Redhat9＋ADSL＋IPTABLES＋DHCPD解決方案(轉)

Redhat9＋ADSL＋IPTABLES＋DHCPD解決方案(轉)[@more@]

本解決方案要用到服務有 ppp0 , dhcp ,iptables ,squid (其中dhcp和squid可選擇不裝)

最終實現目標: 伺服器redhat用adsl撥號上網,下面區域網的其他機器透過伺服器的iptables服務上網,並且基本上網服務都不受影響。如果你的客戶端比較多的話，可以選擇安裝squid服務，使客戶端訪問網頁速度快一點。當然如果你覺的你懶的去配置客戶端的TCP/IP設定，那你可以啟動DHCP服務。

伺服器: redhat9.0 3com905b X 2 中興的ZXDSL831 北京網通ADSL線路（非包月）

IP地址分配:

redhat伺服器:

eth0: 192.168.0.1 255.255.255.0 其他閘道器,dns等都不要配置(如圖),

此網路卡用於連線區域網其他機器

[myimg]upload/adslg1.png[/myimg]

eht1: 192.168.1.2 255.255.255.0其他閘道器,dns等都不要配置(如圖),

此網路卡用於ADSL撥號用,注意大家千萬不要設定成192.168.1.1,因為我的中興的ADSL有個預設的配置地址就是192.168.1.1

[myimg]upload/adslg2.png[/myimg]

以上我們伺服器的兩塊網路卡都是靜態設定，而不是大家常說的ADSL網路卡要設定成DHCP獲取地址。

客戶端的IP地址設定我們這裡選擇DHCP獲取。如果你要靜態設定，那你可以設定成

192.168.0.2－192.168.0.254之間的ip地址，子網掩碼都是255.255.255.0，閘道器都指向192.168.0.1，DNS指向192.168.0.1或者其他你知道的ISP的DNS地址

好伺服器的網路卡基本配置完成，現在我們來配置adsl連線，網上有很多人說redhat的自ADSL有問題，可我配置卻沒有任何問題。我是直接用命令adsl-setup來配置

輸入：adsl-setup 進入配置對話

Welcome to the ADSL client setup. First, I will run some checks on

your system to make sure the PPPoE client is installed properly...

The following DSL config was found on your system:

Device: Name:

ppp0 DSLppp0

Please enter the device if you want to configure the present DSL config

(default ppp0) or enter n if you want to create a new one: 建立的撥號連線名字,預設就行

LOGIN NAME

Enter your Login Name (default ): 輸入ADSL賬號的登陸使用者名稱

INTERFACE

Enter the Ethernet interface connected to the ADSL modem

For Solaris, this is likely to be something like /dev/hme0.

For Linux, it will be ethX, where X is a number.

(default eth1): ADSL裝置所繫結的網路卡,我們這裡是eht1

Do you want the link to come up on demand, or stay up continuously?

If you want it to come up on demand, enter the idle time in seconds

after which the link should be dropped. If you want the link to

stay up permanently, enter no (two letters, lower-case.)

NOTE: Demand-activated links do not interact well with dynamic IP

addresses. You may have some problems with demand-activated links.

Enter the demand value (default no): 預設就行

DNS

Please enter the IP address of your ISPs primary DNS server.

If your ISP claims that the server will provide dynamic DNS addresses,

enter server (all lower-case) here. 注意這裡我們不要填寫任何DNS地址,後面我們會配置ADSL自動從ISP中獲取dns地址

If you just press enter, I will assume you know what you are

doing and not modify your DNS setup.

Enter the DNS information here:

PASSWORD

Please enter your Password: 輸入ADSL賬號的密碼

Please re-enter your Password: 密碼驗證

USERCTRL

Please enter yes (two letters, lower-case.) if you want to allow

normal user to start or stop DSL connection (default yes): 預設就行

FIREWALLING

Please choose the firewall rules to use. Note that these rules are

very basic. You are strongly encouraged to use a more sophisticated

firewall setup; however, these will provide basic security. If you

are running any servers on your machine, you must choose NONE and

set up firewalling yourself. Otherwise, the firewall rules will deny

access to all standard servers like Web, e-mail, ftp, etc. If you

are using SSH, the rules will block outgoing SSH connections which

allocate a privileged source port.

