ADSL+RH8.0透明網關指南(Iptables + dhcpd)

　　(一) 概述: 利用RH8.0實現透明網關 內部網絡機器的IP地址將由網關所在機器自動分配. (二) 硬件設備: ISP VDSL MODEM(以太網口MEDEM)一個(其他ADSL也應該可以). 10M/100M自適應以太網卡兩個,最好找RH8.0能自動識別的網卡. (三) 操作系統: RedHat8.0全部安裝。 (四) 配置者身份: root (五) 配置過程: 1.啟動“系統設置”中RedHat的“互聯網配置向導 2.選擇xDSL設備 3.前進到DSL配置 網卡設備選擇與VDSL MODEM相連的網卡；提供者名稱隨便寫；賬號和密碼用ISP給的信息。 4.前進到完成界面 直接選擇應用，完成VDSL的設置 5.此時出現網絡設備配置工具 也可以在“開始”菜單中選擇該工具 6.配置eth0 7.配置eth1 靜態IP192.168.0.1是該局域網內的網關，默認網關由ISP提供，或者從windows撥號屬性中獲得(DOS命令為: ipconfig /all ). Linux下用ifconfig獲得, 如下P-t-P:後面的就是你ISP的網關. ppp0 Link encap:Point-to-Point Protocol inet addr:156.34.89.120 P-t-P:142.166.182.77 Mask:255.255.255.255 9.配置DHCPD使內部網絡機器自動獲得IP地址. 修改/etc/dhcpd.conf, 修改後如下: #Start of /etc/dhcpd.conf ddns-update-style interim; ignore client-updates; subnet 192.168.0.0 netmask 255.255.255.0 { # --- default gateway option routers 192.168.0.1; option subnet-mask 255.255.255.0; option nis-domain "domain.org"; option domain-name "domain.org"; # --- option domain-name-servers ISP's DNS1,ISP's DNS2; option domain-name-servers 192.168.0.1,142.177.1.2,142.177.129.11; option time-offset -18000; # Eastern Standard Time # --- Selects point-to-point node (default is hybrid). Don't change this unless # -- you understand Netbios very well # option netbios-node-type 2; range dynamic-bootp 192.168.0.2 192.168.0.254; default-lease-time 21600; max-lease-time 43200; } #End of /etc/dhcpd.conf 不要把192.168.0.1和192.168.0.255放在動態獲取ip范圍內就可以了 正確的應該如上: range dynamic-bootp 192.168.0.2 192.168.0.254; 10.修改/etc/sysconfig/iptables(把原有的內容都刪除),修改完如下，以使VDSL和代理在開機時自動生效。 # Generated by iptables-save v1.2.6a on Tue Oct 29 22:28:14 2002 *mangle :PREROUTING ACCEPT [3184:1818661] :INPUT ACCEPT [3182:1818397] :FORWARD ACCEPT [2:264] :OUTPUT ACCEPT [2797:234072] :POSTROUTING ACCEPT [2799:234336] COMM99v # Completed on Tue Oct 29 22:28:14 2002


# Generated by iptables-save v1.2.6a on Tue Oct 29 22:28:14 2002 *nat :PREROUTING ACCEPT [73:5959] :POSTROUTING ACCEPT [22:1320] :OUTPUT ACCEPT [213:12855] [212:12654] -A POSTROUTING -o ppp0 -j MASQUERADE COMM99v # Completed on Tue Oct 29 22:28:14 2002 # Generated by iptables-save v1.2.6a on Tue Oct 29 22:28:14 2002 *filter :INPUT ACCEPT [20227:22971175] :FORWARD ACCEPT [370:103827] :OUTPUT ACCEPT [15374:1263630] COMM99v # Completed on Tue Oct 29 22:28:14 2002 12. 修改/etc/sysctl.conf，把net.ipv4.ip_forward設置成1，如下： net.ipv4.ip_forward = 1 如此一來，每次你重新啟動機器或重新啟動網絡服務(/etc/init.d/network restart)時就會自動啟動ip轉發功能！ 13.關閉ipchain自動啟動服務,開啟iptables自動啟動服務(如果已經設定,可以忽略這步) 輸入以下命令行: [jackey@localhost jackey]$ su PassWord: [root@localhost jackey]# cd /etc/init.d/ [root@localhost init.d]# chkconfig --del ipchains --level 2345 [root@localhost init.d]# chkconfig --add iptables --level 2345 14.重啟機器，進入系統後檢查是否正確啟動VDSL： (1)ifconfig 看ip地址是否正確,結果如下: [jackey@localhost jackey]$ ifconfig eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:106296 errors:0 dropped:0 overruns:0 frame:0 TX packets:105021 errors:0 dropped:0 overruns:0 carrier:0 collisions:162 txqueuelen:100 RX bytes:109833929 (104.7 Mb) TX bytes:17211245 (16.4 Mb) Interrupt:5 Base address:0x8000 eth1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9297 errors:0 dropped:0 overruns:0 frame:0 TX packets:10244 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:1254722 (1.1 Mb) TX bytes:9722244 (9.2 Mb) Interrupt:10 Base address:0x9000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:3466 errors:0 dropped:0 overruns:0 frame:0 TX packets:3466 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:463036 (452.1 Kb) TX bytes:463036 (452.1 Kb) ppp0 Link encap:Point-to-Point Protocol inet addr:156.34.89.120 P-t-P:142.166.182.77 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:38629 errors:0 dropped:0 overruns:0 frame:0

TX packets:28802 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:47576177 (45.3 Mb) TX bytes:2319149 (2.2 Mb) 其中XX:XX:XX:XX:XX:XX是你網卡的物理地址 (2)route -n 看路由是否正確,結果如下: [jackey@localhost jackey]$ route -n [b]Kernel IP routing table [b]Destination Gateway Genmask Flags Metric Ref Use Iface 142.166.182.77 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 142.166.182.77 0.0.0.0 UG 0 0 0 ppp0 (3)iptables -t nat -L -n 看代理規則是否正確,結果如下: [root@localhost jackey]# iptables -t nat -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination (4)cat /proc/sys/net/ipv4/ip_forward 看值是否為1,結果如下:[/b] [jackey@localhost jackey]$ cat /proc/sys/net/ipv4/ip_forward 1

(2)route -n 看路由是否正確,結果如下: [jackey@localhost jackey]$ route -n [b]Kernel IP routing table [b]Destination Gateway Genmask Flags Metric Ref Use Iface 142.166.182.77 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 142.166.182.77 0.0.0.0 UG 0 0 0 ppp0 (3)iptables -t nat -L -n 看代理規則是否正確,結果如下: [root@localhost jackey]# iptables -t nat -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination (4)cat /proc/sys/net/ipv4/ip_forward 看值是否為1,結果如下:[/b] [jackey@localhost jackey]$ cat /proc/sys/net/ipv4/ip_forward 1