ADSL+RH8.0透明网关指南

发表于:2007-07-04来源:作者:点击数: 标签:
一) 概述: 利用RH8.0实现透明网关 内部网络 机器的IP地址将由网关所在机器自动分配. (二) 硬件设备: ISP VDSL MODEM(以太网口MEDEM)一个(其他ADSL也应该可以). 10M/100M自适应以太网卡两个,最好找RH8.0能自动识别的网卡. (三) 操作系统: RedHat8.0全部安装。

  一) 概述:
  利用RH8.0实现透明网关
  
  内部网络机器的IP地址将由网关所在机器自动分配.
  
  (二) 硬件设备:
  ISP VDSL MODEM(以太网口MEDEM)一个(其他ADSL也应该可以).
  10M/100M自适应以太网卡两个,最好找RH8.0能自动识别的网卡.
  
  (三) 操作系统:
  RedHat8.0全部安装。
  
  (四) 配置者身份:
  root
  
  (五) 配置过程:
  1.启动“系统设置”中RedHat的“互联网配置向导
  
  
  2.选择xDSL设备
  3.前进到DSL配置
  网卡设备选择与VDSL MODEM相连的网卡;提供者名称随便写;账号和密码用ISP给的信息。
  
  4.前进到完成界面
  直接选择应用,完成VDSL的设置
  
  5.此时出现网络设备配置工具
  也可以在“开始”菜单中选择该工具
  
  6.配置eth0
  7.配置eth1
  
  静态IP192.168.0.1是该局域网内的网关,默认网关由ISP提供,或者从windows拨号属性中获得(DOS命令为: ipconfig /all ).
  Linux下用ifconfig获得, 如下P-t-P:后面的就是你ISP的网关.
  ppp0 Link encap:Point-to-Point Protocol
  inet addr:156.34.89.120 P-t-P:142.166.182.77 Mask:255.255.255.255
  9.配置DHCPD使内部网络机器自动获得IP地址.
  修改/etc/dhcpd.conf, 修改后如下:
  
  #Start of /etc/dhcpd.conf
  ddns-update-style interim;
  ignore client-updates;
  subnet 192.168.0.0 netmask 255.255.255.0 {
  # --- default gateway
  option routers 192.168.0.1;
  option subnet-mask 255.255.255.0;
  option nis-domain "domain.org";
  option domain-name "domain.org";
  # --- option domain-name-servers ISP's DNS1,ISP's DNS2;
  option domain-name-servers 192.168.0.1,142.177.1.2,142.177.129.11;
  option time-offset -18000; # Eastern Standard Time
  # --- Selects point-to-point node (default is hybrid). Don't change this unless
  # -- you understand Netbios very well
  # option netbios-node-type 2;
  range dynamic-bootp 192.168.0.2 192.168.0.254;
  default-lease-time 21600;
  max-lease-time 43200;
  }
  #End of /etc/dhcpd.conf
  
  不要把192.168.0.1和192.168.0.255放在动态获取ip范围内就可以了
  正确的应该如上: range dynamic-bootp 192.168.0.2 192.168.0.254;
  
  10.修改/etc/sysconfig/iptables(把原有的内容都删除),修改完如下,以使VDSL和代理在开机时自动生效。
  
  # Generated by iptables-save v1.2.6a on Tue Oct 29 22:28:14 2002
  *mangle
  :PREROUTING ACCEPT [3184:1818661]
  :INPUT ACCEPT [3182:1818397]
  :FORWARD ACCEPT [2:264]
  :OUTPUT ACCEPT [2797:234072]
  :POSTROUTING ACCEPT [2799:234336]
  COMMIT
  # Completed on Tue Oct 29 22:28:14 2002
  # Generated by iptables-save v1.2.6a on Tue Oct 29 22:28:14 2002
  *nat
  :PREROUTING ACCEPT [73:5959]
  :POSTROUTING ACCEPT [22:1320]
  :OUTPUT ACCEPT [213:12855]
  [212:12654] -A POSTROUTING -o ppp0 -j MASQUERADE
  COMMIT
  # Completed on Tue Oct 29 22:28:14 2002
  # Generated by iptables-save v1.2.6a on Tue Oct 29 22:28:14 2002
  *filter
  :INPUT ACCEPT [20227:22971175]
  :FORWARD ACCEPT [370:103827]
  :OUTPUT ACCEPT [15374:1263630]
  COMMIT
  # Completed on Tue Oct 29 22:28:14 2002
  
