slackware作网关，代理家庭用户上网

babo

转载请注明            
作者：babo              
出处：www.slack.cn
因为这里的字体颜色不太好设置，我就没有再设置。
如果有兄弟要查看原文可以到下面链接看
原文出处

使用环境
现在ADSL比较普及了。有时候家里有多台机器要上网，但只有一条线路。我们该怎么办？其实如果你有多余的机器，完全可以装一个slackware负责代理全家上网。
下面是我家里的一个简单的结构示意图


由slackware网关这台机器负责全家的上网。我这台机器是用一台不用的P3 800做成的。
机器有两块网卡，一个连接ADSL，另一个连接集线器负责和家里其他机器连接。
家里的其它机器都将网关设置为slackware这台机器上网卡0的ip地址。
slackware这台机器设置为开机自动拨号，只要开机后就自动代理家里用户上网了。

作为网关机器的硬件要求
CPU：没有什么太多要求，有个奔腾100足够
硬盘：有4G足够
网卡：需要两块

安装slackware 10.1
参照文章：http://www.slack.cn/modules/wordpress/index.php?p=16

设置IP地址
首先在双网卡的这台机器上设置IP地址
直接修改/etc/rc.d/rc.inet1.conf就可以了。具体修改内容见下

1. 
   
2. # /etc/rc.d/rc.inet1.conf
   
3. #
   
4. # This file contains the configuration settings for network interfaces.
   
5. # If USE_DHCP[interface] is set to “yes”, this overrides any other settings.
   
6. # If you don’t have an interface, leave the settings null ("").
   
7. 
   
8. # Config information for eth0:
   
9. IPADDR[0]="192.168.0.254″
   
10. NETMASK[0]="255.255.255.0″
    
11. USE_DHCP[0]="”
    
12. DHCP_HOSTNAME[0]="”
    
13. 
    
14. # Config information for eth1:
    
15. IPADDR[1]="”
    
16. NETMASK[1]="”
    
17. USE_DHCP[1]="”
    
18. DHCP_HOSTNAME[1]="”
    
19. 
    
20. # Config information for eth2:
    
21. IPADDR[2]="”
    
22. NETMASK[2]="”
    
23. USE_DHCP[2]="”
    
24. DHCP_HOSTNAME[2]="”
    
25. 
    
26. # Config information for eth3:
    
27. IPADDR[3]="”
    
28. NETMASK[3]="”
    
29. USE_DHCP[3]="”
    
30. DHCP_HOSTNAME[3]="”
    
31. 
    
32. # Default gateway IP address:
    
33. GATEWAY="192.168.0.254″
    
34. 下面内容省略
    

复制代码

上面内容中用红色标出的内容为修改内容。
前两个红字标示的网卡eth0的ip和子网掩码
最后一个红字标示的是默认网关

设置ADSL拨号
用adsl-setup设置ADSL拨号

1. 
   
2. Welcome to the Roaring Penguin ADSL client setup.  First, I will run
   
3. some checks on your system to make sure the PPPoE client is installed
   
4. properly…
   
5. 
   
6. Looks good!  Now, please enter some information:
   
7. 
   
8. USER NAME
   
9. 
   
10. >>> Enter your PPPoE user name (default bxxxnxnx@sympatico.ca): adslusername
    
11. 
    
12. INTERFACE
    
13. 
    
14. >>> Enter the Ethernet interface connected to the ADSL modem
    
15. For Solaris, this is likely to be something like /dev/hme0.
    
16. For Linux, it will be ethn, where ‘n’ is a number.
    
17. (default eth0): eth1
    
18. 
    
19. Do you want the link to come up on demand, or stay up continuously?
    
20. If you want it to come up on demand, enter the idle time in seconds
    
21. after which the link should be dropped.  If you want the link to
    
22. stay up permanently, enter ‘no’ (two letters, lower-case.)
    
