分享
 
 
 

如何共享一个IP上网

王朝other·作者佚名  2006-11-23
窄屏简体版  字體: |||超大  

1, 背景与要求

朋友的办公室用Cable Modem上网,合同上规定只能用一个IP,可是一共有十多台电脑,

结果朋友到ISP那里说明情况补交了一大笔费用.要求都能上网,用一个IP.

2, 硬件&软件

硬件:P90 32 RAM , 两块NIC卡, 一块3Com, 一块D-Link.好处:比较好分辨eth0, eth1.

一块HUB.

软件:RedHat 6.2 + Gnome Helix(可以运行FireStarter),最好升级kernel.

3, 安装防火墙

设置IP 伪装 + IPChains :

建立 /etc/rc.d/rc.firewall(或者任何文件名任何地方,如果手工运行的话) 如下:

#!/bin/sh

#

# rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.x kernels

# using IPCHAINS

#

# Needed to initially load modules

#

/sbin/depmod -a

# Supports the proper masquerading of FTP file transfers using the PORT method

#

/sbin/modprobe ip_masq_ftp

# Supports the masquerading of RealAudio over UDP. Without this module,

# RealAudio WILL function but in TCP mode. This can cause a reduction

# in sound quality

#

#/sbin/modprobe ip_masq_raudio --> 收Real Audio

# Supports the masquerading of IRC DCC file transfers

#

#/sbin/modprobe ip_masq_irc -->去掉"#"如果你要玩IRC,我朋友不让,:-)

# 连网打雷神

# Supports the masquerading of Quake and QuakeWorld by default. This modules is

# for for multiple users behind the Linux MASQ server. If you are going to

# play Quake I, II, and III, use the second example.

#

# NOTE: If you get ERRORs loading the QUAKE module, you are running an old

# ----- kernel that has bugs in it. Please upgrade to the newest kernel.

#

#Quake I / QuakeWorld (ports 26000 and 27000)

#/sbin/modprobe ip_masq_quake

#

#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)

#/sbin/modprobe ip_masq_quake 26000,27000,27910,27960

# Supports the masquerading of the CuSeeme video conferencing software

#

#/sbin/modprobe ip_masq_cuseeme -->Cu-SeeMe 视频电话

#Supports the masquerading of the VDO-live video conferencing software

#

#/sbin/modprobe ip_masq_vdolive-->VDO-live 视频电话

#CRITICAL: Enable IP forwarding since it is disabled by default since

#

# Redhat Users: you may try changing the options in

# /etc/sysconfig/network from:

#

# FORWARD_IPV4=false

# to

# FORWARD_IPV4=true

#

echo "1" > /proc/sys/net/ipv4/ip_forward

#CRITICAL: Enable automatic IP defragmenting since it is disabled by default

# in 2.2.x kernels. This used to be a compile-time option but the

# behavior was changed in 2.2.12

#

echo "1" > /proc/sys/net/ipv4/ip_always_defrag

# Dynamic IP users: -->该ISP用DHCP方法给用户分配IP,启动该项

#

# If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this

# following option. This enables dynamic-ip address hacking in IP MASQ,

# making the life with Diald and similar programs much easier.

#

echo "1" > /proc/sys/net/ipv4/ip_dynaddr

# Enable the LooseUDP patch which some Internet-based games require

#

# If you are trying to get an Internet game to work through your IP MASQ box,

# and you have set it up to the best of your ability without it working, try

# enabling this option (delete the "#" character). This option is disabled

# by default due to possible internal machine UDP port scanning

# vunerabilities.

#

#echo "1" > /proc/sys/net/ipv4/ip_masq_udp_dloose

# MASQ timeouts

#

# 2 hrs timeout for TCP session timeouts

# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received

# 160 sec timeout for UDP traffic (Important for MASQed ICQ users)

#

/sbin/ipchains -M -S 7200 10 160

# DHCP: For people who receive their external IP address from either DHCP or

# BOOTP such as ADSL or Cablemodem users, it is necessary to use the

# following before the deny command. The "bootp_client_net_if_name"

# should be replaced the name of the link that the DHCP/BOOTP server

# will put an address on to? This will be something like "eth0",

# "eth1", etc.

#

# This example is currently commented out.

#

# 该ISP用DHCP方法给用户分配IP,启动该项.

/sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 -p udp

# Enable simple IP forwarding and Masquerading

#

# NOTE: The following is an example for an internal LAN address in the

# 192.168.0.x network with a 255.255.255.0 or a "24" bit subnet mask

# connecting to the Internet on interface eth0.

#

# ** Please change this network number, subnet mask, and your Internet

# ** connection interface name to match your internal LAN setup

#

/sbin/ipchains -P forward DENY

/sbin/ipchains -A forward -i eth0 -s 192.168.0.0/24 -j MASQ

键入 chmod 700 /etc/rc.d/rc.firewall使可执行.

然后加一行/etc/rc.d/rc.firewall到/etc/rc.d/rc.local中,使它启动时运行.

以上防火墙规则使子网(192.168.x.x)所有PC用一个ISP分配的IP上网,禁用IRC,Realplayer,Quake...

4, DHCP Server

为了使其他局域网里的Windows能方便设置网络,顺便安装DHCP Server

到RedHat目录下,rpm -ivh dhcp* 确保全部DHCP包已安装.

touch /var/state/dhcp/dhcpd.leases,建立dhcpd的日志文件

建立 /etc/dhcpd.conf 文件:

# /etc/dhcpd.conf

# Type "route add -host 255.255.255.255 dev eth1 2> /dev/null" , and

# "usr/sbin/dhcpd eth1" to start DHCPD binded with eth1 !

# Don start it with eth0 , conflict with ISPs DHCPD !

#

subnet 192.168.0.0 netmask 255.255.255.0 {

range 192.168.0.10 192.168.0.100;

default-lease-time 1200;

max-lease-time 9200;

option subnet-mask 255.255.255.0;

option broadcast-address 192.168.0.255;

option routers 192.168.0.1;

option domain-name-servers xxx.xx.xx.xx, xxx.xx.xxx.x; -->ISP的DNS server

option domain-name "offfice.net";

}

以上设置自动分配192.168.0.10到192.168.0.100的内部IP.

绑定DHCPD到eth1,否则系统会绑定到eth0,无法启动,也会导致和ISP的DHCPD发生冲突,

编辑/etc/rc.d/init.d/dhcpd,在/usr/sbin/dhcpd后加 eth1.

最后,为了客户PC可以稳妥取得路由,运行:

route add -host 255.255.255.255 dev eth1 2> /dev/null

5,客户端

很方便,到 start-->settings-->;network-->TCP/IP-->Obtain an IP automatially.

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有