扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
2004年3月5日
关键字: 代理服务器
在本页阅读全文(共2页)
# cd /etc/namedb
# rm named.root
# wget ftp://ftp.internic.org/domain/named.root
2.2 创建日志文件
# mkdir /var/log/named/
# touch /var/log/named/dns_warnings
# touch /var/log/named/dns_logs
# chown bind:wheel /var/log/named/*
2.3 生成localhost.rev
# cd /etc/namedb
# chmod 755 make-localhost
# ./make-localhost
2.4 生成rndc-key
# cd /usr/local/etc
# /usr/local/sbin/rndc-confgen > rndc.conf把rndc.conf中:
# Use with the following in named.conf, adjusting the allow list as needed:
后面以的部分加到/etc/namedb/named.conf中并去掉注释
2.5 运行测试
# /usr/local/sbin/named -gc /etc/namedb/named.conf
23-Jan-2006 21:03:03.224 starting BIND 9.3.2 -gc /etc/namedb/named.conf
23-Jan-2006 21:03:03.229 loading configuration from '/etc/namedb/named.conf'
23-Jan-2006 21:03:03.230 no IPv6 interfaces found
23-Jan-2006 21:03:03.230 listening on IPv4 interface rl0, 192.168.0.20#53
23-Jan-2006 21:03:03.230 listening on IPv4 interface rl1, 192.168.1.10#53
23-Jan-2006 21:03:03.231 listening on IPv4 interface lo0, 127.0.0.1#53
23-Jan-2006 21:03:03.235 command channel listening on 127.0.0.1#953
23-Jan-2006 21:03:03.235 ignoring config file logging statement due to -g option
23-Jan-2006 21:03:03.254 zone 0.0.127.IN-ADDR.ARPA/IN: loaded serial 20051219
23-Jan-2006 21:03:03.254 running
2.6 状态检查
# rndc status
number of zones: 1
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
2.7 建立启动脚本
# vi /usr/local/etc/rc.d/named.sh
#!/bin/sh
# Start and Stop BIND Service on FreeBSD
# LLZQQ@126.COM
#
. /etc/rc.subr
name="named"
start_cmd="start"
stop_cmd="stop"start()
{
if [ "$named_enable" = "YES" ]; then
/usr/local/sbin/named -u bind -c /etc/namedb/named.conf &
echo "named started"
fi
}stop()
{
pkill named
echo "named stoped"
}load_rc_config $name
run_rc_command "$1"
# chmod 555 /usr/local/etc/rc.d/named.sh
3. 防火墙设置
# vi /etc/pf.conf
ext_if = "{ fxp0 }"
int_if = "{ rl0, rl1 }"
int_net = "{ 192.168.0.0/16 }"
loop = "lo0"
noroute = "{ 127.0.0.1/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 255.255.255.255/32 }"
ports = "{ 20, 21, 22, 25, 53, 80, 110 }"
squid = "{127.0.0.1}"set block-policy return
set optimization aggressive
set loginterface fxp0
set skip on lo0scrub in all
nat on $ext_if from $int_net to any -> $ext_if### squid transparent
rdr on $int_if proto tcp from any to any port 80 -> $squid port 3128antispoof for $ext_if inet
block all
block return
block in quick on $ext_if os NMAP
block in quick on $ext_if from $noroute to any
block out quick on $ext_if from any to $noroutepass quick on $loop all
pass quick on $int_if all
pass in on $ext_if proto {tcp,udp} from any to any port $ports keep state
pass in quick proto tcp from any to any port 55000 >< 56000 keep state
pass out on $ext_if all keep state
4. 其他一些网络的设置
# vi /etc/rc.conf
hostname="llzqq.3322.org"
defaultrouter="61.211.x.x"
ifconfig_rl0="inet 192.168.0.20 netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.1.10 netmask 255.255.255.0"
ifconfig_fxp0="inet 61.211.x.x netmask 255.255.255.224"
named_enable="YES"
pf_enable="YES" # Set to YES to enable packet filter (pf)
pf_rules="/etc/pf.conf" # rules definition file for pf
pf_program="/sbin/pfctl" # where the pfctl program lives
pf_flags="" # additional flags for pfctl
pflog_enable="YES" # Set to YES to enable packet filter logging
pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
pflog_program="/sbin/pflogd" # where the pflogd program lives
pflog_flags=""# vi /etc/resolv.conf
nameserver 211.98.2.4
nameserver 202.99.168.8
nameserver 202.99.160.68# vi /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet.ip.check_interface=1
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
net.inet.tcp.recvspace=65535
net.inet.tcp.sendspace=65535# vi /boot/loader.conf
kern.maxfiles="65536"
客户端设置网关和DNS的IP地址为这台SQUID代理服务器的IP地址。
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。
京公网安备 11010802021500号