u53e3&#xff0c;\u800c\u907f\u514d SYN Flooding \u7684 DoS \u653b\u51fb\u8bf4&#xff01; \u90a3\u4e48\u5982\u4f55\u542f\u52a8\u8fd9\u4e2a\u6a21\u5757\u5462&#xff1f;\u5f88\u7b80\u5355&#xff0c;\u8fd9\u6837\u505a\u5373\u53ef&#xff1a;<\/span><\/span> <\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">echo &#034;1&#034; &gt; \/proc\/sys\/net\/ipv4\/tcp_syncookies<\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4f46\u662f\u8fd9\u4e2a\u8bbe\u5b9a\u503c\u7531\u4e8e\u8fdd\u53cd TCP \u7684\u4e09\u5411\u4ea4\u63e1 (\u56e0\u4e3a\u4e3b\u673a\u5728\u53d1\u9001 SYN\/ACK \u4e4b\u524d\u9700\u8981\u5148\u7b49\u5f85 client \u7684\u5e8f\u53f7\u54cd\u5e94)&#xff0c; \u6240\u4ee5\u53ef\u80fd\u4f1a\u9020\u6210\u67d0\u4e9b\u670d\u52a1\u7684\u5ef6\u8fdf\u73b0\u8c61&#xff0c;\u4f8b\u5982 SMTP (mail server)\u3002 \u4e0d\u8fc7\u603b\u7684\u6765\u8bf4&#xff0c;\u8fd9\u4e2a\u8bbe\u5b9a\u503c\u8fd8\u662f\u4e0d\u9519\u7528\u7684&#xff01;\u00a0<span style=\"color:#000088\">\u53ea\u662f\u4e0d\u9002\u5408\u7528\u5728\u8d1f\u8f7d\u5df2\u7ecf\u5f88\u9ad8\u7684\u670d\u52a1\u5668\u5185\u5594<\/span>&#xff01; \u56e0\u4e3a\u8d1f\u8f7d\u592a\u9ad8\u7684\u4e3b\u673a\u6709\u65f6\u4f1a\u8ba9\u6838\u5fc3\u8bef\u5224\u906d\u53d7 SYN Flooding \u7684\u653b\u51fb\u5462\u3002 \u5982\u679c\u662f\u4e3a\u4e86\u7cfb\u7edf\u7684 TCP \u5c01\u5305\u8054\u673a\u4f18\u5316&#xff0c;\u5219\u53ef\u4ee5\u53c2\u8003 tcp_max_syn_backlog, tcp_synack_retries, tcp_abort_on_overflow \u8fd9\u51e0\u4e2a\u8bbe\u5b9a\u503c\u7684\u610f\u4e49\u3002<\/span><\/span> \u00a0<\/li>\n<li>\n<hr \/>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\/proc\/sys\/net\/ipv4\/icmp_echo_ignore_broadcasts<\/span> \u963b\u65ad\u5f0f\u670d\u52a1\u5e38\u89c1\u7684\u662f SYN Flooding &#xff0c;\u4e0d\u8fc7&#xff0c;\u6211\u4eec\u77e5\u9053\u7cfb\u7edf\u5176\u5b9e\u53ef\u4ee5\u63a5\u53d7\u4f7f\u7528 ping \u7684\u54cd\u5e94&#xff0c; \u800c\u00a0ping\u00a0\u7684\u5c01\u5305\u6570\u636e\u91cf\u662f\u53ef\u4ee5\u7ed9\u5f88\u5927\u7684&#xff01;\u60f3\u8c61\u4e00\u4e2a\u72b6\u51b5&#xff0c; \u5982\u679c\u6709\u4e2a\u641e\u7834\u574f\u7684\u4eba\u4f7f\u7528 1000 \u53f0\u4e3b\u673a\u4f20\u9001 ping \u7ed9\u4f60\u7684\u4e3b\u673a&#xff0c;\u800c\u4e14\u6bcf\u4e2a ping \u90fd\u9ad8\u8fbe\u6570\u767e K bytes\u65f6&#xff0c; \u4f60\u7684\u7f51\u7edc\u5e26\u5bbd\u4f1a\u600e\u6837&#xff1f;\u8981\u561b\u5c31\u662f\u5e26\u5bbd\u88ab\u5403\u5149&#xff0c;\u8981\u561b\u53ef\u80fd\u7cfb\u7edf\u4f1a\u5f53\u673a&#xff01; \u8fd9\u79cd\u65b9\u5f0f\u5206\u522b\u88ab\u79f0\u4e3a ping flooding (\u4e0d\u65ad\u53d1 ping) \u53ca ping of death (\u53d1\u9001\u5927\u7684 ping \u5c01\u5305)\u3002 \u90a3\u5982\u4f55\u907f\u514d\u5462&#xff1f;\u53d6\u6d88 ICMP \u7c7b\u578b 8 \u7684 ICMP \u5c01\u5305\u56de\u5e94\u5c31\u662f\u4e86\u3002\u6211\u4eec\u53ef\u4ee5\u900f\u8fc7\u9632\u706b\u5899\u6765\u62b5\u6321&#xff0c; \u8fd9\u4e5f\u662f\u6bd4\u8f83\u5efa\u8bae\u7684\u65b9\u5f0f\u3002\u5f53\u7136\u4e5f\u53ef\u4ee5\u8ba9\u6838\u5fc3\u81ea\u52a8\u53d6\u6d88 ping \u7684\u54cd\u5e94\u3002\u4e0d\u8fc7\u4f60\u5fc5\u987b\u8981\u4e86\u89e3&#xff0c;\u00a0<span style=\"color:#000088\">\u67d0\u4e9b\u5c40\u57df\u7f51\u7edc\u5185\u5e38\u89c1\u7684\u670d\u52a1 (\u4f8b\u5982\u52a8\u6001 IP \u5206\u914d DHCP \u534f\u8bae) \u4f1a\u4f7f\u7528 ping \u7684\u65b9\u5f0f\u6765\u4fa6\u6d4b\u662f\u5426\u6709\u91cd\u590d\u7684 IP &#xff0c;\u6240\u4ee5\u4f60\u6700\u597d\u4e0d\u8981\u53d6\u6d88\u6240\u6709\u7684 ping \u54cd\u5e94\u6bd4\u8f83\u597d\u3002<\/span> \u6838\u5fc3\u53d6\u6d88 ping \u56de\u5e94\u7684\u8bbe\u5b9a\u503c\u6709\u4e24\u4e2a&#xff0c;\u5206\u522b\u662f&#xff1a;\/proc\/sys\/net\/ipv4 \u5185\u7684 icmp_echo_ignore_broadcasts (\u4ec5\u6709 ping broadcast \u5730\u5740\u65f6\u624d\u53d6\u6d88 ping \u7684\u56de\u5e94) \u53ca icmp_echo_ignore_all (\u5168\u90e8\u7684 ping \u90fd\u4e0d\u56de\u5e94)\u3002\u9e1f\u54e5\u5efa\u8bae\u8bbe\u5b9a icmp_echo_ignore_broadcasts \u5c31\u597d\u4e86\u3002 \u4f60\u53ef\u4ee5\u8fd9\u4e48\u505a&#xff1a;<\/span><\/span> <\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">echo &#034;1&#034; &gt;  \\\\<\/span><br \/>\n&gt; <span style=\"color:#FFFF00\">\/proc\/sys\/net\/ipv4\/icmp_echo_ignore_broadcasts<\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/li>\n<li>\n<hr \/>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\/proc\/sys\/net\/ipv4\/conf\/\u7f51\u7edc\u63a5\u53e3\/*<\/span> \u54b1\u4eec\u7684\u6838\u5fc3\u8fd8\u53ef\u4ee5\u9488\u5bf9\u4e0d\u540c\u7684\u7f51\u7edc\u63a5\u53e3\u8fdb\u884c\u4e0d\u4e00\u6837\u7684\u53c2\u6570\u8bbe\u5b9a\u5594&#xff01;\u7f51\u7edc\u63a5\u53e3\u7684\u76f8\u5173\u8bbe\u5b9a\u653e\u7f6e\u5728 \/proc\/sys\/net\/ipv4\/conf\/ \u5f53\u4e2d&#xff0c;\u6bcf\u4e2a\u63a5\u53e3\u90fd\u4ee5\u63a5\u53e3\u4ee3\u53f7\u505a\u4e3a\u5176\u4ee3\u8868&#xff0c;\u4f8b\u5982 eth0 \u63a5\u53e3\u7684\u76f8\u5173\u8bbe\u5b9a\u6570\u636e\u5728 \/proc\/sys\/net\/ipv4\/conf\/eth0\/ \u5185\u3002\u90a3\u4e48\u7f51\u7edc\u63a5\u53e3\u7684\u8bbe\u5b9a\u6570\u636e\u6709\u54ea\u4e9b\u6bd4\u8f83\u9700\u8981\u6ce8\u610f\u7684\u5462&#xff1f; \u5927\u6982\u6709\u5e95\u4e0b\u8fd9\u51e0\u4e2a&#xff1a;<\/span><\/span> \u00a0 <\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">rp_filter<\/span>&#xff1a;\u79f0\u4e3a\u9006\u5411\u8def\u5f84\u8fc7\u6ee4 (Reverse Path Filtering)&#xff0c; \u53ef\u4ee5\u85c9\u7531\u5206\u6790\u7f51\u7edc\u63a5\u53e3\u7684\u8def\u7531\u4fe1\u606f\u914d\u5408\u5c01\u5305\u7684\u6765\u6e90\u5730\u5740&#xff0c;\u6765\u5206\u6790\u8be5\u5c01\u5305\u662f\u5426\u4e3a\u5408\u7406\u3002\u4e3e\u4f8b\u6765\u8bf4&#xff0c;\u4f60\u6709\u4e24\u5f20\u7f51\u5361&#xff0c;eth0 \u4e3a 192.168.1.10\/24 &#xff0c;eth1 \u4e3a public IP \u3002\u90a3\u4e48\u5f53\u6709\u4e00\u4e2a\u5c01\u5305\u81ea\u79f0\u6765\u81ea eth1 &#xff0c;\u4f46\u662f\u5176 IP \u6765\u6e90\u4e3a 192.168.1.200 &#xff0c; \u90a3\u8fd9\u4e2a\u5c01\u5305\u5c31\u4e0d\u5408\u7406&#xff0c;\u5e94\u4e88\u4ee5\u4e22\u5f03\u3002\u8fd9\u4e2a\u8bbe\u5b9a\u503c\u5efa\u8bae\u53ef\u4ee5\u542f\u52a8\u7684\u3002<\/span><\/span> \u00a0<\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">log_martians<\/span>&#xff1a;\u8fd9\u4e2a\u8bbe\u5b9a\u6570\u636e\u53ef\u4ee5\u7528\u6765\u542f\u52a8\u8bb0\u5f55\u4e0d\u5408\u6cd5\u7684 IP \u6765\u6e90&#xff0c; \u4e3e\u4f8b\u6765\u8bf4&#xff0c;\u5305\u62ec\u6765\u6e90\u4e3a 0.0.0.0\u3001127.x.x.x\u3001\u53ca Class E \u7684 IP \u6765\u6e90&#xff0c;\u56e0\u4e3a\u8fd9\u4e9b\u6765\u6e90\u7684 IP \u4e0d\u5e94\u8be5\u5e94\u7528\u4e8e Internet \u554a\u3002 \u8bb0\u5f55\u7684\u6570\u636e\u9ed8\u8ba4\u653e\u7f6e\u5230\u6838\u5fc3\u653e\u7f6e\u7684\u767b\u5f55\u6863 \/var\/log\/messages\u3002<\/span><\/span> \u00a0<\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">accept_source_route<\/span>&#xff1a;\u6216\u8bb8\u67d0\u4e9b\u8def\u7531\u5668\u4f1a\u542f\u52a8\u8fd9\u4e2a\u8bbe\u5b9a\u503c&#xff0c; \u4e0d\u8fc7\u76ee\u524d\u7684\u8bbe\u5907\u5f88\u5c11\u4f7f\u7528\u5230\u8fd9\u79cd\u6765\u6e90\u8def\u7531&#xff0c;\u4f60\u53ef\u4ee5\u53d6\u6d88\u8fd9\u4e2a\u8bbe\u5b9a\u503c\u3002<\/span><\/span> \u00a0<\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">accept_redirects<\/span>&#xff1a;\u5f53\u4f60\u5728\u540c\u4e00\u4e2a\u5b9e\u4f53\u7f51\u57df\u5185\u67b6\u8bbe\u4e00\u90e8\u8def\u7531\u5668&#xff0c; \u4f46\u8fd9\u4e2a\u5b9e\u4f53\u7f51\u57df\u6709\u4e24\u4e2a IP \u7f51\u57df&#xff0c;\u4f8b\u5982 192.168.0.0\/24, 192.168.1.0\/24\u3002\u6b64\u65f6\u4f60\u7684 192.168.0.100 \u60f3\u8981\u5411 192.168.1.100 \u4f20\u9001\u8baf\u606f\u65f6&#xff0c;\u8def\u7531\u5668\u53ef\u80fd\u4f1a\u4f20\u9001\u4e00\u4e2a ICMP redirect \u5c01\u5305\u544a\u77e5 192.168.0.100 \u76f4\u63a5\u4f20\u9001\u6570\u636e\u7ed9 192.168.1.100 \u5373\u53ef&#xff0c;\u800c\u4e0d\u9700\u900f\u8fc7\u8def\u7531\u5668\u3002\u56e0\u4e3a 192.168.0.100 \u4e0e 192.168.1.100\u786e\u5b9e\u662f\u5728\u540c\u4e00\u4e2a\u5b9e\u4f53\u7ebf\u8def\u4e0a (\u4e24\u8005\u53ef\u4ee5\u76f4\u63a5\u4e92\u901a)&#xff0c;\u6240\u4ee5\u8def\u7531\u5668\u4f1a\u544a\u77e5\u6765\u6e90 IP \u4f7f\u7528\u6700\u77ed\u8def\u5f84\u53bb\u4f20\u9012\u6570\u636e\u3002\u4f46\u90a3\u4e24\u90e8\u4e3b\u673a\u5728\u4e0d\u540c\u7684 IP \u6bb5&#xff0c;\u5374\u662f\u65e0\u6cd5\u5b9e\u9645\u4f20\u9012\u8baf\u606f\u7684&#xff01;\u8fd9\u4e2a\u8bbe\u5b9a\u4e5f\u53ef\u80fd\u4f1a\u4ea7\u751f\u4e00\u4e9b\u8f7b\u5fae\u7684\u5b89\u5168\u98ce\u9669&#xff0c;\u6240\u4ee5\u5efa\u8bae\u5173\u95ed\u4ed6\u3002<\/span><\/span> \u00a0<\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">send_redirects<\/span>&#xff1a;\u4e0e\u4e0a\u4e00\u4e2a\u7c7b\u4f3c&#xff0c;\u53ea\u662f\u6b64\u503c\u4e3a\u53d1\u9001\u4e00\u4e2a ICMP redirect \u5c01\u5305\u3002 \u540c\u6837\u5efa\u8bae\u5173\u95ed\u3002(\u4e8b\u5b9e\u4e0a&#xff0c;\u9e1f\u54e5\u5c31\u66fe\u7ecf\u4e3a\u4e86\u8fd9\u4e2a ICMP redirect \u7684\u95ee\u9898\u4f24\u8111\u7b4b&#xff01;\u5176\u5b9e\u5173\u95ed redirect \u7684\u8fd9\u4e24\u4e2a\u9879\u76ee\u5373\u53ef\u554a&#xff01;)<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u867d\u7136\u4f60\u53ef\u4ee5\u4f7f\u7528\u300e echo &#034;1&#034; &gt; \/proc\/sys\/net\/ipv4\/conf\/???\/rp_filter \u300f\u4e4b\u7c7b\u7684\u65b9\u6cd5\u6765\u542f\u52a8\u8fd9\u4e2a\u9879\u76ee&#xff0c;\u4e0d\u8fc7&#xff0c; \u9e1f\u54e5\u6bd4\u8f83\u5efa\u8bae\u4fee\u6539\u7cfb\u7edf\u8bbe\u5b9a\u503c&#xff0c;\u90a3\u5c31\u662f \/etc\/sysctl.conf \u8fd9\u4e2a\u6863\u6848&#xff01;\u5047\u8bbe\u6211\u4eec\u4ec5\u6709 eth0 \u8fd9\u4e2a\u4ee5\u592a\u63a5\u53e3&#xff0c;\u800c\u4e14\u4e0a\u8ff0\u7684\u529f\u80fd\u8981\u901a\u901a\u542f\u52a8&#xff0c; \u90a3\u4f60\u53ef\u4ee5\u8fd9\u6837\u505a&#xff1a;<\/span><\/span> <\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">vim \/etc\/sysctl.conf<\/span><br \/>\n<span style=\"color:#FFFF00\"># Adding by VBird 2011\/01\/28<br \/>\nnet.ipv4.tcp_syncookies &#061; 1<br \/>\nnet.ipv4.icmp_echo_ignore_broadcasts &#061; 1<br \/>\nnet.ipv4.conf.all.rp_filter &#061; 1<br \/>\nnet.ipv4.conf.default.rp_filter &#061; 1<br \/>\nnet.ipv4.conf.eth0.rp_filter &#061; 1<br \/>\nnet.ipv4.conf.lo.rp_filter &#061; 1<\/span><br \/>\n<span style=\"color:#ff6666\">&#8230;.(\u4ee5\u4e0b\u7701\u7565)&#8230;.