分享
 
 
 

Redhat9+ADSL+IPTABLES+DHCPD解决方案

王朝other·作者佚名  2008-05-18
窄屏简体版  字體: |||超大  

本解决方案要用到服务有 ppp0 , dhcp ,iptables ,squid (其中dhcp和squid可选择不装)

最终实现目标: 服务器redhat用adsl拨号上网,下面局域网的其他机器通过服务器的iptables服务上网,并且基本上网服务都不受影响。如果你的客户端比较多的话,可以选择安装squid服务,使客户端访问网页速度快一点。当然如果你觉的你懒的去配置客户端的TCP/IP设置,那你可以启动DHCP服务。

服务器: redhat9.0 3com905b X 2 中兴的ZXDSL831 北京网通ADSL线路(非包月)

IP地址分配:

redhat服务器:

eth0: 192.168.0.1 255.255.255.0 其他网关,dns等都不要配置(如图),

此网卡用于连接局域网其他机器

[myimg]upload/adslg1.png[/myimg]

eht1: 192.168.1.2 255.255.255.0其他网关,dns等都不要配置(如图),

此网卡用于ADSL拨号用,注意大家千万不要设置成192.168.1.1,因为我的中兴的ADSL有个默认的配置地址就是192.168.1.1

[myimg]upload/adslg2.png[/myimg]

以上我们服务器的两块网卡都是静态设置,而不是大家常说的ADSL网卡要设置成DHCP获取地址。

客户端的IP地址设置我们这里选择DHCP获取。如果你要静态设置,那你可以设置成

192.168.0.2-192.168.0.254之间的ip地址,子网掩码都是255.255.255.0,网关都指向192.168.0.1,DNS指向192.168.0.1或者其他你知道的ISP的DNS地址

好服务器的网卡基本配置完成,现在我们来配置adsl连接,网上有很多人说redhat的自ADSL有问题,可我配置却没有任何问题。我是直接用命令adsl-setup来配置

输入:adsl-setup 进入配置对话

Welcome to the ADSL client setup. First, I will run some checks on

your system to make sure the PPPoE client is installed properly...

The following DSL config was found on your system:

Device: Name:

ppp0 DSLppp0

Please enter the device if you want to configure the present DSL config

(default ppp0) or enter n if you want to create a new one: 建立的拨号连接名字,默认就行

LOGIN NAME

Enter your Login Name (default ): 输入ADSL账号的登陆用户名

INTERFACE

Enter the Ethernet interface connected to the ADSL modem

For Solaris, this is likely to be something like /dev/hme0.

For Linux, it will be ethX, where X is a number.

(default eth1): ADSL设备所绑定的网卡,我们这里是eht1

Do you want the link to come up on demand, or stay up continuously?

If you want it to come up on demand, enter the idle time in seconds

after which the link should be dropped. If you want the link to

stay up permanently, enter no (two letters, lower-case.)

NOTE: Demand-activated links do not interact well with dynamic IP

addresses. You may have some problems with demand-activated links.

Enter the demand value (default no): 默认就行

DNS

Please enter the IP address of your ISPs primary DNS server.

If your ISP claims that the server will provide dynamic DNS addresses,

enter server (all lower-case) here. 注意这里我们不要填写任何DNS地址,后面我们会配置ADSL自动从ISP中获取dns地址

If you just press enter, I will assume you know what you are

doing and not modify your DNS setup.

Enter the DNS information here:

PASSWORD

Please enter your Password: 输入ADSL账号的密码

Please re-enter your Password: 密码验证

USERCTRL

Please enter yes (two letters, lower-case.) if you want to allow

normal user to start or stop DSL connection (default yes): 默认就行

FIREWALLING

Please choose the firewall rules to use. Note that these rules are

very basic. You are strongly encouraged to use a more sophisticated

firewall setup; however, these will provide basic security. If you

are running any servers on your machine, you must choose NONE and

set up firewalling yourself. Otherwise, the firewall rules will deny

access to all standard servers like Web, e-mail, ftp, etc. If you

are using SSH, the rules will block outgoing SSH connections which

allocate a privileged source port.