23. NOTE: Demand-activated links do not interact well with dynamic IP
    
24. addresses.  You may have some problems with demand-activated links.
    
25. >>> Enter the demand value (default no):输入回车
    
26. 
    
27. DNS
    
28. 
    
29. Please enter the IP address of your ISP’s primary DNS server.
    
30. If your ISP claims that ‘the server will provide DNS addresses’,
    
31. enter ’server’ (all lower-case) here.
    
32. If you just press enter, I will assume you know what you are
    
33. doing and not modify your DNS setup.
    
34. >>> Enter the DNS information here: server
    
35. 
    
36. PASSWORD
    
37. 
    
38. >>> Please enter your PPPoE password:输入密码
    
39. >>> Please re-enter your PPPoE password:输入密码
    
40. 
    
41. FIREWALLING
    
42. 
    
43. Please choose the firewall rules to use.  Note that these rules are
    
44. very basic.  You are strongly encouraged to use a more sophisticated
    
45. firewall setup; however, these will provide basic security.  If you
    
46. are running any servers on your machine, you must choose ‘NONE’ and
    
47. set up firewalling yourself.  Otherwise, the firewall rules will deny
    
48. access to all standard servers like Web, e-mail, ftp, etc.  If you
    
49. are using SSH, the rules will block outgoing SSH connections which
    
50. allocate a privileged source port.
    
51. 
    
52. The firewall choices are:
    
53. 0 - NONE: This script will not set any firewall rules.  You are responsible
    
54.           for ensuring the security of your machine.  You are STRONGLY
    
55.           recommended to use some kind of firewall rules.
    
56. 1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
    
57. 2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway
    
58.                 for a LAN
    
59. >>> Choose a type of firewall (0-2): 0
    
60. 
    
61. ** Summary of what you entered **
    
62. 
    
63. Ethernet Interface: eth1
    
64. User name:          adslusername
    
65. Activate-on-demand: No
    
66. DNS addresses:      Supplied by ISP’s server
    
67. Firewalling:        NONE
    
68. 
    
69. >>> Accept these settings and adjust configuration files (y/n)? y
    
70. Adjusting /etc/ppp/pppoe.conf
    
71. Adjusting /etc/ppp/pap-secrets and /etc/ppp/chap-secrets
    
72.   (But first backing it up to /etc/ppp/pap-secrets-bak)
    
73.   (But first backing it up to /etc/ppp/chap-secrets-bak)
    
74. 
    
75. Congratulations, it should be all set up!
    
76. 
    
77. Type ‘adsl-start’ to bring up your ADSL link and ‘adsl-stop’ to bring
    
78. it down.  Type ‘adsl-status’ to see the link status.
    

复制代码

上面内容用蓝色标出的，代表这里程序会停下来，等待你输入内容
红色标出的，代表这里是你要自己输入的内容

检测ADSL拨号设置，使用adsl-start命令拨号。如果返回…connect!代表成功。

设置开机自动拨号
在/etc/rc.d/rc.local里面添加如下内容


adsl-start
设置iptables
在/etc/rc.d/rc.local里面添加如下内容

1. 
   
2. #设置nat转换
   
3. iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
   
4. 
   
5. #设置内网机器可以使用FTP
   
6. modprobe ip_conntrack
   
7. modprobe ip_conntrack_ftp
   
8. modprobe ip_nat_ftp
   

复制代码

通过上面的设置后，只要重新起动机器就可以正常实现网关功能了

客户机设置
ip地址设置为和网关上eth0在一个网段就可以。例如192.168.0.1到192.168.0.253
子网掩码设置为255.255.255.0
网关设置为192.168.0.254

DNS设置为202.106.0.20。如果自己有合适的DNS也可以设置

happen23

我一直以为iptable和ipchain只能作防火墙
原来也可作ip转发

可否介绍一下详细使用

babo

我其实对iptables也是知道些皮毛而已。
iptables的功能还是很强大的，可以作nat和端口转发。
你可以看看iptables的手册。