squid3我在 Ubuntu 14.04 中运行,并尝试使用远程代理进行学习。当我尝试使用大学局域网中的另一台计算机进行远程访问时,我遇到了空的缓存日志。所以我尝试了
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
然后我的 squid 在启动后不久就停止工作了。我该如何恢复使用上述命令所做的更改?
答案1
你sudo iptables -t nat --line-numbers -L应该看到类似这样的内容:
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
删除PREROUTING影响端口的规则3128:
sudo iptables -t nat --line-numbers -L | tac | \
awk '/redir ports 3128/ {system("sudo iptables -t nat -D PREROUTING "$1)}'
现在再次检查规则:
% sudo iptables -t nat --line-numbers -L
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
解释
iptables -vt nat -L列出所需的规则
% sudo iptables -vt nat -L
Chain PREROUTING (policy ACCEPT 11 packets, 1957 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- eth0 any anywhere anywhere tcp dpt:http redir ports 3128
Chain INPUT (policy ACCEPT 2 packets, 194 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 152 packets, 14386 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 152 packets, 14386 bytes)
pkts bytes target prot opt in out source destination
如果有多个端口,我们需要按相反顺序列出端口规则3128,以及行号
% sudo iptables -t nat --line-numbers -L | tac | awk '/redir ports 3128/'
1 REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128
一点点awk魔法就可以逐行删除规则
awk '/redir ports 3128/ {system("sudo iptables -t nat -D PREROUTING "$1)}'