The firewall choices are:

0 - NONE: This script will not set any firewall rules. You are responsible

for ensuring the security of your machine. You are STRONGLY

recommended to use some kind of firewall rules.

1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation

2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway

for a LAN

Choose a type of firewall (0-2): 由于我们要在后面使用iptables,所以选择2

Start this connection at boot time

Do you want to start this connection at boot time?

Please enter no or yes (default no): 我这里不是包月,所以选择no,如果你是包月的话就选yes

** Summary of what you entered **

Ethernet Interface: eth1

User name: username

Activate-on-demand: No

DNS: Do not adjust

Firewalling: MASQUERADE

User Control: yes

Accept these settings and adjust configuration files (y/n)? 选择yes,保存设置.

用adslsetup命令配置好ppp0后,我们在Xwindows下看一下ppp0的配置

[myimg]upload/adslg3.png[/myimg]

注意这里我们把自动从提供商处获取DNS信息选上,这部非常关键,否则到后面即使客户端能上网,本地服务器也看不了网页。

好了到此位置,adsl配置完成,我们用命令adsl-start来激活ADSL连接

基本如果你能ping通外面的IP地址就行了,最多再用nslookup命令来测试一下

DNS是否正常。

只有在确认ADSL连接没问题后,我们才来配置iptables.

修改/etc/sysconfig/iptables(把原有的内容都删除),修改完如下

# Firewall configuration written by lokkit

# Manual customization of this file is not recommended.

# Note: ifup-post will punch the current nameservers through the

# firewall; such entries will *not* be listed here.

*mangle

:PREROUTING ACCEPT [0:0]

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

*nat

:PREROUTING ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

[0:0]-A POSTROUTING -o ppp0 -j MASQUERADE

COMMIT

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

COMMIT

修改/etc/sysctl.conf,把net.ipv4.ip_forward设置成1,如下:

net.ipv4.ip_forward = 1

如此一来,每次你重新启动机器或重新启动网络服务(/etc/init.d/network restart)时就会自动启动ip转发功能!

重起iptables服务:

/etc/rc.d/init.d/iptables restart

iptables -t nat -L -n 看代理规则是否正确,结果如下:

[root@localhost root]# iptables -t nat -L -n

Chain PREROUTING (policy ACCEPT)

target prot opt source destination

Chain POSTROUTING (policy ACCEPT)

target prot opt source destination

MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

cat /proc/sys/net/ipv4/ip_forward 看值是否为1,结果如下:

[root@localhost root]$ cat /proc/sys/net/ipv4/ip_forward

1

其实到现在如果你的客户段是静态设置ip地址,现在就可以通过服务器共享上网了,如果你还要配置DHCP服务器的话,修改/etc/dhcpd.conf

#Start of /etc/dhcpd.conf

ddns-update-style interim;

ignore client-updates;

subnet 192.168.0.0 netmask 255.255.255.0 {

# --- default gateway

option routers 192.168.0.1;

option subnet-mask 255.255.255.0;

# --- option domain-name-servers ISPs DNS1,ISPs DNS2;

option domain-name-servers 192.168.0.1,202.106.0.20,202.106.148.1;

option time-offset -18000; # Eastern Standard Time

# --- Selects point-to-point node (default is hybrid). Dont change this unless

# -- you understand Netbios very well

# option netbios-node-type 2;

range dynamic-bootp 192.168.0.2 192.168.0.254;

default-lease-time 21600;

max-lease-time 43200;

}

#End of /etc/dhcpd.conf

关于squid的配置我就不讲了,非常简单哦,只不过在配置过程中需要主要配置dns地址。默认使没有的,否则你在adsl没连接的情况下,squid是启动不了的,可参考dhcpd.conf的dns地址。

好了,redhat服务器reboot后,所有windows客户端ipconfig/renew一下幸地址,服务器adsl-start后,一切都ok!什么时候想停止上网,只要在服务器端输入以下命令adsl-stop就可以

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有