The firewall choices are:

0 - NONE: This script will not set any firewall rules. You are responsible

for ensuring the security of your machine. You are STRONGLY

recommended to use some kind of firewall rules.

1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation

2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway

for a LAN

Choose a type of firewall (0-2): 由於我們要在後面使用iptables,所以選擇2

Start this connection at boot time

Do you want to start this connection at boot time?

Please enter no or yes (default no): 我這裡不是包月,所以選擇no,如果你是包月的話就選yes

** Summary of what you entered **

Ethernet Interface: eth1

User name: username

Activate-on-demand: No

DNS: Do not adjust

Firewalling: MASQUERADE

User Control: yes

Accept these settings and adjust configuration files (y/n)? 選擇yes,儲存設定.

用adslsetup命令配置好ppp0後,我們在Xwindows下看一下ppp0的配置

[myimg]upload/adslg3.png[/myimg]

注意這裡我們把自動從提供商處獲取DNS資訊選上，這部非常關鍵，否則到後面即使客戶端能上網，本地伺服器也看不了網頁。

好了到此位置，adsl配置完成，我們用命令adsl-start來啟用ADSL連線

基本如果你能ping通外面的IP地址就行了，最多再用nslookup命令來測試一下

DNS是否正常。

只有在確認ADSL連線沒問題後，我們才來配置iptables.

修改/etc/sysconfig/iptables(把原有的內容都刪除),修改完如下

# Firewall configuration written by lokkit

# Manual customization of this file is not recommended.

# Note: ifup-post will punch the current nameservers through the

# firewall; such entries will *not* be listed here.

*mangle

:PREROUTING ACCEPT [0:0]

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

*nat

:PREROUTING ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

[0:0]-A POSTROUTING -o ppp0 -j MASQUERADE

COMMIT

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

COMMIT

修改/etc/sysctl.conf，把net.ipv4.ip_forward設定成1，如下：

net.ipv4.ip_forward = 1

如此一來，每次你重新啟動機器或重新啟動網路服務(/etc/init.d/network restart)時就會自動啟動ip轉發功能！

重起iptables服務:

/etc/rc.d/init.d/iptables restart

iptables -t nat -L -n 看代理規則是否正確,結果如下:

[root@localhost root]# iptables -t nat -L -n

Chain PREROUTING (policy ACCEPT)

target prot opt source destination

Chain POSTROUTING (policy ACCEPT)

target prot opt source destination

MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

cat /proc/sys/net/ipv4/ip_forward 看值是否為1,結果如下:

[root@localhost root]$ cat /proc/sys/net/ipv4/ip_forward

1

其實到現在如果你的客戶段是靜態設定ip地址,現在就可以透過伺服器共享上網了,如果你還要配置DHCP伺服器的話,修改/etc/dhcpd.conf

#Start of /etc/dhcpd.conf

ddns-update-style interim;

ignore client-updates;

subnet 192.168.0.0 netmask 255.255.255.0 {

# --- default gateway

option routers 192.168.0.1;

option subnet-mask 255.255.255.0;

# --- option domain-name-servers ISPs DNS1,ISPs DNS2;

option domain-name-servers 192.168.0.1,202.106.0.20,202.106.148.1;

option time-offset -18000; # Eastern Standard Time

# --- Selects point-to-point node (default is hybrid). Dont change this unless

# -- you understand Netbios very well

# option netbios-node-type 2;

range dynamic-bootp 192.168.0.2 192.168.0.254;

default-lease-time 21600;

max-lease-time 43200;

}

#End of /etc/dhcpd.conf

關於squid的配置我就不講了，非常簡單哦，只不過在配置過程中需要主要配置dns地址。預設使沒有的，否則你在adsl沒連線的情況下，squid是啟動不了的，可參考dhcpd.conf的dns地址。

好了，redhat伺服器reboot後，所有windows客戶端ipconfig/renew一下幸地址，伺服器adsl-start後，一切都ok！什麼時候想停止上網，只要在伺服器端輸入以下命令adsl-stop就可以