<\/span><\/p>\n<p>[root&#064;www ~]# <span style=\"color:#FFFF00\">sysctl -p<\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/li>\n<\/ul>\n<hr \/>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5927\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19fqp434dfdbu.png\" width=\"534\" \/><\/p>\n<p><span style=\"color:#0000bb\"><span style=\"background-color:#ffffff\">9.4 \u5355\u673a\u9632\u706b\u5899\u7684\u4e00\u4e2a\u5b9e\u4f8b<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4ecb\u7ecd\u4e86\u8fd9\u4e48\u591a\u7684\u9632\u706b\u5899\u8bed\u6cd5\u4e0e\u76f8\u5173\u7684\u6ce8\u610f\u4e8b\u9879\u540e&#xff0c;\u7ec8\u4e8e\u8981\u6765\u67b6\u8bbe\u9632\u706b\u5899\u4e86\u3002\u9e1f\u54e5\u8fd8\u662f\u6bd4\u8f83\u504f\u597d\u4f7f\u7528\u811a\u672c\u6765\u64b0\u5199\u9632\u706b\u5899&#xff0c; \u7136\u540e\u900f\u8fc7\u6700\u7ec8\u7684 \/etc\/init.d\/iptables save \u6765\u5c06\u7ed3\u679c\u50a8\u5b58\u5230 \/etc\/sysconfig\/iptables \u53bb&#xff01; \u800c\u4e14\u6b64\u4e00\u7279\u8272\u8fd8\u53ef\u4ee5\u7528\u5728\u547c\u53eb\u5176\u4ed6\u7684 scripts &#xff0c;\u53ef\u4ee5\u8ba9\u9632\u706b\u5899\u89c4\u5219\u5177\u6709\u8f83\u4e3a\u7075\u6d3b\u7684\u4f7f\u7528\u65b9\u5f0f\u3002 \u597d\u4e86&#xff0c;\u90a3\u5c31\u6765\u8c08\u8c08\u5982\u4f55\u8bbe\u5b9a\u54b1\u4eec\u7684\u9632\u706b\u5899\u89c4\u5219\u5427&#xff01;<\/span><\/span><\/p>\n<p> \u00a0 <\/p>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19jcag3erj0id.png\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.4.1 \u89c4\u5219\u8349\u62df<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u9e1f\u54e5\u5e95\u4e0b\u4ecb\u7ecd\u7684\u8fd9\u4e2a\u9632\u706b\u5899&#xff0c;\u5176\u5b9e\u53ef\u4ee5\u7528\u6765\u4f5c\u4e3a\u8def\u7531\u5668\u4e0a\u7684\u9632\u706b\u5899&#xff0c;\u4e5f\u53ef\u4ee5\u7528\u6765\u4f5c\u4e3a\u672c\u673a\u7684\u9632\u706b\u5899\u3002 \u5047\u8bbe\u786c\u4ef6\u8054\u673a\u5982\u540c\u4e0b\u56fe\u6240\u793a&#xff0c; Linux \u4e3b\u673a\u672c\u8eab\u4e5f\u662f\u5185\u90e8 LAN \u7684\u8def\u7531\u5668&#xff01;\u4ea6\u5373\u662f\u4e00\u4e2a\u7b80\u5355\u7684 IP \u5206\u4eab\u5668\u7684\u529f\u80fd\u5566&#xff01;\u4f9d\u636e\u7b2c\u4e09\u7ae0\u7684\u56fe 3.2-1\u00a0\u5047\u8bbe\u9e1f\u54e5\u7f51\u7edc\u63a5\u53e3\u6709\u5e95\u4e0b\u8fd9\u4e9b&#xff1a;<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5916\u90e8\u7f51\u7edc\u4f7f\u7528 eth0 (\u5982\u679c\u662f\u62e8\u63a5&#xff0c;\u6709\u53ef\u80fd\u662f ppp0&#xff0c;\u8bf7\u9488\u5bf9\u4f60\u7684\u73af\u5883\u6765\u8bbe\u5b9a)&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5185\u90e8\u7f51\u7edc\u4f7f\u7528 eth1 &#xff0c;\u4e14\u5185\u90e8\u4f7f\u7528 192.168.100.0\/24 \u8fd9\u4e2a Class &#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e3b\u673a\u9ed8\u8ba4\u5f00\u653e\u7684\u670d\u52a1\u6709 WWW, SSH, https \u7b49\u7b49&#xff1b;<\/span><\/span><\/li>\n<\/ul>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u4e00\u4e2a\u5c40\u57df\u7f51\u7edc\u7684\u8def\u7531\u5668\u67b6\u6784\u793a\u610f\u56fe\" height=\"299\" src=\"2025-04-19szyilmoowse.png\" width=\"534\" \/><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u56fe 9.4-1\u3001\u4e00\u4e2a\u5c40\u57df\u7f51\u7edc\u7684\u8def\u7531\u5668\u67b6\u6784\u793a\u610f\u56fe<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\u7531\u4e8e\u5e0c\u671b\u5c06\u4fe1\u4efb\u7f51\u57df (LAN) \u4e0e\u4e0d\u4fe1\u4efb\u7f51\u57df (Internet) \u6574\u4e2a\u5206\u5f00\u7684\u5b8c\u6574\u4e00\u70b9&#xff0c; \u6240\u4ee5\u5e0c\u671b\u4f60\u53ef\u4ee5\u5728 Linux \u4e0a\u9762\u5b89\u88c5\u4e24\u5757\u4ee5\u4e0a\u7684\u5b9e\u4f53\u7f51\u5361&#xff0c;\u5c06\u4e24\u5757\u7f51\u5361\u63a5\u5728\u4e0d\u540c\u7684\u7f51\u57df&#xff0c;\u8fd9\u6837\u53ef\u4ee5\u907f\u514d\u5f88\u591a\u95ee\u9898\u3002<\/span>\u00a0\u81f3\u4e8e\u6700\u91cd\u8981\u7684\u9632\u706b\u5899\u653f\u7b56\u662f&#xff1a;\u300e<span style=\"color:#000088\">\u5173\u95ed\u6240\u6709\u7684\u8054\u673a&#xff0c;\u4ec5\u5f00\u653e\u7279\u5b9a\u7684\u670d\u52a1<\/span>\u300f\u6a21\u5f0f\u3002 \u800c\u4e14\u5047\u8bbe\u5185\u90e8\u4f7f\u7528\u8005\u5df2\u7ecf\u53d7\u8fc7\u826f\u597d\u7684\u8bad\u7ec3&#xff0c;\u56e0\u6b64\u5728 filter table \u7684\u4e09\u6761\u94fe\u4e2a\u9884\u8bbe\u653f\u7b56\u662f&#xff1a;<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">INPUT \u4e3a DROP<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">OUTPUT \u53ca FORWARD \u4e3a ACCEPT<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u9e1f\u54e5\u5e95\u4e0b\u9884\u8ba1\u63d0\u4f9b\u7684\u9632\u706b\u5899\u6d41\u7a0b\u662f\u8fd9\u6837\u7684&#xff1a;<\/span><\/span><\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u672c\u673a\u7684\u9632\u706b\u5899\u89c4\u5219\u6d41\u7a0b\u793a\u610f\u56fe\" height=\"299\" src=\"2025-04-195haiuhsp44k.png\" width=\"534\" \/><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u56fe 9.4-2\u3001\u672c\u673a\u7684\u9632\u706b\u5899\u89c4\u5219\u6d41\u7a0b\u793a\u610f\u56fe<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u539f\u5219\u4e0a&#xff0c;\u5185\u90e8 LAN \u4e3b\u673a\u4e0e\u4e3b\u673a\u672c\u8eab\u7684\u5f00\u653e\u5ea6\u5f88\u9ad8&#xff0c;\u56e0\u4e3a Output \u4e0e Forward \u662f\u5b8c\u5168\u5f00\u653e\u4e0d\u7406\u7684&#xff01;\u5bf9\u4e8e\u5c0f\u5bb6\u5ead\u7684\u4e3b\u673a\u662f\u53ef\u4ee5\u63a5\u53d7\u7684&#xff0c;\u56e0\u4e3a\u6211\u4eec\u5185\u90e8\u7684\u8ba1\u7b97\u673a\u6570\u91cf\u4e0d\u591a&#xff0c;\u800c\u4e14\u4eba\u5458\u90fd\u662f\u719f\u6089\u7684&#xff0c; \u6240\u4ee5\u4e0d\u9700\u8981\u7279\u522b\u52a0\u4ee5\u63a7\u7ba1&#xff01;\u4f46\u662f&#xff1a;\u300e<span style=\"color:#000088\">\u5728\u5927\u4f01\u4e1a\u7684\u5185\u90e8&#xff0c;\u8fd9\u6837\u7684\u89c4\u5212\u662f\u5f88\u4e0d\u5408\u683c\u7684&#xff0c; \u56e0\u4e3a\u4f60\u4e0d\u80fd\u4fdd\u8bc1\u5185\u90e8\u6240\u6709\u7684\u4eba\u90fd\u53ef\u4ee5\u6309\u7167\u4f60\u7684\u89c4\u5b9a\u6765\u4f7f\u7528 Network<\/span>\u00a0&#xff01;\u300f\u4e5f\u5c31\u662f\u8bf4\u300e\u5bb6\u8d3c\u96be\u9632\u300f\u5440&#xff01; \u56e0\u6b64&#xff0c;\u90a3\u6837\u7684\u73af\u5883\u8fde Output \u4e0e Forward \u90fd\u9700\u8981\u7279\u522b\u52a0\u4ee5\u7ba1\u7406\u624d\u884c&#xff01;<\/span><\/span><\/p>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-1953xfgetciod.png\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.4.2 \u5b9e\u9645\u8bbe\u5b9a<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e8b\u5b9e\u4e0a&#xff0c;\u6211\u4eec\u5728\u8bbe\u5b9a\u9632\u706b\u5899\u7684\u65f6\u5019&#xff0c;\u4e0d\u592a\u53ef\u80fd\u4f1a\u4e00\u4e2a\u4e00\u4e2a\u6307\u4ee4\u7684\u8f93\u5165&#xff0c;\u901a\u5e38\u662f\u5229\u7528 shell scripts \u6765\u5e2e\u6211\u4eec\u8fbe\u6210\u8fd9\u6837\u7684\u529f\u80fd\u5436&#xff01;\u5e95\u4e0b\u662f\u5229\u7528\u4e0a\u9762\u7684\u6d41\u7a0b\u56fe\u6240\u89c4\u5212\u51fa\u6765\u7684\u9632\u706b\u5899\u811a\u672c&#xff0c;\u4f60\u53ef\u4ee5\u53c2\u8003\u770b\u770b&#xff0c; \u4f46\u662f\u4f60\u9700\u8981\u5c06\u73af\u5883\u4fee\u6539\u6210\u9002\u5408\u4f60\u81ea\u5df1\u7684\u73af\u5883\u624d\u884c\u5594&#xff01;\u6b64\u5916&#xff0c;\u4e3a\u4e86\u672a\u6765\u4fee\u6539\u7ef4\u62a4\u7684\u65b9\u4fbf&#xff0c;\u9e1f\u54e5\u5c06\u6574\u4e2a script \u62c6\u6210\u4e09\u90e8\u5206&#xff0c;\u5206\u522b\u662f&#xff1a;<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">iptables.rule&#xff1a;\u8bbe\u5b9a\u6700\u57fa\u672c\u7684\u89c4\u5219&#xff0c;\u5305\u62ec\u6e05\u9664\u9632\u706b\u5899\u89c4\u5219\u3001\u52a0\u8f7d\u6a21\u5757\u3001\u8bbe\u5b9a\u670d\u52a1\u53ef\u63a5\u53d7\u7b49&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">iptables.deny&#xff1a;\u8bbe\u5b9a\u62b5\u6321\u67d0\u4e9b\u6076\u610f\u4e3b\u673a\u7684\u8fdb\u5165&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">iptables.allow&#xff1a;\u8bbe\u5b9a\u5141\u8bb8\u67d0\u4e9b\u81ea\u5b9a\u4e49\u7684\u540e\u95e8\u6765\u6e90\u4e3b\u673a&#xff01;<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u9e1f\u54e5\u4e2a\u4eba\u4e60\u60ef\u662f\u5c06\u8fd9\u4e2a\u811a\u672c\u653e\u7f6e\u5230 \/usr\/local\/virus\/iptables \u76ee\u5f55\u4e0b&#xff0c;\u4f60\u4e5f\u53ef\u4ee5\u81ea\u884c\u653e\u7f6e\u5230\u81ea\u5df1\u4e60\u60ef\u7684\u4f4d\u7f6e\u53bb\u3002 \u90a3\u5e95\u4e0b\u5c31\u6765\u77a7\u77a7\u8fd9\u652f\u811a\u672c\u662f\u600e\u4e48\u5199\u7684\u5427&#xff01;<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">mkdir -p \/usr\/local\/virus\/iptables<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">cd \/usr\/local\/virus\/iptables<\/span><br \/>\n[root&#064;www iptables]# <span style=\"color:#FFFF00\">vim iptables.rule<\/span><br \/>\n#!\/bin\/bash<\/p>\n<p><span style=\"color:#ff6666\"># \u8bf7\u5148\u8f93\u5165\u60a8\u7684\u76f8\u5173\u53c2\u6570&#xff0c;\u4e0d\u8981\u8f93\u5165\u9519\u8bef\u4e86&#xff01;<\/span><br \/>\n  EXTIF&#061;&#034;<span style=\"color:#FFFF00\">eth0<\/span>&#034;             # \u8fd9\u4e2a\u662f\u53ef\u4ee5\u8fde\u4e0a Public IP \u7684\u7f51\u7edc\u63a5\u53e3<br \/>\n  INIF&#061;&#034;<span style=\"color:#FFFF00\">eth1<\/span>&#034;              # \u5185\u90e8 LAN \u7684\u8fde\u63a5\u63a5\u53e3&#xff1b;\u82e5\u65e0\u5219\u5199\u6210 INIF&#061;&#034;&#034;<br \/>\n  INNET&#061;&#034;<span style=\"color:#FFFF00\">192.168.100.0\/24<\/span>&#034; # \u82e5\u65e0\u5185\u90e8\u7f51\u57df\u63a5\u53e3&#xff0c;\u8bf7\u586b\u5199\u6210 INNET&#061;&#034;&#034;<br \/>\n  export EXTIF INIF INNET<\/p>\n<p><span style=\"color:#ff6666\"># \u7b2c\u4e00\u90e8\u4efd&#xff0c;\u9488\u5bf9\u672c\u673a\u7684\u9632\u706b\u5899\u8bbe\u5b9a&#xff01;##########################################<br \/>\n# 1. \u5148\u8bbe\u5b9a\u597d\u6838\u5fc3\u7684\u7f51\u7edc\u529f\u80fd&#xff1a;<\/span><br \/>\n  echo &#034;1&#034; &gt; \/proc\/sys\/net\/ipv4\/tcp_syncookies<br \/>\n  echo &#034;1&#034; &gt; \/proc\/sys\/net\/ipv4\/icmp_echo_ignore_broadcasts<br \/>\n  for i in \/proc\/sys\/net\/ipv4\/conf\/*\/{rp_filter,log_martians}; do<br \/>\n        echo &#034;1&#034; &gt; $i<br \/>\n  done<br \/>\n  for i in \/proc\/sys\/net\/ipv4\/conf\/*\/{accept_source_route,accept_redirects,\\\\<br \/>\nsend_redirects}; do<br \/>\n        echo &#034;0&#034; &gt; $i<br \/>\n  done<\/p>\n<p><span style=\"color:#ff6666\"># 2. \u6e05\u9664\u89c4\u5219\u3001\u8bbe\u5b9a\u9ed8\u8ba4\u653f\u7b56\u53ca\u5f00\u653e lo \u4e0e\u76f8\u5173\u7684\u8bbe\u5b9a\u503c<\/span><br \/>\n  PATH&#061;\/sbin:\/usr\/sbin:\/bin:\/usr\/bin:\/usr\/local\/sbin:\/usr\/local\/bin; export PATH<br \/>\n  iptables -F<br \/>\n  iptables -X<br \/>\n  iptables -Z<br \/>\n  iptables -P INPUT   DROP<br \/>\n  iptables -P OUTPUT  ACCEPT<br \/>\n  iptables -P FORWARD ACCEPT<br \/>\n  iptables -A INPUT -i lo -j ACCEPT<br \/>\n  iptables -A INPUT -m state &#8211;state RELATED,ESTABLISHED -j ACCEPT<\/p>\n<p><span style=\"color:#ff6666\"># 3. \u542f\u52a8\u989d\u5916\u7684\u9632\u706b\u5899 script \u6a21\u5757<\/span><br \/>\n  if [ -f \/usr\/local\/virus\/iptables\/iptables.deny ]; then<br \/>\n        sh \/usr\/local\/virus\/iptables\/iptables.deny<br \/>\n  fi<br \/>\n  if [ -f \/usr\/local\/virus\/iptables\/iptables.allow ]; then<br \/>\n        sh \/usr\/local\/virus\/iptables\/iptables.allow<br \/>\n  fi<br \/>\n  if [ -f \/usr\/local\/virus\/httpd-err\/iptables.http ]; then<br \/>\n        sh \/usr\/local\/virus\/httpd-err\/iptables.http<br \/>\n  fi<\/p>\n<p><span style=\"color:#ff6666\"># 4. \u5141\u8bb8\u67d0\u4e9b\u7c7b\u578b\u7684 ICMP \u5c01\u5305\u8fdb\u5165<\/span><br \/>\n  AICMP&#061;&#034;0 3 3\/4 4 11 12 14 16 18&#034;<br \/>\n  for tyicmp in $AICMP<br \/>\n  do<br \/>\n    iptables -A INPUT -i $EXTIF -p icmp &#8211;icmp-type $tyicmp -j ACCEPT<br \/>\n  done<\/p>\n<p><span style=\"color:#ff6666\"># 5. \u5141\u8bb8\u67d0\u4e9b\u670d\u52a1\u7684\u8fdb\u5165&#xff0c;\u8bf7\u4f9d\u7167\u4f60\u81ea\u5df1\u7684\u73af\u5883\u5f00\u542f<\/span><br \/>\n# iptables -A INPUT -p TCP -i $EXTIF &#8211;dport  21 &#8211;sport 1024:65534 -j ACCEPT # FTP<br \/>\n# iptables -A INPUT -p TCP -i $EXTIF &#8211;dport  22 &#8211;sport 1024:65534 -j ACCEPT # SSH<br \/>\n# iptables -A INPUT -p TCP -i $EXTIF &#8211;dport  25 &#8211;sport 1024:65534 -j ACCEPT # SMTP<br \/>\n# iptables -A INPUT -p