ADSL+RH8.0透明网关指南(Iptables + dhcpd)－虚拟主机资讯|虚拟主机动态

(一) 概述:
利用RH8.0实现透明网关

内部网络机器的IP地址将由网关所在机器自动分配.

(二) 硬件设备:
ISP VDSL MODEM(以太网口MEDEM)一个(其他ADSL也应该可以).
10M/100M自适应以太网卡两个,最好找RH8.0能自动识别的网卡.

(三) 操作系统:
RedHat8.0全部安装。

(四) 配置者身份:
root

(五) 配置过程:
1.启动“系统设置”中RedHat的“互联网配置向导

2.选择xDSL设备
3.前进到DSL配置
网卡设备选择与VDSL MODEM相连的网卡；提供者名称随便写；账号和密码用ISP给的信息。

4.前进到完成界面
直接选择应用，完成VDSL的设置

5.此时出现网络设备配置工具
也可以在“开始”菜单中选择该工具

6.配置eth0
7.配置eth1

静态IP192.168.0.1是该局域网内的网关，默认网关由ISP提供，或者从windows拨号属性中获得(DOS命令为: ipconfig /all ).
Linux下用ifconfig获得, 如下P-t-P:后面的就是你ISP的网关.
ppp0 Link encap:Point-to-Point Protocol
inet addr:156.34.89.120 P-t-P:142.166.182.77 Mask:255.255.255.255
9.配置DHCPD使内部网络机器自动获得IP地址.
修改/etc/dhcpd.conf, 修改后如下:

#Start of /etc/dhcpd.conf
ddns-update-style interim;
ignore client-updates;
subnet 192.168.0.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.0.1;
option subnet-mask 255.255.255.0;
option nis-domain "domain.org";
option domain-name "domain.org";
# --- option domain-name-servers ISP's DNS1,ISP's DNS2;
option domain-name-servers 192.168.0.1,142.177.1.2,142.177.129.11;
option time-offset -18000; # Eastern Standard Time
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;
range dynamic-bootp 192.168.0.2 192.168.0.254;
default-lease-time 21600;
max-lease-time 43200;
}
#End of /etc/dhcpd.conf

不要把192.168.0.1和192.168.0.255放在动态获取ip范围内就可以了
正确的应该如上: range dynamic-bootp 192.168.0.2 192.168.0.254;

10.修改/etc/sysconfig/iptables(把原有的内容都删除),修改完如下，以使VDSL和代理在开机时自动生效。

# Generated by iptables-save v1.2.6a on Tue Oct 29 22:28:14 2002
*mangle
:PREROUTING ACCEPT [3184:1818661]
:INPUT ACCEPT [3182:1818397]
:FORWARD ACCEPT [2:264]
:OUTPUT ACCEPT [2797:234072]
:POSTROUTING ACCEPT [2799:234336]
COMMIT
# Completed on Tue Oct 29 22:28:14 2002
# Generated by iptables-save v1.2.6a on Tue Oct 29 22:28:14 2002
*nat
:PREROUTING ACCEPT [73:5959]
:POSTROUTING ACCEPT [22:1320]
:OUTPUT ACCEPT [213:12855]
[212:12654] -A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Tue Oct 29 22:28:14 2002
# Generated by iptables-save v1.2.6a on Tue Oct 29 22:28:14 2002
*filter
:INPUT ACCEPT [20227:22971175]
:FORWARD ACCEPT [370:103827]
:OUTPUT ACCEPT [15374:1263630]
COMMIT
# Completed on Tue Oct 29 22:28:14 2002

12. 修改/etc/sysctl.conf，把net.ipv4.ip_forward设置成1，如下：
net.ipv4.ip_forward = 1
如此一来，每次你重新启动机器或重新启动网络服务(/etc/init.d/network restart)时就会自动启动ip转发功能！

13.关闭ipchain自动启动服务,开启iptables自动启动服务(如果已经设定,可以忽略这步)
输入以下命令行:
[jackey@localhost jackey]$ su
Password:
[root@localhost jackey]# cd /etc/init.d/
[root@localhost init.d]# chkconfig --del ipchains --level 2345
[root@localhost init.d]# chkconfig --add iptables --level 2345

14.重启机器，进入系统后检查是否正确启动VDSL：

(1)ifconfig 看ip地址是否正确,结果如下:
[jackey@localhost jackey]$ ifconfig
eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:106296 errors:0 dropped:0 overruns:0 frame:0
TX packets:105021 errors:0 dropped:0 overruns:0 carrier:0
collisions:162 txqueuelen:100
RX bytes:109833929 (104.7 Mb) TX bytes:17211245 (16.4 Mb)
Interrupt:5 Base address:0x8000

eth1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9297 errors:0 dropped:0 overruns:0 frame:0
TX packets:10244 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1254722 (1.1 Mb) TX bytes:9722244 (9.2 Mb)
Interrupt:10 Base address:0x9000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3466 errors:0 dropped:0 overruns:0 frame:0
TX packets:3466 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:463036 (452.1 Kb) TX bytes:463036 (452.1 Kb)

ppp0 Link encap:Point-to-Point Protocol
inet addr:156.34.89.120 P-t-P:142.166.182.77 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:38629 errors:0 dropped:0 overruns:0 frame:0
TX packets:28802 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:47576177 (45.3 Mb) TX bytes:2319149 (2.2 Mb)

其中XX:XX:XX:XX:XX:XX是你网卡的物理地址

(2)route -n 看路由是否正确,结果如下:
[jackey@localhost jackey]$ route -n
[b]Kernel IP routing table
[b]Destination Gateway Genmask Flags Metric Ref Use Iface
142.166.182.77 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 142.166.182.77 0.0.0.0 UG 0 0 0 ppp0

(3)iptables -t nat -L -n 看代理规则是否正确,结果如下:
[root@localhost jackey]# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

(4)cat /proc/sys/net/ipv4/ip_forward 看值是否为1,结果如下:[/b]
[jackey@localhost jackey]$ cat /proc/sys/net/ipv4/ip_forward
1
文章整理：西部数码--专业提供域名注册、虚拟主机服务
http://www.west263.com
以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息，谢谢!