  12. 修改/etc/sysctl.conf,把net.ipv4.ip_forward设置成1,如下:
  net.ipv4.ip_forward = 1
  如此一来,每次你重新启动机器或重新启动网络服务(/etc/init.d/network restart)时就会自动启动ip转发功能!
  
  13.关闭ipchain自动启动服务,开启iptables自动启动服务(如果已经设定,可以忽略这步)
  输入以下命令行:
  [jackey@localhost jackey]$ su
  Password:
  [root@localhost jackey]# cd /etc/init.d/
  [root@localhost init.d]# chkconfig --del ipchains --level 2345
  [root@localhost init.d]# chkconfig --add iptables --level 2345
  
  
  14.重启机器,进入系统后检查是否正确启动VDSL:
  
  (1)ifconfig 看ip地址是否正确,结果如下:
  [jackey@localhost jackey]$ ifconfig
  eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
  UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  RX packets:106296 errors:0 dropped:0 overruns:0 frame:0
  TX packets:105021 errors:0 dropped:0 overruns:0 carrier:0
  collisions:162 txqueuelen:100
  RX bytes:109833929 (104.7 Mb) TX bytes:17211245 (16.4 Mb)
  Interrupt:5 Base address:0x8000
  
  eth1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
  inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
  UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  RX packets:9297 errors:0 dropped:0 overruns:0 frame:0
  TX packets:10244 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:100
  RX bytes:1254722 (1.1 Mb) TX bytes:9722244 (9.2 Mb)
  Interrupt:10 Base address:0x9000
  
  lo Link encap:Local Loopback
  inet addr:127.0.0.1 Mask:255.0.0.0
  UP LOOPBACK RUNNING MTU:16436 Metric:1
  RX packets:3466 errors:0 dropped:0 overruns:0 frame:0
  TX packets:3466 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:463036 (452.1 Kb) TX bytes:463036 (452.1 Kb)
  
  ppp0 Link encap:Point-to-Point Protocol
  inet addr:156.34.89.120 P-t-P:142.166.182.77 Mask:255.255.255.255
  UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
  RX packets:38629 errors:0 dropped:0 overruns:0 frame:0
  TX packets:28802 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:3
  RX bytes:47576177 (45.3 Mb) TX bytes:2319149 (2.2 Mb)
  
  其中XX:XX:XX:XX:XX:XX是你网卡的物理地址
  
  (2)route -n 看路由是否正确,结果如下:
  [jackey@localhost jackey]$ route -n
  [b]Kernel IP routing table
  [b]Destination Gateway Genmask Flags Metric Ref Use Iface
  142.166.182.77 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
  192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
  127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
  0.0.0.0 142.166.182.77 0.0.0.0 UG 0 0 0 ppp0
  
  (3)iptables -t nat -L -n 看代理规则是否正确,结果如下:
  [root@localhost jackey]# iptables -t nat -L -n
  Chain PREROUTING (policy ACCEPT)
  target prot opt source destination
  
  Chain POSTROUTING (policy ACCEPT)
  target prot opt source destination
  MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
  
  Chain OUTPUT (policy ACCEPT)
  target prot opt source destination
  
  (4)cat /proc/sys/net/ipv4/ip_forward 看值是否为1,结果如下:[/b]
  [jackey@localhost jackey]$ cat /proc/sys/net/ipv4/ip_forward
  1
  
  
  
  
  
  
  
  
  
  
  
  

原文转自:http://www.ltesting.net