UDP -i $EXTIF &#8211;dport  53 &#8211;sport 1024:65534 -j ACCEPT # DNS<br \/>\n# iptables -A INPUT -p TCP -i $EXTIF &#8211;dport  53 &#8211;sport 1024:65534 -j ACCEPT # DNS<br \/>\n# iptables -A INPUT -p TCP -i $EXTIF &#8211;dport  80 &#8211;sport 1024:65534 -j ACCEPT # WWW<br \/>\n# iptables -A INPUT -p TCP -i $EXTIF &#8211;dport 110 &#8211;sport 1024:65534 -j ACCEPT # POP3<br \/>\n# iptables -A INPUT -p TCP -i $EXTIF &#8211;dport 443 &#8211;sport 1024:65534 -j ACCEPT # HTTPS<\/p>\n<p><span style=\"color:#ff6666\"># \u7b2c\u4e8c\u90e8\u4efd&#xff0c;\u9488\u5bf9\u540e\u7aef\u4e3b\u673a\u7684\u9632\u706b\u5899\u8bbe\u5b9a&#xff01;###############################<br \/>\n# 1. \u5148\u52a0\u8f7d\u4e00\u4e9b\u6709\u7528\u7684\u6a21\u5757<\/span><br \/>\n  modules&#061;&#034;ip_tables iptable_nat ip_nat_ftp ip_nat_irc ip_conntrack<br \/>\nip_conntrack_ftp ip_conntrack_irc&#034;<br \/>\n  for mod in $modules<br \/>\n  do<br \/>\n      testmod&#061;&#096;lsmod | grep &#034;^${mod} &#034; | awk &#039;{print $1}&#039;&#096;<br \/>\n      if [ &#034;$testmod&#034; &#061;&#061; &#034;&#034; ]; then<br \/>\n            modprobe $mod<br \/>\n      fi<br \/>\n  done<\/p>\n<p><span style=\"color:#ff6666\"># 2. \u6e05\u9664 NAT table \u7684\u89c4\u5219\u5427&#xff01;<\/span><br \/>\n  iptables -F -t nat<br \/>\n  iptables -X -t nat<br \/>\n  iptables -Z -t nat<br \/>\n  iptables -t nat -P PREROUTING  ACCEPT<br \/>\n  iptables -t nat -P POSTROUTING ACCEPT<br \/>\n  iptables -t nat -P OUTPUT      ACCEPT<\/p>\n<p><span style=\"color:#ff6666\"># 3. \u82e5\u6709\u5185\u90e8\u63a5\u53e3\u7684\u5b58\u5728 (\u53cc\u7f51\u5361) \u5f00\u653e\u6210\u4e3a\u8def\u7531\u5668&#xff0c;\u4e14\u4e3a IP \u5206\u4eab\u5668&#xff01;<\/span><br \/>\n  if [ &#034;$INIF&#034; !&#061; &#034;&#034; ]; then<br \/>\n    iptables -A INPUT -i $INIF -j ACCEPT<br \/>\n    echo &#034;1&#034; &gt; \/proc\/sys\/net\/ipv4\/ip_forward<br \/>\n    if [ &#034;$INNET&#034; !&#061; &#034;&#034; ]; then<br \/>\n        for innet in $INNET<br \/>\n        do<br \/>\n            iptables -t nat -A POSTROUTING -s $innet -o $EXTIF -j MASQUERADE<br \/>\n        done<br \/>\n    fi<br \/>\n  fi<br \/>\n<span style=\"color:#ff6666\">  # \u5982\u679c\u4f60\u7684 MSN \u4e00\u76f4\u65e0\u6cd5\u8054\u673a&#xff0c;\u6216\u8005\u662f\u67d0\u4e9b\u7f51\u7ad9 OK \u67d0\u4e9b\u7f51\u7ad9\u4e0d OK&#xff0c;<br \/>\n  # \u53ef\u80fd\u662f MTU \u7684\u95ee\u9898&#xff0c;\u90a3\u4f60\u53ef\u4ee5\u5c06\u5e95\u4e0b\u8fd9\u4e00\u884c\u7ed9\u4ed6\u53d6\u6d88\u6279\u6ce8\u6765\u542f\u52a8 MTU \u9650\u5236\u8303\u56f4<\/span><br \/>\n  # iptables -A FORWARD -p tcp -m tcp &#8211;tcp-flags SYN,RST SYN -m tcpmss \\\\<br \/>\n  #          &#8211;mss 1400:1536 -j TCPMSS &#8211;clamp-mss-to-pmtu<\/p>\n<p><span style=\"color:#ff6666\"># 4. NAT \u670d\u52a1\u5668\u540e\u7aef\u7684 LAN \u5185\u5bf9\u5916\u4e4b\u670d\u52a1\u5668\u8bbe\u5b9a<\/span><br \/>\n# iptables -t nat -A PREROUTING -p tcp -i $EXTIF &#8211;dport 80 \\\\<br \/>\n#          -j DNAT &#8211;to-destination 192.168.1.210:80 # WWW<\/p>\n<p><span style=\"color:#ff6666\"># 5. \u7279\u6b8a\u7684\u529f\u80fd&#xff0c;\u5305\u62ec Windows \u8fdc\u7a0b\u684c\u9762\u6240\u4ea7\u751f\u7684\u89c4\u5219&#xff0c;\u5047\u8bbe\u684c\u9762\u4e3b\u673a\u4e3a 1.2.3.4<\/span><br \/>\n# iptables -t nat -A PREROUTING -p tcp -s 1.2.3.4  &#8211;dport 6000 \\\\<br \/>\n#          -j DNAT &#8211;to-destination 192.168.100.10<br \/>\n# iptables -t nat -A PREROUTING -p tcp -s 1.2.3.4  &#8211;sport 3389 \\\\<br \/>\n#          -j DNAT &#8211;to-destination 192.168.100.20<\/p>\n<p><span style=\"color:#ff6666\"># 6. \u6700\u7ec8\u5c06\u8fd9\u4e9b\u529f\u80fd\u50a8\u5b58\u4e0b\u6765\u5427&#xff01;<\/span><br \/>\n  \/etc\/init.d\/iptables save<br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7279\u522b\u7559\u610f\u4e0a\u9762\u7a0b\u5e8f\u4ee3\u7801\u7684\u7279\u6b8a\u5b57\u4f53\u90e8\u5206&#xff0c;\u57fa\u672c\u4e0a&#xff0c;\u4f60\u53ea\u8981\u4fee\u6539\u4e00\u4e0b\u6700\u4e0a\u65b9\u7684\u63a5\u53e3\u90e8\u5206&#xff0c; \u5e94\u8be5\u5c31\u80fd\u591f\u8fd0\u4f5c\u8fd9\u4e2a\u9632\u706b\u5899\u4e86\u3002\u4e0d\u8fc7\u56e0\u4e3a\u6bcf\u4e2a\u4eba\u7684\u73af\u5883\u90fd\u4e0d\u76f8\u540c&#xff0c; \u56e0\u6b64\u4f60\u5728\u8bbe\u5b9a\u5b8c\u6210\u540e&#xff0c;\u4f9d\u65e7\u9700\u8981\u6d4b\u8bd5\u4e00\u4e0b\u624d\u884c\u5594&#xff01;\u4e0d\u7136&#xff0c;\u51fa\u4e86\u95ee\u9898\u4e0d\u8981\u602a\u6211\u554a&#xff01;&#8230;. \u518d\u6765\u770b\u4e00\u4e0b\u5173\u4e8e iptables.allow \u7684\u5185\u5bb9\u662f\u5982\u4f55&#xff1f;\u5047\u5982\u6211\u8981\u8ba9\u4e00\u4e2a 140.116.44.0\/24 \u8fd9\u4e2a\u7f51\u57df\u7684\u6240\u6709\u4e3b\u673a\u6765\u6e90\u53ef\u4ee5\u8fdb\u5165\u6211\u7684\u4e3b\u673a\u7684\u8bdd&#xff0c;\u90a3\u4e48\u8fd9\u4e2a\u6863\u6848\u7684\u5185\u5bb9\u53ef\u4ee5\u5199\u6210\u8fd9\u6837&#xff1a;<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www iptables]# <span style=\"color:#FFFF00\">vim iptables.allow<\/span><br \/>\n#!\/bin\/bash<br \/>\n# \u5e95\u4e0b\u5219\u586b\u5199\u4f60\u5141\u8bb8\u8fdb\u5165\u672c\u673a\u7684\u5176\u4ed6\u7f51\u57df\u6216\u4e3b\u673a\u554a&#xff01;<br \/>\n  iptables -A INPUT -i $EXTIF -s 140.116.44.0\/24 -j ACCEPT<\/p>\n<p><span style=\"color:#ff6666\"># \u5e95\u4e0b\u5219\u662f\u5173\u4e8e\u62b5\u6321\u7684\u6863\u6848\u8bbe\u5b9a\u6cd5&#xff01;<\/span><br \/>\n[root&#064;www iptables]# <span style=\"color:#FFFF00\">vim iptables.deny<\/span><br \/>\n#!\/bin\/bash<br \/>\n# \u5e95\u4e0b\u586b\u5199\u7684\u662f\u300e\u4f60\u8981\u62b5\u6321\u7684\u90a3\u4e2a\u549a\u549a&#xff01;\u300f<br \/>\n  iptables -A INPUT -i $EXTIF -s 140.116.44.254 -j DROP<\/p>\n<p>[root&#064;www iptables]# <span style=\"color:#FFFF00\">chmod 700 iptables.*<\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5c06\u8fd9\u4e09\u4e2a\u6863\u6848\u7684\u6743\u9650\u8bbe\u5b9a\u4e3a 700 \u4e14\u53ea\u5c5e\u4e8e root \u7684\u6743\u9650\u540e&#xff0c;\u5c31\u80fd\u591f\u76f4\u63a5\u6267\u884c iptables.rule \u5570&#xff01; \u4e0d\u8fc7\u8981\u6ce8\u610f\u7684\u662f&#xff0c;\u5728\u4e0a\u9762\u7684\u6848\u4f8b\u5f53\u4e2d&#xff0c;\u9e1f\u54e5\u9884\u8bbe\u5c06\u6240\u6709\u7684\u670d\u52a1\u7684\u901a\u9053\u90fd\u662f\u5173\u95ed\u7684&#xff01; \u6240\u4ee5\u4f60\u5fc5\u987b\u8981\u5230\u672c\u673a\u9632\u706b\u5899\u7684\u7b2c 5 \u6b65\u9aa4\u5904\u5c06\u4e00\u4e9b\u6279\u6ce8\u7b26\u53f7 (#) \u89e3\u5f00\u624d\u884c\u3002 \u540c\u6837\u7684&#xff0c;\u5982\u679c\u6709\u5176\u4ed6\u66f4\u591a\u7684 port \u60f3\u8981\u5f00\u542f\u65f6&#xff0c;\u4e00\u6837\u9700\u8981\u589e\u52a0\u989d\u5916\u7684\u89c4\u5219\u624d\u884c\u5594&#xff01;<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e0d\u8fc7&#xff0c;\u8fd8\u662f\u5982\u540c\u524d\u9762\u6211\u4eec\u6240\u8bf4\u7684&#xff0c;\u8fd9\u4e2a firewall \u4ec5\u80fd\u63d0\u4f9b\u57fa\u672c\u7684\u5b89\u5168\u9632\u62a4&#xff0c;\u5176\u4ed6\u7684\u76f8\u5173\u95ee\u9898\u8fd8\u9700\u8981\u518d\u6d4b\u8bd5\u6d4b\u8bd5\u5462&#xff01; \u6b64\u5916&#xff0c;\u5982\u679c\u4f60\u5e0c\u671b\u4e00\u5f00\u673a\u5c31\u81ea\u52a8\u6267\u884c\u8fd9\u4e2a script \u7684\u8bdd&#xff0c;\u8bf7\u5c06\u8fd9\u4e2a\u6863\u6848\u7684\u5b8c\u6574\u6863\u540d\u5199\u5165 \/etc\/rc.d\/rc.local \u5f53\u4e2d&#xff0c;\u6709\u70b9\u50cf\u5e95\u4e0b\u8fd9\u6837&#xff1a;<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">[root&#064;www ~]# <span style=\"color:#FFFF00\">vim \/etc\/rc.d\/rc.local<\/span><br \/>\n<span style=\"color:#ff6666\">&#8230;.(\u5176\u4ed6\u7701\u7565)&#8230;.<\/span><br \/>\n# 1. Firewall<br \/>\n<span style=\"color:#FFFF00\">\/usr\/local\/virus\/iptables\/iptables.rule<\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e8b\u5b9e\u4e0a&#xff0c;\u8fd9\u4e2a\u811a\u672c\u7684\u6700\u5e95\u4e0b\u5df2\u7ecf\u52a0\u5165\u5199\u5165\u9632\u706b\u5899\u9ed8\u8ba4\u89c4\u5219\u6587\u4ef6\u7684\u529f\u80fd&#xff0c;\u6240\u4ee5\u4f60\u53ea\u8981\u6267\u884c\u4e00\u6b21&#xff0c;\u5c31\u62e5\u6709\u6700\u6b63\u786e\u7684\u89c4\u5219\u4e86&#xff01; \u4e0a\u8ff0\u7684 rc.local \u4ec5\u662f\u9884\u9632\u4e07\u4e00\u800c\u5df2\u3002 ^_^&#xff01;\u4e0a\u8ff0\u4e09\u4e2a\u6863\u6848\u8bf7\u4f60\u4e0d\u8981\u5728 Windows \u7cfb\u7edf\u4e0a\u9762\u7f16\u8f91\u540e\u624d\u4f20\u9001\u5230 Linux \u4e0a\u8fd0\u4f5c&#xff0c;\u56e0\u4e3a Windows \u7cfb\u7edf\u7684\u65ad\u884c\u5b57\u7b26\u95ee\u9898&#xff0c;\u5c06\u53ef\u80fd\u5bfc\u81f4\u8be5\u6863\u6848\u65e0\u6cd5\u6267\u884c\u3002\u5efa\u8bae\u4f60\u76f4\u63a5\u5230\u5e95\u4e0b\u53bb\u4e0b\u8f7d&#xff0c;\u4f20\u9001\u5230 Linux \u540e\u53ef\u4ee5\u5229\u7528\u00a0dos2unix\u00a0\u6307\u4ee4\u53bb\u8f6c\u6362\u65ad\u884c\u5b57\u7b26&#xff01;\u5c31\u4e0d\u4f1a\u6709\u95ee\u9898&#xff01;<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">http:\/\/linux.vbird.org\/download\/index.php?action&#061;detail&amp;fileid&#061;43<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u8fd9\u5c31\u662f\u4e00\u4e2a\u6700\u7b80\u5355\u3001\u9633\u6625\u7684\u9632\u706b\u5899\u3002\u540c\u65f6&#xff0c;\u8fd9\u4e2a\u9632\u706b\u5899\u8fd8\u53ef\u4ee5\u5177\u6709\u6700\u9633\u6625\u7684 IP \u5206\u4eab\u5668\u7684\u529f\u80fd\u5462&#xff01; \u4e5f\u5c31\u662f\u5728\u00a0iptables.rule\u00a0\u8fd9\u4e2a\u6863\u6848\u5f53\u4e2d\u7684\u7b2c\u4e8c\u90e8\u5206\u4e86\u3002 \u8fd9\u90e8\u5206\u6211\u4eec\u5728\u4e0b\u4e00\u8282\u4f1a\u518d\u7ee7\u7eed\u4ecb\u7ecd\u7684\u3002<\/span><\/span><\/p>\n<hr \/>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5927\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19um3eindxll2.png\" width=\"534\" \/><\/p>\n<p><span style=\"color:#0000bb\"><span style=\"background-color:#ffffff\">9.5 NAT \u670d\u52a1\u5668\u7684\u8bbe\u5b9a<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u547c\u547c&#xff01;\u7ec8\u4e8e\u6765\u5230\u8fd9\u4e2a\u5730\u65b9\u4e86&#xff01;\u6211\u4eec\u51c6\u5907\u8981\u67b6\u8bbe\u4e00\u4e2a\u8def\u7531\u5668\u7684\u5ef6\u4f38\u670d\u52a1\u5668&#xff0c;\u5c31\u79f0\u4e4b\u4e3a NAT \u670d\u52a1\u5668\u3002 NAT \u662f\u4ec0\u4e48\u5462&#xff1f;\u7b80\u5355\u7684\u8bf4&#xff0c;\u4f60\u53ef\u4ee5\u79f0\u4ed6\u4e3a\u5185\u90e8 LAN \u4e3b\u673a\u7684\u300e IP \u5206\u4eab\u5668\u300f\u5566&#xff01;<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">NAT \u7684\u5168\u540d\u662f Network Address Translation<\/span>&#xff0c;\u5b57\u9762\u4e0a\u7684\u610f\u601d\u662f\u300e\u7f51\u7edc\u5730\u5740\u7684\u8f6c\u6362\u300f\u3002\u7531\u5b57\u9762\u4e0a\u7684\u610f\u601d\u6211\u4eec\u6765\u60f3\u4e00\u60f3&#xff0c; TCP\/IP \u7684\u7f51\u7edc\u5c01\u5305\u4e0d\u662f\u6709 IP \u5730\u5740\u5417&#xff1f;\u90a3 IP \u5730\u5740\u4e0d\u662f\u6709\u6765\u6e90\u4e0e\u76ee\u7684\u5417&#xff1f;\u6211\u4eec\u7684 iptables \u6307\u4ee4\u5c31\u80fd\u591f\u4fee\u6539 IP \u5c01\u5305\u7684\u8868\u5934\u6570\u636e&#xff0c; \u563f\u563f&#xff01;\u8fde\u76ee\u6807\u6216\u6765\u6e90\u7684 IP \u5730\u5740\u90fd\u53ef\u4ee5\u4fee\u6539\u5462&#xff01;\u751a\u81f3\u8fde TCP \u5c01\u5305\u8868\u5934\u7684 port number \u4e5f\u80fd\u4fee\u6539&#xff01;\u771f\u662f\u6709\u8da3&#xff01;<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">NAT \u670d\u52a1\u5668\u7684\u529f\u80fd\u53ef\u4ee5\u8fbe\u5230\u7c7b\u4f3c\u56fe 9.1-2\u6240\u4ecb\u7ecd\u7684\u7c7b\u4f3c IP \u5206\u4eab\u7684\u529f\u80fd\u4e4b\u5916&#xff0c; \u8fd8\u53ef\u4ee5\u8fbe\u5230\u7c7b\u4f3c\u56fe 9.1-4\u6240\u4ecb\u7ecd\u7684 DMZ (\u975e\u519b\u4e8b\u533a) \u7684\u529f\u80fd&#xff01;\u8fd9\u5b8c\u5168\u53d6\u51b3\u4e8e\u6211\u4eec\u7684 NAT \u662f\u4fee\u6539&#xff1a; (1)\u6765\u6e90 IP \u8fd8\u662f (2)\u76ee\u6807 IP &#xff01;\u5e95\u4e0b\u6211\u4eec\u5c31\u6765\u804a\u4e00\u804a\u5427&#xff01; ^_^<\/span><\/span><\/p>\n<p> \u00a0 <\/p>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19s4jvikbgasi.png\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.5.1 \u4ec0\u4e48\u662f NAT&#xff1f; SNAT&#xff1f; DNAT&#xff1f;<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5728\u8c08\u5230 NAT \u7684\u5b9e\u9645\u8fd0\u4f5c\u4e4b\u524d&#xff0c;\u8ba9\u6211\u4eec\u518d\u6765\u770b\u4e00\u4e0b\u6bd4\u8f83\u7b80\u5355\u7684\u5c01\u5305\u900f\u8fc7 iptables \u800c\u4f20\u9001\u5230\u540e\u7aef\u4e3b\u673a\u7684\u8868\u683c\u4e0e\u94fe\u6d41\u7a0b(\u8bf7\u5f80\u524d\u53c2\u8003\u56fe 9.3-4)\u3002 \u5f53\u7f51\u7edc\u5e03\u7ebf\u5982\u56fe 9.1-2\u7684\u67b6\u6784&#xff0c;\u82e5\u5185\u90e8 LAN \u6709\u4efb\u4f55\u4e00\u90e8\u4e3b\u673a\u60f3\u8981\u4f20\u9001\u5c01\u5305\u51fa\u53bb\u65f6&#xff0c; \u90a3\u4e48\u8fd9\u4e2a\u5c01\u5305\u8981\u5982\u4f55\u900f\u8fc7 Linux \u4e3b\u673a\u800c\u4f20\u9001\u51fa\u53bb&#xff1f;\u4ed6\u662f\u8fd9\u6837\u7684&#xff1a;<\/span><\/span><\/p>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5148\u7ecf\u8fc7 NAT table \u7684 PREROUTING \u94fe&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7ecf\u7531\u8def\u7531\u5224\u65ad\u786e\u5b9a\u8fd9\u4e2a\u5c01\u5305\u662f\u8981\u8fdb\u5165\u672c\u673a\u4e0e\u5426&#xff0c;\u82e5\u4e0d\u8fdb\u5165\u672c\u673a&#xff0c;\u5219\u4e0b\u4e00\u6b65&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u518d\u7ecf\u8fc7 Filter table \u7684 FORWARD \u94fe&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u901a\u8fc7 NAT table \u7684 POSTROUTING \u94fe&#xff0c;\u6700\u540e\u4f20\u9001\u51fa\u53bb\u3002<\/span><\/span><\/li>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">NAT \u670d\u52a1\u5668\u7684\u91cd\u70b9\u5c31\u5728\u4e8e\u4e0a\u9762\u6d41\u7a0b\u7684\u7b2c 1,4 \u6b65\u9aa4&#xff0c;\u4e5f\u5c31\u662f NAT table \u7684\u4e24\u6761\u91cd\u8981\u7684\u94fe&#xff1a;PREROUTING \u4e0e POSTROUTING\u3002 \u90a3\u8fd9\u4e24\u6761\u94fe\u6709\u4ec0\u4e48\u91cd\u8981\u7684\u529f\u80fd\u5462&#xff1f;\u91cd\u70b9\u5728\u4e8e\u4fee\u6539 IP \u561b&#xff01;\u4f46\u662f\u8fd9\u4e24\u6761\u94fe\u4fee\u6539\u7684 IP \u662f\u4e0d\u4e00\u6837\u7684&#xff01;\u00a0<span style=\"color:#000088\">POSTROUTING \u5728\u4fee\u6539\u6765\u6e90 IP &#xff0c;PREROUTING \u5219\u5728\u4fee\u6539\u76ee\u6807 IP \u3002<\/span>\u00a0\u7531\u4e8e\u4fee\u6539\u7684 IP \u4e0d\u4e00\u6837&#xff0c;\u6240\u4ee5<span style=\"color:#000088\">\u5c31\u79f0\u4e3a\u6765\u6e90 NAT (Source NAT, SNAT) \u53ca\u76ee\u6807 NAT (Destination NAT, DNAT)<\/span>\u3002\u6211\u4eec\u5148\u6765\u8c08\u4e00\u8c08 IP \u5206\u4eab\u5668\u529f\u80fd\u7684 SNAT \u5427&#xff01;<\/span><\/span><\/p>\n<p> \u00a0 <\/p>\n<ul>\n<li>\n<hr \/>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\u6765\u6e90 NAT, SNAT<\/span>&#xff1a;\u4fee\u6539\u5c01\u5305\u8868\u5934\u7684\u300e\u6765\u6e90\u300f\u9879\u76ee \u4f60\u5e94\u8be5\u6709\u542c\u8bf4\u8fc7 IP \u5206\u4eab\u5668\u8fd9\u4e2a\u73a9\u610f\u513f&#xff0c;\u4ed6\u53ef\u4ee5\u8ba9\u4f60\u5bb6\u5ead\u91cc\u7684\u597d\u51e0\u90e8\u4e3b\u673a\u540c\u65f6\u900f\u8fc7\u4e00\u6761 ADSL \u7f51\u7edc\u8054\u673a\u5230 Internet \u4e0a\u9762&#xff0c; \u4f8b\u5982\u56fe 9.1-2\u8054\u673a\u7684\u65b9\u5f0f\u6765\u8bf4&#xff0c;\u90a3\u4e2a Linux \u4e3b\u673a\u5c31\u662f IP \u5206\u4eab\u5668\u5566&#xff01;\u90a3\u4e48\u4ed6\u662f\u5982\u4f55\u8fbe\u5230 IP \u5206\u4eab\u7684\u529f\u80fd&#xff1f;\u5c31\u662f\u900f\u8fc7 NAT \u8868\u683c\u7684 POSTROUTING \u6765\u5904\u7406\u7684\u3002\u5047\u8bbe\u4f60\u7684\u7f51\u7edc\u5e03\u7ebf\u5982\u56fe 9.1-2\u6240\u793a&#xff0c; \u90a3\u4e48 NAT \u670d\u52a1\u5668\u662f\u5982\u4f55\u5904\u7406\u8fd9\u4e2a\u5c01\u5305\u7684\u5462&#xff1f;<\/span><\/span> \u00a0 <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"SNAT \u5c01\u5305\u4f20\u9001\u51fa\u53bb\u7684\u793a\u610f\u56fe\" height=\"299\" src=\"2025-04-19uibbigvs2f5.png\" width=\"534\" \/><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u56fe 9.5-1\u3001SNAT \u5c01\u5305\u4f20\u9001\u51fa\u53bb\u7684\u793a\u610f\u56fe<\/span><\/span><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5982\u4e0a\u56fe\u6240\u793a&#xff0c;\u5728\u5ba2\u6237\u7aef 192.168.1.100 \u8fd9\u90e8\u4e3b\u673a\u8981\u8054\u673a\u5230 http:\/\/tw.yahoo.com \u53bb\u65f6&#xff0c;\u4ed6\u7684\u5c01\u5305\u8868\u5934\u4f1a\u5982\u4f55\u53d8\u5316&#xff1f;<\/span><\/span> \u00a0 <\/p>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5ba2\u6237\u7aef\u6240\u53d1\u51fa\u7684\u5c01\u5305\u8868\u5934\u4e2d&#xff0c;\u6765\u6e90\u4f1a\u662f 192.168.1.100 &#xff0c;\u7136\u540e\u4f20\u9001\u5230 NAT \u8fd9\u90e8\u4e3b\u673a&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">NAT \u8fd9\u90e8\u4e3b\u673a\u7684\u5185\u90e8\u63a5\u53e3 (192.168.1.2) \u63a5\u6536\u5230\u8fd9\u4e2a\u5c01\u5305\u540e&#xff0c;\u4f1a\u4e3b\u52a8\u5206\u6790\u8868\u5934\u6570\u636e&#xff0c; \u56e0\u4e3a<span style=\"color:#000088\">\u8868\u5934\u6570\u636e\u663e\u793a\u76ee\u7684\u5e76\u975e Linux \u672c\u673a&#xff0c;\u6240\u4ee5\u5f00\u59cb\u7ecf\u8fc7\u8def\u7531<\/span>&#xff0c; \u5c06\u6b64\u5c01\u5305\u8f6c\u5230\u53ef\u4ee5\u8fde\u63a5\u5230 Internet \u7684 Public IP \u5904&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\u7531\u4e8e private IP \u4e0e public IP \u4e0d\u80fd\u4e92\u901a&#xff0c;\u6240\u4ee5 Linux \u4e3b\u673a\u900f\u8fc7 iptables \u7684 NAT table \u5185\u7684 Postrouting \u94fe\u5c06\u5c01\u5305\u8868\u5934\u7684\u6765\u6e90\u4f2a\u88c5\u6210\u4e3a Linux \u7684 Public IP &#xff0c;\u5e76\u4e14\u5c06\u4e24\u4e2a\u4e0d\u540c\u6765\u6e90 (192.168.1.100 \u53ca public IP) \u7684\u5c01\u5305\u5bf9\u5e94\u5199\u5165\u6682\u5b58\u5185\u5b58\u5f53\u4e2d&#xff0c; \u7136\u540e\u5c06\u6b64\u5c01\u5305\u4f20\u9001\u51fa\u53bb\u4e86<\/span>&#xff1b;<\/span><\/span><\/li>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6b64\u65f6 Internet \u4e0a\u9762\u770b\u5230\u8fd9\u4e2a\u5c01\u5305\u65f6&#xff0c;\u90fd\u53ea\u4f1a\u77e5\u9053\u8fd9\u4e2a\u5c01\u5305\u6765\u81ea\u90a3\u4e2a Public IP \u800c\u4e0d\u77e5\u9053\u5176\u5b9e\u662f\u6765\u81ea\u5185\u90e8\u5566\u3002 \u597d\u4e86&#xff0c;\u90a3\u4e48\u5982\u679c Internet \u56de\u4f20\u5c01\u5305\u5462&#xff1f;\u53c8\u4f1a\u600e\u4e48\u4f5c&#xff1f;<\/span><\/span> \u00a0 <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"SNAT \u5c01\u5305\u63a5\u6536\u7684\u793a\u610f\u56fe\" height=\"299\" src=\"2025-04-19vuhbh4funli.png\" width=\"534\" \/><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u56fe 9.5-2\u3001SNAT \u5c01\u5305\u63a5\u6536\u7684\u793a\u610f\u56fe<\/span><\/span><\/p>\n<p> \u00a0 <\/p>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5728 Internet \u4e0a\u9762\u7684\u4e3b\u673a\u63a5\u5230\u8fd9\u4e2a\u5c01\u5305\u65f6&#xff0c;\u4f1a\u5c06\u54cd\u5e94\u6570\u636e\u4f20\u9001\u7ed9\u90a3\u4e2a Public IP \u7684\u4e3b\u673a&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5f53 Linux NAT \u670d\u52a1\u5668\u6536\u5230\u6765\u81ea Internet \u7684\u56de\u5e94\u5c01\u5305\u540e&#xff0c;\u4f1a\u5206\u6790\u8be5\u5c01\u5305\u7684\u5e8f\u53f7&#xff0c;\u5e76\u6bd4\u5bf9\u521a\u521a\u8bb0\u5f55\u5230\u5185\u5b58\u5f53\u4e2d\u7684\u6570\u636e&#xff0c; \u7531\u4e8e\u53d1\u73b0\u8be5\u5c01\u5305\u4e3a\u540e\u7aef\u4e3b\u673a\u4e4b\u524d\u4f20\u9001\u51fa\u53bb\u7684&#xff0c;<span style=\"color:#000088\">\u56e0\u6b64\u5728 NAT Prerouting \u94fe\u4e2d&#xff0c;\u4f1a\u5c06\u76ee\u6807 IP \u4fee\u6539\u6210\u4e3a\u540e\u7aef\u4e3b\u673a&#xff0c;\u4ea6\u5373\u90a3\u90e8 192.168.1.100&#xff0c;\u7136\u540e\u53d1\u73b0\u76ee\u6807\u5df2\u7ecf\u4e0d\u662f\u672c\u673a (public IP)&#xff0c; \u6240\u4ee5\u5f00\u59cb\u900f\u8fc7\u8def\u7531\u5206\u6790\u5c01\u5305\u6d41\u5411<\/span>&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5c01\u5305\u4f1a\u4f20\u9001\u5230 192.168.1.2 \u8fd9\u4e2a\u5185\u90e8\u63a5\u53e3&#xff0c;\u7136\u540e\u518d\u4f20\u9001\u5230\u6700\u7ec8\u76ee\u6807 192.168.1.100 \u673a\u5668\u4e0a\u53bb&#xff01;<\/span><\/span><\/li>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7ecf\u8fc7\u8fd9\u4e2a\u6d41\u7a0b&#xff0c;\u4f60\u5c31\u53ef\u4ee5\u53d1\u73b0\u5230&#xff0c;\u6240\u6709\u5185\u90e8 LAN \u7684\u4e3b\u673a\u90fd\u53ef\u4ee5\u900f\u8fc7\u8fd9\u90e8 NAT \u670d\u52a1\u5668\u8054\u673a\u51fa\u53bb&#xff0c; \u800c\u5927\u5bb6\u5728 Internet \u4e0a\u9762\u770b\u5230\u7684\u90fd\u662f\u540c\u4e00\u4e2a IP (\u5c31\u662f NAT \u90a3\u90e8\u4e3b\u673a\u7684 public IP \u5566&#xff01;)&#xff0c; \u6240\u4ee5&#xff0c;\u5982\u679c\u5185\u90e8 LAN \u4e3b\u673a\u6ca1\u6709\u8fde\u4e0a\u4e0d\u660e\u7f51\u7ad9\u7684\u8bdd&#xff0c;\u90a3\u4e48\u5185\u90e8\u4e3b\u673a\u5176\u5b9e\u662f\u5177\u6709\u4e00\u5b9a\u7a0b\u5ea6\u7684\u5b89\u5168\u6027\u7684\u5566&#xff01; \u56e0\u4e3a Internet \u4e0a\u7684\u5176\u4ed6\u4e3b\u673a\u6ca1\u6709\u529e\u6cd5\u4e3b\u52a8\u653b\u51fb\u4f60\u7684 LAN \u5185\u7684 PC \u561b&#xff01;\u6240\u4ee5\u6211\u4eec\u624d\u4f1a\u8bf4&#xff0c; NAT \u6700\u7b80\u5355\u7684\u529f\u80fd\u5c31\u662f\u7c7b\u4f3c IP \u5206\u4eab\u5668\u5566&#xff01;\u90a3\u4e5f\u662f SNAT \u7684\u4e00\u79cd\u3002<\/span><\/span> <\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">Tips:<span style=\"color:#009000\">NAT \u670d\u52a1\u5668\u4e0e\u8def\u7531\u5668\u6709\u5565\u4e0d\u540c&#xff1f;\u57fa\u672c\u4e0a&#xff0c;NAT \u670d\u52a1\u5668\u4e00\u5b9a\u662f\u8def\u7531\u5668&#xff0c;\u4e0d\u8fc7&#xff0c; NAT \u670d\u52a1\u5668\u7531\u4e8e\u4f1a\u4fee\u6539 IP \u8868\u5934\u6570\u636e&#xff0c; \u56e0\u6b64\u4e0e\u5355\u7eaf\u8f6c\u9012\u5c01\u5305\u7684\u8def\u7531\u5668\u4e0d\u540c\u3002\u6700\u5e38\u89c1\u7684 IP \u5206\u4eab\u5668\u5c31\u662f\u4e00\u4e2a\u8def\u7531\u5668&#xff0c;\u4f46\u662f\u8fd9\u4e2a IP \u5206\u4eab\u5668\u4e00\u5b9a\u4f1a\u6709\u4e00\u4e2a Public IP \u4e0e\u4e00\u4e2a Private IP&#xff0c;\u8ba9 LAN \u5185\u7684 Private IP \u53ef\u4ee5\u900f\u8fc7 IP \u5206\u4eab\u5668\u7684 Public IP \u4f20\u9001\u51fa\u53bb\u5594&#xff01; \u81f3\u4e8e\u8def\u7531\u5668\u901a\u5e38\u4e24\u8fb9\u90fd\u662f Public IP \u6216\u540c\u65f6\u4e3a Private IP\u3002<\/span><\/span><\/span><\/td>\n<td>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u9e1f\u54e5\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19mmjfkkr3qpq.png\" width=\"534\" \/><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/li>\n<li>\n<hr \/>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#000088\">\u76ee\u6807 NAT, DNAT<\/span>&#xff1a;\u4fee\u6539\u5c01\u5305\u8868\u5934\u7684\u300e\u76ee\u6807\u300f\u9879\u76ee SNAT \u4e3b\u8981\u662f\u5e94\u4ed8\u5185\u90e8 LAN \u8fde\u63a5\u5230 Internet \u7684\u4f7f\u7528\u65b9\u5f0f&#xff0c;\u81f3\u4e8e\u00a0<span style=\"color:#000088\">DNAT \u5219\u4e3b\u8981\u7528\u5728\u5185\u90e8\u4e3b\u673a\u60f3\u8981\u67b6\u8bbe\u53ef\u4ee5\u8ba9 Internet \u5b58\u53d6\u7684\u670d\u52a1\u5668\u5566&#xff01; \u5c31\u6709\u70b9\u7c7b\u4f3c\u56fe 9.1-4\u7684 DMZ \u5185\u7684\u670d\u52a1\u5668\u554a&#xff01;<\/span>\u5e95\u4e0b\u4e5f\u5148\u6765\u8c08\u4e00\u8c08 DNAT \u7684\u8fd0\u4f5c\u5427&#xff01;<\/span><\/span> \u00a0 <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"DNAT \u7684\u5c01\u5305\u4f20\u9001\u793a\u610f\u56fe\" height=\"299\" src=\"2025-04-19mikqvu5lf2x.png\" width=\"534\" \/><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u56fe 9.5-3\u3001DNAT \u7684\u5c01\u5305\u4f20\u9001\u793a\u610f\u56fe<\/span><\/span><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5982\u4e0a\u56fe\u6240\u793a&#xff0c;\u5047\u8bbe\u6211\u7684\u5185\u90e8\u4e3b\u673a 192.168.1.210 \u542f\u52a8\u4e86 WWW \u670d\u52a1&#xff0c;\u8fd9\u4e2a\u670d\u52a1\u7684 port \u5f00\u542f\u5728 port 80 &#xff0c; \u90a3\u4e48 Internet \u4e0a\u9762\u7684\u4e3b\u673a (61.xx.xx.xx) \u8981\u5982\u4f55\u8fde\u63a5\u5230\u6211\u7684\u5185\u90e8\u670d\u52a1\u5668\u5462&#xff1f;\u5f53\u7136\u5566&#xff0c; \u8fd8\u662f\u5f97\u8981\u900f\u8fc7 Linux NAT \u670d\u52a1\u5668\u561b&#xff01;\u6240\u4ee5\u8fd9\u90e8 Internet \u4e0a\u9762\u7684\u673a\u5668\u5fc5\u987b\u8981\u8fde\u63a5\u5230\u6211\u4eec\u7684 NAT \u7684 public IP \u624d\u884c\u3002<\/span><\/span> \u00a0 <\/p>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5916\u90e8\u4e3b\u673a\u60f3\u8981\u8fde\u63a5\u5230\u76ee\u7684\u7aef\u7684 WWW \u670d\u52a1&#xff0c;\u5219\u5fc5\u987b\u8981\u8fde\u63a5\u5230\u6211\u4eec\u7684 NAT \u670d\u52a1\u5668\u4e0a\u5934&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6211\u4eec\u7684 NAT \u670d\u52a1\u5668\u5df2\u7ecf\u8bbe\u5b9a\u597d\u8981\u5206\u6790\u51fa port 80 \u7684\u5c01\u5305&#xff0c;\u6240\u4ee5\u5f53 NAT \u670d\u52a1\u5668\u63a5\u5230\u8fd9\u4e2a\u5c01\u5305\u540e&#xff0c; \u4f1a\u5c06\u76ee\u6807 IP \u7531 public IP \u6539\u6210 192.168.1.210 &#xff0c;\u4e14\u5c06\u8be5\u5c01\u5305\u76f8\u5173\u4fe1\u606f\u8bb0\u5f55\u4e0b\u6765&#xff0c;\u7b49\u5f85\u5185\u90e8\u670d\u52a1\u5668\u7684\u54cd\u5e94&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e0a\u8ff0\u7684\u5c01\u5305\u5728\u7ecf\u8fc7\u8def\u7531\u540e&#xff0c;\u6765\u5230 private \u63a5\u53e3\u5904&#xff0c;\u7136\u540e\u900f\u8fc7\u5185\u90e8\u7684 LAN \u4f20\u9001\u5230 192.168.1.210 \u4e0a\u5934&#xff01;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">192.186.1.210 \u4f1a\u54cd\u5e94\u6570\u636e\u7ed9 61.xx.xx.xx &#xff0c;\u8fd9\u4e2a\u56de\u5e94\u5f53\u7136\u4f1a\u4f20\u9001\u5230 192.168.1.2 \u4e0a\u5934\u53bb&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7ecf\u8fc7\u8def\u7531\u5224\u65ad\u540e&#xff0c;\u6765\u5230 NAT Postrouting \u7684\u94fe&#xff0c;\u7136\u540e\u900f\u8fc7\u521a\u521a\u7b2c\u4e8c\u6b65\u9aa4\u7684\u8bb0\u5f55&#xff0c;\u5c06\u6765\u6e90 IP \u7531 192.168.1.210 \u6539\u4e3a public IP \u540e&#xff0c;\u5c31\u53ef\u4ee5\u4f20\u9001\u51fa\u53bb\u4e86&#xff01;<\/span><\/span><\/li>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5176\u5b9e\u6574\u4e2a\u6b65\u9aa4\u51e0\u4e4e\u5c31\u7b49\u4e8e SNAT \u7684\u53cd\u5411\u4f20\u9001\u54e9&#xff01;\u8fd9\u5c31\u662f DNAT \u5570&#xff01;\u5f88\u7b80\u5355\u5427&#xff01;<\/span><\/span><\/li>\n<\/ul>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-192imlhymxjur.png\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.5.2 \u6700\u9633\u6625 NAT \u670d\u52a1\u5668&#xff1a; IP \u5206\u4eab\u529f\u80fd<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5728 Linux \u7684 NAT \u670d\u52a1\u5668\u670d\u52a1\u5f53\u4e2d&#xff0c;\u6700\u5e38\u89c1\u7684\u5c31\u662f\u7c7b\u4f3c\u56fe 9.1-2\u7684 IP \u5206\u4eab\u5668\u529f\u80fd\u4e86\u3002 \u800c\u7531\u521a\u521a\u7684\u4ecb\u7ecd\u4f60\u4e5f\u8be5\u77e5\u9053&#xff0c;\u8fd9\u4e2a IP \u5206\u4eab\u5668\u7684\u529f\u80fd\u5176\u5b9e\u5c31\u662f SNAT \u5566&#xff01;\u4f5c\u7528\u5c31\u53ea\u662f\u5728 iptables \u5185\u7684 NAT \u8868\u683c\u5f53\u4e2d&#xff0c;\u90a3\u4e2a\u8def\u7531\u540e\u7684 POSTROUTING \u94fe\u8fdb\u884c IP \u7684\u4f2a\u88c5\u5c31\u662f\u4e86\u3002\u53e6\u5916&#xff0c; \u4f60\u4e5f\u5fc5\u987b\u8981\u4e86\u89e3&#xff0c;\u4f60\u7684 NAT \u670d\u52a1\u5668\u5fc5\u987b\u8981\u6709\u4e00\u4e2a public IP \u63a5\u53e3&#xff0c;\u4ee5\u53ca\u4e00\u4e2a\u5185\u90e8 LAN \u8fde\u63a5\u7684 private IP \u754c\u9762\u624d\u884c\u3002\u5e95\u4e0b\u7684\u8303\u4f8b\u4e2d&#xff0c;\u9e1f\u54e5\u7684\u5047\u8bbe\u662f\u8fd9\u6837\u7684&#xff1a;<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5916\u90e8\u63a5\u53e3\u4f7f\u7528 eth0 &#xff0c;\u8fd9\u4e2a\u63a5\u53e3\u5177\u6709 public IP \u5594&#xff1b;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5185\u90e8\u63a5\u53e3\u4f7f\u7528 eth1 &#xff0c;\u5047\u8bbe\u8fd9\u4e2a IP \u4e3a 192.168.100.254 &#xff1b;<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u8bb0\u4f4f&#xff01;\u5f53\u4f60\u5229\u7528\u524d\u9762\u51e0\u7ae0\u8c08\u5230\u7684\u6570\u636e\u6765\u8bbe\u5b9a\u4f60\u7684\u7f51\u7edc\u53c2\u6570\u540e&#xff0c;\u52a1\u5fc5\u8981\u8fdb\u884c\u8def\u7531\u7684\u68c0\u6d4b&#xff0c; \u56e0\u4e3a\u5728 NAT \u670d\u52a1\u5668\u7684\u8bbe\u5b9a\u65b9\u9762&#xff0c;\u6700\u5bb9\u6613\u51fa\u9519\u7684\u5730\u65b9\u5c31\u662f\u8def\u7531\u4e86&#xff01;\u5c24\u5176\u662f\u5728\u62e8\u63a5\u4ea7\u751f ppp0 \u8fd9\u4e2a\u5bf9\u5916\u63a5\u53e3\u7684\u73af\u5883\u4e0b&#xff0c; \u8fd9\u4e2a\u95ee\u9898\u6700\u4e25\u91cd\u3002\u53cd\u6b63\u4f60\u8981\u8bb0\u5f97&#xff1a;\u300e<span style=\"color:#000088\">\u5982\u679c\u4f60\u7684 public IP \u53d6\u5f97\u7684\u65b9\u5f0f\u662f\u62e8\u63a5\u6216 cable modem \u65f6&#xff0c;\u4f60\u7684\u914d\u7f6e\u6587\u4ef6 \/etc\/sysconfig\/network, ifcfg-eth0, ifcfg-eth1 \u7b49\u6863\u6848&#xff0c;\u5343\u4e07\u4e0d\u8981\u8bbe\u5b9a GATEWAY \u5566&#xff01;<\/span>\u300f\u5426\u5219\u5c31\u4f1a\u51fa\u73b0\u4e24\u4e2a default gateway &#xff0c;\u53cd\u800c\u4f1a\u9020\u6210\u95ee\u9898\u3002<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5982\u679c\u4f60\u521a\u521a\u5df2\u7ecf\u4e0b\u8f7d\u4e86\u00a0iptables.rule\u00a0&#xff0c;\u90a3\u4e48\u8be5\u6863\u6848\u5185\u5df2\u7ecf\u542b\u6709 NAT \u7684\u811a\u672c\u4e86&#xff01; \u4f60\u53ef\u4ee5\u770b\u5230\u8be5\u6863\u6848\u7684\u7b2c\u4e8c\u90e8\u4efd\u5173\u4e8e NAT \u670d\u52a1\u5668\u7684\u90e8\u5206&#xff0c;\u5e94\u8be5\u6709\u770b\u5230\u5e95\u4e0b\u8fd9\u51e0\u884c&#xff1a;<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">iptables -A INPUT -i $INIF -j ACCEPT<br \/>\n<span style=\"color:#ff6666\"># \u8fd9\u4e00\u884c\u4e3a\u975e\u5fc5\u8981\u7684&#xff0c;\u4e3b\u8981\u7684\u76ee\u7684\u662f\u8ba9\u5185\u7f51 LAN \u80fd\u591f\u5b8c\u5168\u7684\u4f7f\u7528 NAT \u670d\u52a1\u5668\u8d44\u6e90\u3002<br \/>\n# \u5176\u4e2d $INIF \u5728\u672c\u4f8b\u4e2d\u4e3a eth1 \u63a5\u53e3<\/span><\/p>\n<p>echo &#034;1&#034; &gt; \/proc\/sys\/net\/ipv4\/ip_forward<br \/>\n<span style=\"color:#ff6666\"># \u4e0a\u5934\u8fd9\u4e00\u884c\u5219\u662f\u5728\u8ba9\u4f60\u7684 Linux \u5177\u6709 router \u7684\u80fd\u529b<\/span><\/p>\n<p><span style=\"color:#FFFF00\">iptables -t nat -A POSTROUTING -s $innet -o $EXTIF -j MASQUERADE<\/span><br \/>\n<span style=\"color:#ff6666\"># \u8fd9\u4e00\u884c\u6700\u5173\u952e&#xff01;\u5c31\u662f\u52a0\u5165 nat table \u5c01\u5305\u4f2a\u88c5&#xff01;\u672c\u4f8b\u4e2d $innet \u662f 192.168.100.0\/24<br \/>\n# \u800c $EXTIF \u5219\u662f\u5bf9\u5916\u754c\u9762&#xff0c;\u672c\u4f8b\u4e2d\u4e3a eth0 <\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u91cd\u70b9\u5728\u90a3\u4e2a\u300e MASQUERADE \u300f&#xff01;\u8fd9\u4e2a\u8bbe\u5b9a\u503c\u5c31\u662f\u300e\u00a0<span style=\"color:#000088\">IP \u4f2a\u88c5\u6210\u4e3a\u5c01\u5305\u51fa\u53bb (-o) \u7684\u90a3\u5757\u88c5\u7f6e\u4e0a\u7684 IP<\/span>\u00a0\u300f&#xff01;\u4ee5\u4e0a\u9762\u7684\u4f8b\u5b50\u6765\u8bf4&#xff0c;\u5c31\u662f $EXTIF &#xff0c;\u4e5f\u5c31\u662f eth0 \u5566&#xff01; \u6240\u4ee5\u5c01\u5305\u6765\u6e90\u53ea\u8981\u6765\u81ea $innet (\u4e5f\u5c31\u662f\u5185\u90e8 LAN \u7684\u5176\u4ed6\u4e3b\u673a) &#xff0c;\u53ea\u8981\u8be5\u5c01\u5305\u53ef\u900f\u8fc7 eth0 \u4f20\u9001\u51fa\u53bb&#xff0c; \u90a3\u5c31\u4f1a\u81ea\u52a8\u7684\u4fee\u6539 IP \u7684\u6765\u6e90\u8868\u5934\u6210\u4e3a eth0 \u7684 public IP \u5566&#xff01;\u5c31\u8fd9\u4e48\u7b80\u5355&#xff01; \u4f60\u53ea\u8981\u5c06\u00a0iptables.rule\u00a0\u4e0b\u8f7d\u540e&#xff0c;\u5e76\u8bbe\u5b9a\u597d\u4f60\u7684\u5185\u3001\u5916\u7f51\u7edc\u63a5\u53e3&#xff0c; \u6267\u884c iptables.rule \u540e&#xff0c;\u4f60\u7684 Linux \u5c31\u62e5\u6709\u4e3b\u673a\u9632\u706b\u5899\u4ee5\u53ca NAT \u670d\u52a1\u5668\u7684\u529f\u80fd\u4e86&#xff01;<\/span><\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4f8b\u9898&#xff1a;<\/span><\/span> <\/p>\n<p>       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5982\u540c\u4e0a\u9762\u6240\u8ff0\u7684\u6848\u4f8b&#xff0c;\u90a3\u4e48\u4f60\u7684 LAN \u5185\u7684\u5176\u4ed6 PC \u5e94\u8be5\u8981\u5982\u4f55\u8bbe\u5b9a\u76f8\u5173\u7684\u7f51\u7edc\u53c2\u6570&#xff1f;<\/span><\/span><br \/>\n       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7b54&#xff1a;<\/span><\/span> <\/p>\n<p>       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7b54\u6848\u5176\u5b9e\u5f88\u7b80\u5355\u554a&#xff0c;\u5c06 NAT \u670d\u52a1\u5668\u4f5c\u4e3a PC \u7684 GATEWAY \u5373\u53ef&#xff01;\u53ea\u8981\u8bb0\u5f97\u5e95\u4e0b\u7684\u53c2\u6570\u503c&#xff1a;<\/span><\/span> <\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">NETWORK \u4e3a 192.168.100.0<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">NETMASK \u4e3a 255.255.255.0<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">BROADCAST \u4e3a 192.168.100.255<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">IP \u53ef\u4ee5\u8bbe\u5b9a 192.168.100.1 ~ 192.168.100.254 \u95f4&#xff0c;\u4e0d\u53ef\u91cd\u590d&#xff01;<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u901a\u8baf\u95f8 (Gateway) \u9700\u8981\u8bbe\u5b9a\u4e3a 192.168.100.254 (NAT \u670d\u52a1\u5668\u7684 Private IP)<\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">DNS (\/etc\/resolv.conf) \u9700\u8bbe\u5b9a\u4e3a 168.95.1.1 (Hinet) \u6216 139.175.10.20 (Seed Net)&#xff0c;\u8fd9\u4e2a\u8bf7\u4f9d\u4f60\u7684 ISP \u800c\u5b9a&#xff1b;<\/span><\/span><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p> \u00a0 <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e8b\u5b9e\u4e0a&#xff0c;\u9664\u4e86 IP \u4f2a\u88c5 (MASQUERADE) \u4e4b\u5916&#xff0c;\u6211\u4eec\u8fd8\u53ef\u4ee5\u76f4\u63a5\u6307\u5b9a\u4fee\u6539 IP \u5c01\u5305\u8868\u5934\u7684\u6765\u6e90 IP \u5462&#xff01; \u4e3e\u4f8b\u6765\u8bf4&#xff0c;\u5982\u4e0b\u9762\u8fd9\u4e2a\u4f8b\u5b50&#xff1a;<\/span><\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4f8b\u9898&#xff1a;<\/span><\/span> <\/p>\n<p>       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5047\u8bbe\u5bf9\u5916\u7684 IP \u56fa\u5b9a\u4e3a 192.168.1.100 &#xff0c;\u82e5\u4e0d\u60f3\u4f7f\u7528\u4f2a\u88c5&#xff0c;\u8be5\u5982\u4f55\u5904\u7406&#xff1f;<\/span><\/span><br \/>\n       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7b54&#xff1a;<\/span><\/span> <\/p>\n<p>       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">iptables -t nat -A POSTROUTING -o eth0 -j SNAT \\\\<br \/>\n         &#8211;to-source 192.168.1.100<\/span><\/span>\n       <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p> \u00a0 <\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4f8b\u9898&#xff1a;<\/span><\/span> <\/p>\n<p>       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5047\u8bbe\u4f60\u7684 NAT \u670d\u52a1\u5668\u5bf9\u5916 IP \u6709\u597d\u51e0\u4e2a&#xff0c;\u90a3\u4f60\u60f3\u8981\u8f6e\u6d41\u4f7f\u7528\u4e0d\u540c\u7684 IP \u65f6&#xff0c;\u53c8\u8be5\u5982\u4f55\u8bbe\u5b9a&#xff1f;\u4e3e\u4f8b\u6765\u8bf4&#xff0c;\u4f60\u7684 IP \u8303\u56f4\u4e3a 192.168.1.210~192.168.1.220<\/span><\/span><br \/>\n       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7b54&#xff1a;<\/span><\/span> <\/p>\n<p>       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">iptables -t nat -A POSTROUTING -o eth0 -j SNAT \\\\<br \/>\n         &#8211;to-source 192.168.1.210-192.168.1.220<\/span><\/span>\n       <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p> \u00a0 <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u8fd9\u6837\u4e5f\u53ef\u4ee5\u4fee\u6539\u7f51\u7edc\u5c01\u5305\u7684\u6765\u6e90 IP \u8d44\u6599\u5594&#xff01;\u4e0d\u8fc7&#xff0c;\u9664\u975e\u4f60\u4f7f\u7528\u7684\u662f\u56fa\u5b9a IP &#xff0c;\u4e14\u6709\u591a\u4e2a IP \u53ef\u4ee5\u5bf9\u5916\u8054\u673a&#xff0c;\u5426\u5219\u4e00\u822c\u4f7f\u7528 IP \u4f2a\u88c5\u5373\u53ef&#xff0c;\u4e0d\u9700\u8981\u4f7f\u7528\u5230\u8fd9\u4e2a SNAT \u5566&#xff01;\u5f53\u7136&#xff0c;\u4f60\u4e5f\u53ef\u80fd\u6709\u81ea\u5df1\u7684\u72ec\u7279\u7684\u73af\u5883\u5566&#xff01; ^_^<\/span><\/span><\/p>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19jjkhpkw0png.png\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.5.3 iptables \u7684\u989d\u5916\u6838\u5fc3\u6a21\u5757\u529f\u80fd<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5982\u679c\u4f60\u521a\u521a\u5728\u00a0iptables.rule\u00a0\u5185\u7684\u7b2c\u4e8c\u90e8\u5206\u6709\u4ed4\u7ec6\u770b\u7684\u8bdd&#xff0c; \u90a3\u6709\u6ca1\u6709\u89c9\u5f97\u5f88\u5947\u602a&#xff0c;\u4e3a\u4f55\u6211\u4eec\u9700\u8981\u52a0\u8f7d\u4e00\u4e9b\u6709\u7528\u7684\u6a21\u5757&#xff1f;\u4e3e\u4f8b\u6765\u8bf4&#xff0c; ip_nat_ftp \u53ca ip_nat_irc &#xff1f; \u8fd9\u662f\u56e0\u4e3a\u5f88\u591a\u901a\u8baf\u534f\u8bae\u4f7f\u7528\u7684\u5c01\u5305\u4f20\u8f93\u6bd4\u8f83\u7279\u6b8a&#xff0c;\u5c24\u5176\u662f FTP \u6587\u4ef6\u4f20\u8f93\u4f7f\u7528\u5230\u4e24\u4e2a port \u6765\u5904\u7406\u6570\u636e&#xff01; \u8fd9\u4e2a\u90e8\u5206\u6211\u4eec\u4f1a\u5728 FTP \u7ae0\u8282\u518d\u6765\u8be6\u8c08&#xff0c;\u5728\u8fd9\u91cc\u4f60\u8981\u5148\u77e5\u9053&#xff0c;\u6211\u4eec\u7684 iptables \u63d0\u4f9b\u5f88\u591a\u597d\u7528\u7684\u6a21\u5757&#xff0c; \u8fd9\u4e9b\u6a21\u5757\u53ef\u4ee5\u8f85\u52a9\u5c01\u5305\u7684\u8fc7\u6ee4\u7528\u9014&#xff0c;\u8ba9\u6211\u4eec\u53ef\u4ee5\u8282\u7701\u5f88\u591a iptables \u7684\u89c4\u5219\u62df\u5b9a&#xff0c;\u597d\u68d2\u7684\u5436&#xff01; ^_^<\/span><\/span><\/p>\n<hr \/>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><\/span><\/span> <\/p>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5c0f\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19awgnjlyhztu.png\" width=\"534\" \/><\/p>\n<p> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#0000bb\">9.5.4 \u5728\u9632\u706b\u5899\u540e\u7aef\u4e4b\u7f51\u7edc\u670d\u52a1\u5668 DNAT \u8bbe\u5b9a<\/span><\/span><\/span> <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u65e2\u7136\u53ef\u4ee5\u505a SNAT \u7684 IP \u5206\u4eab\u529f\u80fd&#xff0c;\u6211\u4eec\u5f53\u7136\u53ef\u4ee5\u4f7f\u7528 iptables \u505a\u51fa DMZ \u5566&#xff01; \u4f46\u662f\u518d\u6b21\u91cd\u7533&#xff0c;\u4e0d\u540c\u7684\u670d\u52a1\u5668\u5c01\u5305\u4f20\u8f93\u7684\u65b9\u5f0f\u53ef\u80fd\u6709\u70b9\u5dee\u5f02&#xff0c;\u56e0\u6b64&#xff0c;\u5efa\u8bae\u65b0\u624b\u4e0d\u8981\u73a9\u8fd9\u4e2a\u549a\u549a&#xff01; \u5426\u5219\u5f88\u5bb9\u6613\u5bfc\u81f4\u67d0\u4e9b\u670d\u52a1\u65e0\u6cd5\u987a\u5229\u5bf9 Internet \u63d0\u4f9b\u7684\u95ee\u9898\u3002<\/span><\/span><\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5148\u6765\u8c08\u4e00\u8c08&#xff0c;\u5982\u679c\u6211\u60f3\u8981\u5904\u7406 DNAT \u7684\u529f\u80fd\u65f6&#xff0c; iptables \u8981\u5982\u4f55\u4e0b\u8fbe\u6307\u4ee4&#xff1f; \u53e6\u5916&#xff0c;\u4f60\u5fc5\u987b\u8981\u77e5\u9053\u7684\u662f&#xff0c;<span style=\"color:#000088\">\u00a0DNAT \u7528\u5230\u7684\u662f nat table \u7684 Prerouting \u94fe<\/span>\u5594&#xff01;\u4e0d\u8981\u641e\u9519\u4e86\u3002<\/span><\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4f8b\u9898&#xff1a;<\/span><\/span> <\/p>\n<p>       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5047\u8bbe\u5185\u7f51\u6709\u90e8\u4e3b\u673a IP \u4e3a 192.168.100.10 &#xff0c;\u8be5\u4e3b\u673a\u662f\u53ef\u5bf9 Internet \u5f00\u653e\u7684 WWW \u670d\u52a1\u5668\u3002\u4f60\u8be5\u5982\u4f55\u900f\u8fc7 NAT \u673a\u5236&#xff0c;\u5c06 WWW \u5c01\u5305\u4f20\u5230\u8be5\u4e3b\u673a\u4e0a&#xff1f;<\/span><\/span><br \/>\n       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u7b54&#xff1a;<\/span><\/span> <\/p>\n<p>       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5047\u8bbe public IP \u6240\u5728\u7684\u63a5\u53e3\u4e3a eth0 &#xff0c;\u90a3\u4e48\u4f60\u7684\u89c4\u5219\u5c31\u662f&#xff1a;<\/span><\/span><br \/>\n       <span style=\"color:#000000\"><span style=\"background-color:#ffffff\">iptables -t nat -A PREROUTING -i eth0 -p tcp &#8211;dport 80 \\\\<br \/>\n     -j DNAT &#8211;to-destination 192.168.100.10:80 <\/span><\/span>\n       <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p> \u00a0 <\/p>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u90a3\u4e2a\u300e -j DNAT &#8211;to-destination IP[:port] \u300f\u5c31\u662f\u7cbe\u9ad3\u5566&#xff01;\u4ee3\u8868\u4ece eth0 \u8fd9\u4e2a\u63a5\u53e3\u4f20\u5165\u7684&#xff0c;\u4e14\u60f3\u8981\u4f7f\u7528 port 80 \u7684\u670d\u52a1\u65f6&#xff0c; \u5c06\u8be5\u5c01\u5305\u91cd\u65b0\u4f20\u5bfc\u5230 192.168.100.10:80 \u7684 IP \u53ca port \u4e0a\u9762&#xff01;\u53ef\u4ee5\u540c\u65f6\u4fee\u6539 IP \u4e0e port \u5462&#xff01;\u771f\u65b9\u4fbf\u3002 \u5176\u4ed6\u8fd8\u6709\u4e00\u4e9b\u8f83\u8fdb\u9636\u7684 iptables \u4f7f\u7528\u65b9\u5f0f&#xff0c;\u5982\u4e0b\u6240\u793a&#xff1a;<\/span><\/span><\/p>\n<table style=\"width:580px\">\n<tbody>\n<tr>\n<td style=\"background-color:#000000\"> <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">-j REDIRECT &#8211;to-ports &lt;port number&gt;<br \/>\n<span style=\"color:#ff6666\"># \u8fd9\u4e2a\u4e5f\u633a\u5e38\u89c1\u7684&#xff0c;\u57fa\u672c\u4e0a&#xff0c;\u5c31\u662f\u8fdb\u884c\u672c\u673a\u4e0a\u9762 port \u7684\u8f6c\u6362\u5c31\u662f\u4e86&#xff01;<br \/>\n# \u4e0d\u8fc7&#xff0c;\u7279\u522b\u7559\u610f\u7684\u662f&#xff0c;\u8fd9\u4e2a\u52a8\u4f5c\u4ec5\u80fd\u591f\u5728 nat table \u7684 PREROUTING \u4ee5\u53ca<br \/>\n# OUTPUT \u94fe\u4e0a\u9762\u5b9e\u884c\u800c\u5df2\u5594&#xff01;<\/span><\/p>\n<p><span style=\"color:#bbbbbb\">\u8303\u4f8b&#xff1a;\u5c06\u8981\u6c42\u4e0e 80 \u8054\u673a\u7684\u5c01\u5305\u8f6c\u9012\u5230 8080 \u8fd9\u4e2a port<\/span><br \/>\n[root&#064;www ~]# <span style=\"color:#FFFF00\">iptables -t nat -A PREROUTING -p tcp  &#8211;dport 80 \\\\<\/span><br \/>\n&gt; <span style=\"color:#FFFF00\">-j REDIRECT &#8211;to-ports 8080<\/span><br \/>\n<span style=\"color:#ff6666\"># \u8fd9\u73a9\u610f\u6700\u5bb9\u6613\u5728\u4f60\u4f7f\u7528\u4e86\u975e\u6b63\u89c4\u7684 port \u6765\u8fdb\u884c\u67d0\u4e9b well known \u7684\u534f\u8bae&#xff0c;<br \/>\n# \u4f8b\u5982\u4f7f\u7528 8080 \u8fd9\u4e2a port \u6765\u542f\u52a8 WWW &#xff0c;\u4f46\u662f\u522b\u4eba\u90fd\u4ee5 port 80 \u6765\u8054\u673a&#xff0c;<br \/>\n# \u6240\u4ee5&#xff0c;\u4f60\u5c31\u53ef\u4ee5\u4f7f\u7528\u4e0a\u9762\u7684\u65b9\u5f0f\u6765\u5c06\u5bf9\u65b9\u5bf9\u4f60\u4e3b\u673a\u7684\u8054\u673a\u4f20\u9012\u5230 8080 \u5570&#xff01;<\/span><br \/>\n<\/span><\/span><\/span> <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u81f3\u4e8e\u66f4\u591a\u7684\u7528\u9014&#xff0c;\u90a3\u5c31\u6709\u5f85\u4f60\u81ea\u5df1\u7684\u53d1\u6398\u5570&#xff01; ^_^<\/span><\/span><\/p>\n<hr \/>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5927\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19j5g2hc2ezou.png\" width=\"534\" \/><\/p>\n<p><span style=\"color:#0000bb\"><span style=\"background-color:#ffffff\">9.6 \u91cd\u70b9\u56de\u987e<\/span><\/span><\/p>\n<ul>\n<li>\u8981\u62e5\u6709\u4e00\u90e8\u5b89\u5168\u7684\u4e3b\u673a&#xff0c;\u5fc5\u987b\u8981\u6709\u826f\u597d\u7684\u4e3b\u673a\u6743\u9650\u8bbe\u5b9a&#xff1b;\u968f\u65f6\u7684\u66f4\u65b0\u5957\u4ef6&#xff1b;\u5b9a\u671f\u7684\u91cd\u8981\u6570\u636e\u5907\u4efd&#xff1b;\u5b8c\u5584\u7684\u5458\u5de5\u6559\u80b2\u8bad\u7ec3\u3002 \u4ec5\u6709\u9632\u706b\u5899\u662f\u4e0d\u8db3\u591f\u7684&#xff1b;<\/li>\n<li>\u9632\u706b\u5899\u6700\u5927\u7684\u529f\u80fd\u5c31\u662f\u5e2e\u52a9\u4f60\u300e\u9650\u5236\u67d0\u4e9b\u670d\u52a1\u7684\u5b58\u53d6\u6765\u6e90\u300f&#xff0c;\u53ef\u4ee5\u7ba1\u5236\u6765\u6e90\u4e0e\u76ee\u6807\u7684 IP &#xff1b;<\/li>\n<li>\u9632\u706b\u5899\u4f9d\u636e\u5c01\u5305\u62b5\u6321\u7684\u9636\u5c42&#xff0c;\u53ef\u4ee5\u5206\u4e3a Proxy \u4ee5\u53ca IP Filter (\u5c01\u5305\u8fc7\u6ee4) \u4e24\u79cd\u7c7b\u578b&#xff1b;<\/li>\n<li>\u5728\u9632\u706b\u5899\u5185&#xff0c;\u4f46\u4e0d\u5728 LAN \u5185\u7684\u670d\u52a1\u5668\u6240\u5728\u7f51\u57df&#xff0c;\u901a\u5e38\u88ab\u79f0\u4e3a DMZ (\u975e\u519b\u4e8b\u533a)&#xff0c;\u5982\u56fe 9.1-4\u6240\u793a&#xff1b;<\/li>\n<li>\u5c01\u5305\u8fc7\u6ee4\u673a\u5236\u7684\u9632\u706b\u5899&#xff0c;\u901a\u5e38\u81f3\u5c11\u53ef\u4ee5\u5206\u6790 IP, port, flag (\u5982 TCP \u5c01\u5305\u7684 SYN), MAC \u7b49\u7b49&#xff1b;<\/li>\n<li>\u9632\u706b\u5899\u5bf9\u4e8e\u75c5\u6bd2\u7684\u62b5\u6321\u5e76\u4e0d\u654f\u611f&#xff1b;<\/li>\n<li>\u9632\u706b\u5899\u5bf9\u4e8e\u6765\u81ea\u5185\u90e8\u7684\u7f51\u7edc\u8bef\u7528\u6216\u6ee5\u7528\u7684\u62b5\u6321\u6027\u53ef\u80fd\u8f83\u4e0d\u8db3&#xff1b;<\/li>\n<li>\u5e76\u4e0d\u662f\u67b6\u8bbe\u9632\u706b\u5899\u4e4b\u540e&#xff0c;\u7cfb\u7edf\u5c31\u4e00\u5b9a\u5f88\u5b89\u5168&#xff01;\u8fd8\u662f\u9700\u8981\u66f4\u65b0\u5957\u4ef6\u6f0f\u6d1e\u4ee5\u53ca\u7ba1\u5236\u4f7f\u7528\u8005\u53ca\u6743\u9650\u8bbe\u5b9a\u7b49&#xff1b;<\/li>\n<li>\u6838\u5fc3 2.4 \u4ee5\u540e\u7684 Linux \u4f7f\u7528 iptables \u4f5c\u4e3a\u9632\u706b\u5899\u7684\u8f6f\u4ef6&#xff1b;<\/li>\n<li>\u9632\u706b\u5899\u7684\u8ba2\u5b9a\u4e0e\u300e\u89c4\u5219\u987a\u5e8f\u300f\u6709\u5f88\u5927\u7684\u5173\u7cfb&#xff1b;\u82e5\u89c4\u5219\u987a\u5e8f\u9519\u8bef&#xff0c;\u53ef\u80fd\u4f1a\u5bfc\u81f4\u9632\u706b\u5899\u7684\u5931\u6548&#xff1b;<\/li>\n<li>iptables \u7684\u9884\u8bbe table \u5171\u6709\u4e09\u4e2a&#xff0c;\u5206\u522b\u662f filter, nat \u53ca mangle &#xff0c;\u60ef\u7528\u8005\u4e3a filter (\u672c\u673a) \u4e0e nat (\u540e\u7aef\u4e3b\u673a)\u3002<\/li>\n<li>filter table \u4e3b\u8981\u4e3a\u9488\u5bf9\u672c\u673a\u7684\u9632\u706b\u5899\u8bbe\u5b9a&#xff0c;\u4f9d\u636e\u5c01\u5305\u6d41\u5411\u53c8\u5206\u4e3a INPUT, OUTPUT, FORWARD \u4e09\u6761\u94fe&#xff1b;<\/li>\n<li>nat table \u4e3b\u8981\u9488\u5bf9\u9632\u706b\u5899\u7684\u540e\u7aef\u4e3b\u673a&#xff0c;\u4f9d\u636e\u5c01\u5305\u6d41\u5411\u53c8\u5206\u4e3a PREROUTING, OUTPUT, POSTROUTING \u4e09\u6761\u94fe&#xff0c; \u5176\u4e2d PREROUTING \u4e0e DNAT \u6709\u5173&#xff0c; POSTROUTING \u5219\u4e0e SNAT \u6709\u5173&#xff1b;<\/li>\n<li>iptables \u7684\u9632\u706b\u5899\u4e3a\u89c4\u5219\u6bd4\u5bf9&#xff0c;\u4f46\u6240\u6709\u89c4\u5219\u90fd\u4e0d\u7b26\u5408\u65f6&#xff0c;\u5219\u4ee5\u9884\u8bbe\u653f\u7b56 (policy) \u4f5c\u4e3a\u5c01\u5305\u7684\u884c\u4e3a\u4f9d\u636e&#xff1b;<\/li>\n<li>iptables \u7684\u6307\u4ee4\u5217\u5f53\u4e2d&#xff0c;\u53ef\u4ee5\u4e0b\u8fbe\u7684\u53c2\u6570\u76f8\u5f53\u7684\u591a&#xff0c;\u5f53\u4e0b\u8fbe -j LOG \u7684\u53c2\u6570\u65f6&#xff0c;\u5219\u8be5\u5c01\u5305\u7684\u6d41\u7a0b\u4f1a\u88ab\u7eaa\u5f55\u5230 \/var\/log\/messages \u5f53\u4e2d&#xff1b;<\/li>\n<li>\u9632\u706b\u5899\u53ef\u4ee5\u591a\u91cd\u8bbe\u5b9a&#xff0c;\u4f8b\u5982\u867d\u7136\u5df2\u7ecf\u8bbe\u5b9a\u4e86 iptables &#xff0c;\u4f46\u662f\u4ecd\u7136\u53ef\u4ee5\u6301\u7eed\u8bbe\u5b9a TCP Wrappers &#xff0c;\u56e0\u4e3a\u8c01\u4e5f\u4e0d\u6653\u5f97\u4ec0\u4e48\u65f6\u5019 iptables \u4f1a\u6709\u6f0f\u6d1e&#xff5e;\u6216\u8005\u662f\u89c4\u5219\u89c4\u5212\u4e0d\u826f&#xff01;<\/li>\n<\/ul>\n<hr \/>\n<p class=\"img-center\"><img loading=\"lazy\" decoding=\"async\" alt=\"\u5927\u6807\u9898\u7684\u56fe\u793a\" height=\"299\" src=\"2025-04-19r2ocf1uuv0p.png\" width=\"534\" \/><\/p>\n<p><span style=\"color:#0000bb\"><span style=\"background-color:#ffffff\">9.7 \u672c\u7ae0\u4e60\u9898<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4e3a\u4ec0\u4e48\u6211\u67b6\u8bbe\u4e86\u9632\u706b\u5899&#xff0c;\u6211\u7684\u4e3b\u673a\u8fd8\u662f\u53ef\u80fd\u4e2d\u6bd2&#xff1f;<\/span><\/span>\n<p>    <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">\u9632\u706b\u5899\u4e0d\u662f\u4e07\u7075\u4e39&#xff0c;\u4ed6\u8fd8\u662f\u53ef\u80fd\u88ab\u75c5\u6bd2\u6216\u8005\u662f\u6728\u9a6c\u7a0b\u5e8f\u6240\u5165\u4fb5\u7684&#xff01; \u6b64\u5916&#xff0c;\u5982\u679c\u4f60\u7684\u4e3b\u673a\u672c\u8eab\u5c31\u5df2\u7ecf\u63d0\u4f9b\u4e86\u591a\u4e2a\u7f51\u7edc\u670d\u52a1&#xff0c;\u5219\u5f53\u8be5\u7f51\u7edc\u670d\u52a1\u7684\u8f6f\u4ef6\u6709\u6f0f\u6d1e\u65f6&#xff0c; \u9632\u706b\u5899\u4ecd\u7136\u65e0\u6cd5\u514b\u670d\u8be5\u670d\u52a1\u7684\u6f0f\u6d1e\u7684&#xff01;\u56e0\u6b64\u4ecd\u7136\u9700\u8981\u6301\u7eed\u7684\u8fdb\u884c\u4e3b\u673a\u7684\u76d1\u89c6\u4e0e\u540e\u7aef\u5206\u6790\u5de5\u4f5c<\/span><\/span><\/span>\n    <\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u8bf7\u8bf4\u660e\u4e3a\u4f55\u67b6\u8bbe\u4e86\u9632\u706b\u5899&#xff0c;\u6211\u7684\u4e3b\u673a\u8fd8\u662f\u53ef\u80fd\u88ab\u5165\u4fb5&#xff1f;\u5165\u4fb5\u7684\u4f9d\u636e\u53ef\u80fd\u662f\u4ec0\u4e48\u65b9\u6cd5&#xff1f;<\/span><\/span>\n<p>    <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">\u56e0\u4e3a\u9632\u706b\u5899\u4ec5\u662f\u62b5\u6321\u67d0\u4e9b\u4e0d\u53d7\u6b22\u8fce\u7684\u5c01\u5305&#xff0c;\u5982\u679c\u4f60\u6709\u5f00\u653e WWW \u7684\u670d\u52a1\u65f6&#xff0c;\u5219\u8981\u6c42\u4f60\u4e3b\u673a port 80 \u7684\u5c01\u5305\u5c06\u53ef\u76f4\u63a5\u8fdb\u5165\u4f60\u7684\u4e3b\u673a&#xff0c;\u4e07\u4e00 WWW \u5957\u4ef6\u6709\u6f0f\u6d1e\u65f6&#xff0c;\u90a3\u4e48\u5c31\u53ef\u80fd\u88ab\u5165\u4fb5\u4e86&#xff01;\u6240\u4ee5\u8f6f\u4ef6\u7684\u66f4\u65b0\u5f88\u91cd\u8981&#xff01;<\/span><\/span><\/span>\n    <\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6211\u4eec\u77e5\u9053\u6838\u5fc3\u4e3a 2.6 \u7684 Linux \u4f7f\u7528\u7684\u9632\u706b\u5899\u673a\u5236\u4e3a iptables &#xff0c;\u8bf7\u95ee&#xff0c;\u5982\u4f55\u77e5\u9053\u6211\u7684 Linux \u6838\u5fc3\u7248\u672c&#xff1f;<\/span><\/span>\n<p>    <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">\u5229\u7528 uname -r \u53ef\u4ee5\u67e5\u5f97&#xff01;<\/span><\/span><\/span>\n    <\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u8bf7\u5217\u51fa iptables \u9884\u8bbe\u7684\u4e24\u4e2a\u4e3b\u8981\u7684 table &#xff0c;\u4ee5\u53ca\u5404\u4e2a table \u91cc\u9762\u7684 chains \u4e0e\u5404\u4e2a chains \u6240\u4ee3\u8868\u7684\u610f\u4e49&#xff1b;<\/span><\/span>\n<p>    <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">filter \u4e3a\u9884\u8bbe\u7684 Table&#xff0c;\u91cc\u5934\u9884\u8bbe\u7684\u94fe\u6709&#xff1a;<\/span><\/span><\/span> <\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">INPUT&#xff1a;\u4e3a\u6765\u81ea\u5916\u90e8&#xff0c;\u60f3\u8981\u8fdb\u5165\u4e3b\u673a\u7684\u5c01\u5305&#xff1b;<\/span><\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">OUTPUT&#xff1a;\u4e3a\u6765\u81ea\u4e3b\u673a&#xff0c;\u60f3\u8981\u79bb\u5f00\u4e3b\u673a\u7684\u5c01\u5305&#xff1b;<\/span><\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">FORWARD&#xff1a;\u4e3a\u4e3b\u673a\u5185\u90e8\u7f51\u57df\u4e0e\u5916\u90e8\u7f51\u57df\u7684\u5c01\u5305(\u4e0d\u8bba\u8fdb\u6216\u8005\u51fa)&#xff0c;\u4f46\u8be5\u5c01\u5305\u4e0d\u4f1a\u8fdb\u5165\u4e3b\u673a\u3002<\/span><\/span><\/span><\/li>\n<\/ul>\n<p>    <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">\u8fd8\u6709 nat \u8fd9\u4e2a table&#xff1a;<\/span><\/span><\/span> <\/p>\n<ul>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">PREROUTING&#xff1a;\u8fdb\u884c\u8def\u7531\u4e4b\u524d\u7684\u5c01\u5305\u4f20\u9001\u8fc7\u7a0b<\/span><\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">OUTPUT&#xff1a;\u79bb\u5f00\u4e3b\u673a\u7684\u5c01\u5305\u4f20\u9001\u8fc7\u7a0b&#xff1b;<\/span><\/span><\/span><\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">POSTROUTING&#xff1a;\u5df2\u7ecf\u7ecf\u8fc7\u8def\u7531\u4e86&#xff0c;\u7136\u540e\u624d\u8fdb\u884c\u7684\u8fc7\u6ee4\u89c4\u5219\u3002<\/span><\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u4ec0\u4e48\u662f iptables \u7684\u9884\u8bbe\u653f\u7b56 (Policy)&#xff1f;\u82e5\u6211\u8981\u9488\u5bf9 filter \u7684 INPUT \u505a\u6210 DROP \u7684\u9ed8\u8ba4\u653f\u7b56&#xff0c;\u6307\u4ee4\u5982\u4f55\u4e0b\u8fbe&#xff1f;<\/span><\/span>\n<p>    <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">\u5f53\u5c01\u5305\u7684\u6240\u6709\u5c5e\u6027\u90fd\u4e0d\u5728\u9632\u706b\u5899\u7684\u89c4\u5219\u5f53\u4e2d\u65f6&#xff0c;\u90a3\u4e48\u8fd9\u4e2a\u5c01\u5305\u80fd\u5426\u987a\u5229\u7684\u901a\u8fc7\u9632\u706b\u5899&#xff0c;\u5219\u4ee5 Policy \u4f5c\u4e3a\u8fd9\u4e2a\u5c01\u5305\u7684\u6700\u7ec8\u52a8\u4f5c\u4e86&#xff01; iptables -P INPUT DROP<\/span><\/span><\/span>\n    <\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5047\u8bbe\u4eca\u5929\u6211\u7684 Linux \u4ec5\u662f\u4f5c\u4e3a Client \u4e4b\u7528&#xff0c;\u5e76\u6ca1\u6709\u5bf9 Internet \u8fdb\u884c\u4efb\u4f55\u670d\u52a1&#xff0c; \u90a3\u4e48\u4f60\u7684\u9632\u706b\u5899\u89c4\u5212\u5e94\u8be5\u5982\u4f55\u8bbe\u5b9a\u6bd4\u8f83\u597d&#xff1f;<\/span><\/span>\n<p>    <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">\u65e2\u7136\u6ca1\u6709\u5bf9 Internet \u63d0\u4f9b\u4efb\u4f55\u670d\u52a1&#xff0c;\u90a3\u4e48(1)\u8bf7\u5c06\u6240\u6709\u7684\u5bf9\u5916\u57e0\u53e3\u5148\u5173\u95ed\u5427&#xff01;(2)\u9632\u706b\u5899\u89c4\u5219\u5f53\u4e2d&#xff0c;\u6700\u91cd\u8981\u7684\u662f INPUT \u7684 Policy \u4e00\u5b9a\u8981 DROP &#xff0c;\u7136\u540e\u5c06\u300e iptables -A INPUT -m state &#8211;state RELATED,ESTABLISHED -j ACCEPT \u300f\u5373\u53ef&#xff01;<\/span><\/span><\/span>\n    <\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6211\u8981\u5c06\u6765\u81ea 192.168.1.50 \u8fd9\u4e2a IP \u6765\u6e90\u7684\u5c01\u5305&#xff0c;\u53ea\u8981\u662f\u5411\u6211\u7684 21~23 \u57e0\u53e3\u8981\u6c42\u7684\u5c01\u5305&#xff0c;\u5c31\u5c06\u4ed6\u62b5\u6321&#xff0c;\u5e94\u8be5\u5982\u4f55\u4e0b\u8fbe iptables \u6307\u4ee4&#xff1f;<\/span><\/span>\n<p>    <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">iptables -A INPUT -p tcp -s 192.168.1.50 &#8211;dport 21:23 -j DROP<\/span><\/span><\/span>\n    <\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u6211\u8981\u5c06\u6211\u81ea\u5df1\u4e3b\u673a ping \u7684\u54cd\u5e94\u529f\u80fd\u53d6\u6d88&#xff0c;\u5e94\u8be5\u5982\u4f55\u4e0b\u8fbe iptables \u7684\u6307\u4ee4&#xff1f;<\/span><\/span>\n<p>    <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">\u56e0\u4e3a ping \u80fd\u5426\u54cd\u5e94\u7528\u7684\u662f icmp \u7684 type 8 (\u8bf7\u53c2\u8003\u7f51\u7edc\u57fa\u7840\u5185\u7684 ICMP \u76f8\u5173\u5185\u5bb9)&#xff0c;\u6240\u4ee5\u6211\u53ef\u4ee5\u8fd9\u6837\u505a&#xff1a; iptables -I INPUT -p icmp &#8211;icmp-type 8 -j DROP<\/span><\/span><\/span>\n    <\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u8bf7\u8bf4\u660e\u4e3a\u4f55\u8fd9\u4e2a\u6307\u4ee4\u662f\u9519\u8bef\u7684&#xff1f;\u300eiptables -A INPUT -p udp &#8211;syn -s 192.168.0.20 -j DROP\u300f&#xff1f;<\/span><\/span>\n<p>    <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">\u56e0\u4e3a\u53ea\u6709 TCP \u5c01\u5305\u624d\u4f1a\u5177\u6709 SYN \u7684\u6807\u5fd7&#xff0c; UDP \u5e76\u6ca1\u6709 SYN \u7684\u6807\u5fd7\u554a&#xff01;\u6240\u4ee5\u4e0a\u9762\u7684\u6307\u4ee4\u662f\u9519\u8bef\u7684<\/span><\/span><\/span>\n    <\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">DNS \u7684\u8981\u6c42\u662f\u5fc5\u987b\u7684&#xff0c;\u90a3\u4e48\u6211\u8be5\u5982\u4f55\u8bbe\u5b9a\u6211\u7684\u4e3b\u673a\u53ef\u4ee5\u63a5\u53d7\u8981\u6c42 DNS \u7684\u54cd\u5e94\u5462&#xff1f;<\/span><\/span>\n<p>    <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">\u56e0\u4e3a DNS \u7684\u6765\u6e90\u662f port 53 &#xff0c;\u56e0\u6b64\u8981\u63a5\u53d7\u6765\u81ea port 53 \u7684\u5c01\u5305\u5c31\u6210\u4e3a\u4e86&#xff1a; iptables -A INPUT -p udp &#8211;sport 53 -j ACCEPT iptables -A INPUT -p tcp &#8211;sport 53 -j ACCEPT<\/span><\/span><\/span>\n    <\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5982\u4f55\u53d6\u6d88 iptables \u5728\u6211\u7684\u7cfb\u7edf\u4e0a\u9762&#xff1f;<\/span><\/span>\n<p>    <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">\u5148\u8981\u6e05\u9664\u89c4\u5219\u540e&#xff0c;\u624d\u80fd\u591f\u5c06 iptables \u79fb\u9664&#xff01;\u4e0d\u8fc7&#xff0c;\u6211\u4eec\u4e3b\u8981\u5c06\u89c4\u5219\u6e05\u9664\u5373\u53ef&#xff01; iptables -F; iptables -X; iptables -Z iptables -t nat -F; iptables -t nat -X; iptables -t nat -Z<\/span><\/span><\/span>\n    <\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5982\u4f55\u50a8\u5b58\u76ee\u524d\u7684\u9632\u706b\u5899\u673a\u5236&#xff0c;\u4ee5\u53ca\u5982\u4f55\u5c06\u4e0a\u6b21\u50a8\u5b58\u4e0b\u6765\u7684\u673a\u5236\u56de\u590d\u5230\u76ee\u524d\u7684\u7cfb\u7edf\u4e2d&#xff1f;<\/span><\/span>\n<p>    <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">\u8bf7\u5229\u7528 iptables-save \u4ee5\u53ca iptables-restore \u8fd9\u4e24\u4e2a\u6307\u4ee4&#xff0c;\u914d\u5408\u547d\u4ee4\u91cd\u5bfc\u5411\u5373\u53ef&#xff01; \u4e5f\u53ef\u4ee5\u4f7f\u7528 \/etc\/init.d\/iptables save \u6765\u50a8\u5b58\u5594&#xff01;<\/span><\/span><\/span>\n    <\/li>\n<li><span style=\"color:#000000\"><span style=\"background-color:#ffffff\">\u5982\u679c\u4f60\u7684\u533a\u7f51\u5f53\u4e2d\u6709\u4e2a PC \u4f7f\u7528\u8005\u8001\u662f\u8fde\u4e0a Internet \u4e71\u641e&#xff0c;\u4f60\u60f3\u8981\u5c06\u4ed6\u7684 IP \u9501\u4f4f&#xff0c;\u4f46\u4ed6\u603b\u662f\u6709\u529e\u6cd5\u4fee\u6539\u6210\u5176\u4ed6 IP \u6765\u8fde\u5916&#xff0c; \u90a3\u4f60\u8be5\u600e\u4e48\u529e&#xff1f;\u8ba9\u4ed6\u65e0\u6cd5\u7ee7\u7eed\u8fde\u5916&#xff1f;<\/span><\/span>\n<p>    <span style=\"color:#000000\"><span style=\"background-color:#ffffff\"><span style=\"color:#ffffff\">\u53ef\u4ee5\u5229\u7528\u5c01\u9501\u7f51\u7edc\u5361\u5361\u53f7 MAC \u6765\u5904\u7406&#xff01;<\/span><\/span><\/span>\n    <\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u6587\u7ae0\u6d4f\u89c8\u9605\u8bfb1.1k\u6b21\uff0c\u70b9\u8d5e13\u6b21\uff0c\u6536\u85cf22\u6b21\u30029.1 \u8ba4\u8bc6\u9632\u706b\u5899\u7f51\u7edc\u5b89\u5168\u9664\u4e86\u968f\u65f6\u6ce8\u610f\u76f8\u5173\u8f6f\u4ef6\u7684\u6f0f\u6d1e\u4ee5\u53ca\u7f51\u7edc\u4e0a\u7684\u5b89\u5168\u901a\u62a5\u4e4b\u5916\uff0c\u4f60\u6700\u597d\u80fd\u591f\u4f9d\u636e\u81ea\u5df1\u7684\u73af\u5883\u6765\u8ba2\u5b9a\u9632\u706b\u5899\u673a\u5236\uff01 \u8fd9\u6837\u5bf9\u4e8e\u4f60\u7684\u7f51\u7edc\u73af\u5883\uff0c\u4f1a\u6bd4\u8f83\u6709\u4fdd\u969c\u4e00\u70b9\u5594\uff01\u90a3\u4e48\u4ec0\u4e48\u662f\u9632\u706b\u5899\u5462\uff1f\u5176\u5b9e\u9632\u706b\u5899\u5c31\u662f\u900f\u8fc7\u8ba2\u5b9a\u4e00\u4e9b\u6709\u987a\u5e8f\u7684\u89c4\u5219\uff0c\u5e76\u7ba1\u5236\u8fdb\u5165\u5230\u6211\u4eec\u7f51\u57df\u5185\u7684\u4e3b\u673a (\u6216\u8005\u53ef\u4ee5\u8bf4\u662f\u7f51\u57df) \u6570\u636e\u5c01\u5305\u7684\u4e00\u79cd\u673a\u5236\uff01\u66f4\u5e7f\u4e49\u7684\u6765\u8bf4\uff0c\u53ea\u8981\u80fd\u591f\u5206\u6790\u4e0e\u8fc7\u6ee4\u8fdb\u51fa\u6211\u4eec\u7ba1\u7406\u4e4b\u7f51\u57df\u7684\u5c01\u5305\u6570\u636e\uff0c \u5c31\u53ef\u4ee5\u79f0\u4e3a\u9632\u706b\u5899\u3002\u9632\u706b\u5899\u53c8\u53ef\u4ee5\u5206\u4e3a\u786c\u4ef6\u9632\u706b\u5899\u4e0e\u672c\u673a\u7684\u8f6f\u4ef6\u9632\u706b\u5899\u3002\u786c\u4ef6\u9632\u706b\u5899\u662f\u7531\u5382\u5546\u8bbe\u8ba1\u597d\u7684\u4e3b\u673a\u786c\u4ef6\uff0c \u8fd9\u90e8\u786c\u4ef6\u9632\u706b\u5899\u5185\u7684\u64cd\u4f5c\u7cfb\u7edf\u4e3b\u8981\u4ee5\u63d0\u4f9b\u5c01\u5305_\u5c01\u5305\u9632\u706b\u5899<\/p>\n","protected":false},"author":2,"featured_media":25420,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[58,995,230],"topic":[],"class_list":{"0":"post-25440","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","6":"hentry","7":"category-server","8":"tag-linux","10":"tag-php"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>\u7b2c\u4e5d\u7ae0\u3001\u9632\u706b\u5899\u4e0e NAT \u670d\u52a1\u5668 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.wsisp.com\/helps\/25440.html\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u7b2c\u4e5d\u7ae0\u3001\u9632\u706b\u5899\u4e0e NAT \u670d\u52a1\u5668 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"og:description\" content=\"\u6587\u7ae0\u6d4f\u89c8\u9605\u8bfb1.1k\u6b21\uff0c\u70b9\u8d5e13\u6b21\uff0c\u6536\u85cf22\u6b21\u30029.1 \u8ba4\u8bc6\u9632\u706b\u5899\u7f51\u7edc\u5b89\u5168\u9664\u4e86\u968f\u65f6\u6ce8\u610f\u76f8\u5173\u8f6f\u4ef6\u7684\u6f0f\u6d1e\u4ee5\u53ca\u7f51\u7edc\u4e0a\u7684\u5b89\u5168\u901a\u62a5\u4e4b\u5916\uff0c\u4f60\u6700\u597d\u80fd\u591f\u4f9d\u636e\u81ea\u5df1\u7684\u73af\u5883\u6765\u8ba2\u5b9a\u9632\u706b\u5899\u673a\u5236\uff01 \u8fd9\u6837\u5bf9\u4e8e\u4f60\u7684\u7f51\u7edc\u73af\u5883\uff0c\u4f1a\u6bd4\u8f83\u6709\u4fdd\u969c\u4e00\u70b9\u5594\uff01\u90a3\u4e48\u4ec0\u4e48\u662f\u9632\u706b\u5899\u5462\uff1f\u5176\u5b9e\u9632\u706b\u5899\u5c31\u662f\u900f\u8fc7\u8ba2\u5b9a\u4e00\u4e9b\u6709\u987a\u5e8f\u7684\u89c4\u5219\uff0c\u5e76\u7ba1\u5236\u8fdb\u5165\u5230\u6211\u4eec\u7f51\u57df\u5185\u7684\u4e3b\u673a (\u6216\u8005\u53ef\u4ee5\u8bf4\u662f\u7f51\u57df) \u6570\u636e\u5c01\u5305\u7684\u4e00\u79cd\u673a\u5236\uff01\u66f4\u5e7f\u4e49\u7684\u6765\u8bf4\uff0c\u53ea\u8981\u80fd\u591f\u5206\u6790\u4e0e\u8fc7\u6ee4\u8fdb\u51fa\u6211\u4eec\u7ba1\u7406\u4e4b\u7f51\u57df\u7684\u5c01\u5305\u6570\u636e\uff0c \u5c31\u53ef\u4ee5\u79f0\u4e3a\u9632\u706b\u5899\u3002\u9632\u706b\u5899\u53c8\u53ef\u4ee5\u5206\u4e3a\u786c\u4ef6\u9632\u706b\u5899\u4e0e\u672c\u673a\u7684\u8f6f\u4ef6\u9632\u706b\u5899\u3002\u786c\u4ef6\u9632\u706b\u5899\u662f\u7531\u5382\u5546\u8bbe\u8ba1\u597d\u7684\u4e3b\u673a\u786c\u4ef6\uff0c \u8fd9\u90e8\u786c\u4ef6\u9632\u706b\u5899\u5185\u7684\u64cd\u4f5c\u7cfb\u7edf\u4e3b\u8981\u4ee5\u63d0\u4f9b\u5c01\u5305_\u5c01\u5305\u9632\u706b\u5899\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.wsisp.com\/helps\/25440.html\" \/>\n<meta property=\"og:site_name\" content=\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-19T04:36:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043647-6803285fbee23.jpg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"31 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/25440.html\",\"url\":\"https:\/\/www.wsisp.com\/helps\/25440.html\",\"name\":\"\u7b2c\u4e5d\u7ae0\u3001\u9632\u706b\u5899\u4e0e NAT \u670d\u52a1\u5668 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"isPartOf\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\"},\"datePublished\":\"2025-04-19T04:36:56+00:00\",\"dateModified\":\"2025-04-19T04:36:56+00:00\",\"author\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/25440.html#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.wsisp.com\/helps\/25440.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/25440.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.wsisp.com\/helps\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u7b2c\u4e5d\u7ae0\u3001\u9632\u706b\u5899\u4e0e NAT \u670d\u52a1\u5668\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\",\"url\":\"https:\/\/www.wsisp.com\/helps\/\",\"name\":\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"description\":\"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"contentUrl\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"caption\":\"admin\"},\"sameAs\":[\"http:\/\/wp.wsisp.com\"],\"url\":\"https:\/\/www.wsisp.com\/helps\/author\/admin\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u7b2c\u4e5d\u7ae0\u3001\u9632\u706b\u5899\u4e0e NAT \u670d\u52a1\u5668 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.wsisp.com\/helps\/25440.html","og_locale":"zh_CN","og_type":"article","og_title":"\u7b2c\u4e5d\u7ae0\u3001\u9632\u706b\u5899\u4e0e NAT \u670d\u52a1\u5668 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","og_description":"\u6587\u7ae0\u6d4f\u89c8\u9605\u8bfb1.1k\u6b21\uff0c\u70b9\u8d5e13\u6b21\uff0c\u6536\u85cf22\u6b21\u30029.1 \u8ba4\u8bc6\u9632\u706b\u5899\u7f51\u7edc\u5b89\u5168\u9664\u4e86\u968f\u65f6\u6ce8\u610f\u76f8\u5173\u8f6f\u4ef6\u7684\u6f0f\u6d1e\u4ee5\u53ca\u7f51\u7edc\u4e0a\u7684\u5b89\u5168\u901a\u62a5\u4e4b\u5916\uff0c\u4f60\u6700\u597d\u80fd\u591f\u4f9d\u636e\u81ea\u5df1\u7684\u73af\u5883\u6765\u8ba2\u5b9a\u9632\u706b\u5899\u673a\u5236\uff01 \u8fd9\u6837\u5bf9\u4e8e\u4f60\u7684\u7f51\u7edc\u73af\u5883\uff0c\u4f1a\u6bd4\u8f83\u6709\u4fdd\u969c\u4e00\u70b9\u5594\uff01\u90a3\u4e48\u4ec0\u4e48\u662f\u9632\u706b\u5899\u5462\uff1f\u5176\u5b9e\u9632\u706b\u5899\u5c31\u662f\u900f\u8fc7\u8ba2\u5b9a\u4e00\u4e9b\u6709\u987a\u5e8f\u7684\u89c4\u5219\uff0c\u5e76\u7ba1\u5236\u8fdb\u5165\u5230\u6211\u4eec\u7f51\u57df\u5185\u7684\u4e3b\u673a (\u6216\u8005\u53ef\u4ee5\u8bf4\u662f\u7f51\u57df) \u6570\u636e\u5c01\u5305\u7684\u4e00\u79cd\u673a\u5236\uff01\u66f4\u5e7f\u4e49\u7684\u6765\u8bf4\uff0c\u53ea\u8981\u80fd\u591f\u5206\u6790\u4e0e\u8fc7\u6ee4\u8fdb\u51fa\u6211\u4eec\u7ba1\u7406\u4e4b\u7f51\u57df\u7684\u5c01\u5305\u6570\u636e\uff0c \u5c31\u53ef\u4ee5\u79f0\u4e3a\u9632\u706b\u5899\u3002\u9632\u706b\u5899\u53c8\u53ef\u4ee5\u5206\u4e3a\u786c\u4ef6\u9632\u706b\u5899\u4e0e\u672c\u673a\u7684\u8f6f\u4ef6\u9632\u706b\u5899\u3002\u786c\u4ef6\u9632\u706b\u5899\u662f\u7531\u5382\u5546\u8bbe\u8ba1\u597d\u7684\u4e3b\u673a\u786c\u4ef6\uff0c \u8fd9\u90e8\u786c\u4ef6\u9632\u706b\u5899\u5185\u7684\u64cd\u4f5c\u7cfb\u7edf\u4e3b\u8981\u4ee5\u63d0\u4f9b\u5c01\u5305_\u5c01\u5305\u9632\u706b\u5899","og_url":"https:\/\/www.wsisp.com\/helps\/25440.html","og_site_name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","article_published_time":"2025-04-19T04:36:56+00:00","og_image":[{"url":"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419043647-6803285fbee23.jpg"}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"admin","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"31 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.wsisp.com\/helps\/25440.html","url":"https:\/\/www.wsisp.com\/helps\/25440.html","name":"\u7b2c\u4e5d\u7ae0\u3001\u9632\u706b\u5899\u4e0e NAT \u670d\u52a1\u5668 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","isPartOf":{"@id":"https:\/\/www.wsisp.com\/helps\/#website"},"datePublished":"2025-04-19T04:36:56+00:00","dateModified":"2025-04-19T04:36:56+00:00","author":{"@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41"},"breadcrumb":{"@id":"https:\/\/www.wsisp.com\/helps\/25440.html#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.wsisp.com\/helps\/25440.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.wsisp.com\/helps\/25440.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.wsisp.com\/helps"},{"@type":"ListItem","position":2,"name":"\u7b2c\u4e5d\u7ae0\u3001\u9632\u706b\u5899\u4e0e NAT \u670d\u52a1\u5668"}]},{"@type":"WebSite","@id":"https:\/\/www.wsisp.com\/helps\/#website","url":"https:\/\/www.wsisp.com\/helps\/","name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","description":"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41","name":"admin","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/","url":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","contentUrl":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","caption":"admin"},"sameAs":["http:\/\/wp.wsisp.com"],"url":"https:\/\/www.wsisp.com\/helps\/author\/admin"}]}},"_links":{"self":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/25440","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/comments?post=25440"}],"version-history":[{"count":0,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/25440\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/media\/25420"}],"wp:attachment":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/media?parent=25440"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/categories?post=25440"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/tags?post=25440"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/topic?post=25440"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}