「重點指令、路由參考」請參考「上次介紹過的網站」
簡述重點命令
ifconfig {interface} {up|down} {broadcast} {netmask} {network}的設置
router {add|del}{-host|-net}{ip}{netmask}的符合回應
初步入門「登入 WEBMIN 操作」
操作WEBMIN圖形介面,請開啟瀏覽器;
輸入「http://192.168.1.1:10000」若你沒有變更過localhost IP 的話!
WEBMIN請自己看「有圖有文」「 http://www.wifi.com.ar/english/cdrouter/shorewall-webmin.html 」(需要翻譯請找 google 翻譯)我就不多作講解。
下面是「Linux 演化」
一、設定 router硬體
檢查請參考「 http://www.wifi.com.ar/english/doc/configsave.txt.html 」
輸入指令「netconfig」
1.設定 hostname 設定本機名稱「 」
2.設定 domain 設定伺服名稱「 」
3.出現三個設定項目
static IP 固定IP設置
DHCP 設定DHCP伺服器及網路卡
Loopback 設定通信條件
4.設定 static IP
hostname = 隨意
domain = 隨意
ip add = 固定 IP
gateway = 網路匝道管理
Nameserver = 名稱伺服器(未設定 ADSL前,還無法正常。)
這是一個標準的網路設置過程「而我們只要設定 static IP 即可?」
以上的快速設定?並不是我們要得「技術」,因為這並不安全、更不嚴謹!
因此?請開始學習「指令介面」 當一個資訊界的好漢子,並且脫離「微軟的陰影」,成為沒有微軟圖形介面,你一樣能夠工作!
設置「網路介面」我有三張網路卡在「Vbox虛擬機器」
開始設置
#ip a 檢查 eth0 eth1 eth2 是否有設置IP位置
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 08:00:27:b5:30:cb brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0
inet6 fe80::a00:27ff:feb5:30cb/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 08:00:27:f9:ef:bc brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 08:00:27:ed:bd:d7 brd ff:ff:ff:ff:ff:ff
#router -n 檢查 eth0 eth1 eth2 是否有設置路由
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.1 0.0.0.0 UG 1 0 0 eth0
根據{ip a}{router -n}所顯示尚未設置「eth1 eth2」兩張網路卡,
包涵 eth0 在內,都重新設定(我們要當高手,不要用WEBMIN)。
DarkMan自己的網管主機「192.168.100.*/16」因此,重新分配網路位置給 CDrouter 虛擬主機。
第 1 張網路卡 eth0 (系統預設 192.168.1.1)
#ifconfig eth0 192.168.100.201
檢查router 有否加入 eth0 網段的變化,若未加入,則寫入
#route del -net 192.168.1.1 netmask 255.255.255.0 eth0 刪除
#route add -net 192.168.100.201 netmask 255.255.255.0 eth0 新增
第 2 張網路卡 eth1(分配出 10.1.1.* 網段的IP)
#ifconfig eth1 10.1.1.5
檢查「路由表」是否多了 10.0.0.0 class A 網段(若你爽的話,可虛擬出class A B C)
第 3 張網路卡 eth2
#ifconfig eth2 200.210.220.1 netmask 255.255.255.0 產生出一個 class C 的網路
#router -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth1
200.210.220.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
這樣就算完整了嗎?
外部網路 class C = eth0
內部網路 class A = eth1
臨時線路 class C = eth2
網路核心 LOOPBACK = lo
#ping 192.168.100.* 任何 IP 均能正常回應,才算 eth0 成功?
但這樣並不成立「IP192.168.100.*/NM0.0.0.0 NW168.95.1.1」
仍不能讓 eth1 | eth2 能經由 eth0 訪問外部網路。
開始設置「ADSL連線:外部網路」若為「Cable 網路用戶」
請將 eth0 網路卡設定為 Cable上網參數即可。
原文參考 http://www.wifi.com.ar/english/doc/README.txt.html
檢查指令
#find / | grep adsl (我們後續要用的指令)
/usr/sbin/adsl-connect
/usr/sbin/adsl-setup
/usr/sbin/adsl-start
/usr/sbin/adsl-status
/usr/sbin/adsl-stop
#find / | grep ppp- (可以看到 WEBMIN 的命列工具)
/usr/sbin/ppp-go
/usr/sbin/ppp-off
/usr/sbin/ppp-on
/usr/sbin/ppp-stop
/etc/webmin/ppp-client
/etc/webmin/ppp-client/config
/etc/webmin/ppp-client/admin.acl
開始設定 ADSL 環境
#adsl-setup(可參考 - 鳥哥)
# adsl-setup (輸入指令,開始文字設定敘述。)
Welcome to the Roaring Penguin ADSL client setup. First, I will run
some checks on your system to make sure the PPPoE client is installed
properly...
Looks good! Now, please enter some information:
USER NAME
>>> Enter your PPPoE user name (default 88888@hinet.net):←輸入ADSL帳號
INTERFACE
>>> Enter the Ethernet interface connected to the ADSL modem
For Solaris, this is likely to be something like /dev/hme0.
For Linux, it will be ethn, where 'n' is a number.
(default eth0): ←輸入預設網路卡編號
Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds
after which the link should be dropped. If you want the link to
stay up permanently, enter 'no' (two letters, lower-case.)
NOTE: Demand-activated links do not interact well with dynamic IP
addresses. You may have some problems with demand-activated links.
>>> Enter the demand value (default no): ←建議預設值 NO
DNS
Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide DNS addresses',
enter 'server' (all lower-case) here.
If you just press enter, I will assume you know what you are
doing and not modify your DNS setup.
>>> Enter the DNS information here: 168.95.1.1 ←輸入ISP公司的 DNS IP
Please enter the IP address of your ISP's secondary DNS server.
If you just press enter, I will assume there is only one DNS server.
>>> Enter the secondary DNS server address here: 168.95.192.1 ←輸入ISP公司的 DNS IP
PASSWORD
>>> Please enter your PPPoE password:←輸入ADSL帳號密碼
>>> Please re-enter your PPPoE password:←重複輸入第二次
FIREWALLING
Please choose the firewall rules to use. Note that these rules are
very basic. You are strongly encouraged to use a more sophisticated
firewall setup; however, these will provide basic security. If you
are running any servers on your machine, you must choose 'NONE' and
set up firewalling yourself. Otherwise, the firewall rules will deny
access to all standard servers like Web, e-mail, ftp, etc. If you
are using SSH, the rules will block outgoing SSH connections which
allocate a privileged source port.
The firewall choices are:
0 - NONE: This script will not set any firewall rules. You are responsible
for ensuring the security of your machine. You are STRONGLY
recommended to use some kind of firewall rules.
1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway
for a LAN
>>> Choose a type of firewall (0-2): 0 建議為 2 然後修改你要得「防火牆設置」
** Summary of what you entered **
Ethernet Interface: eth0
User name: 88888@hinet.net
Activate-on-demand: Yes; idle timeout = yes seconds
Primary DNS: 168.95.1.1
Secondary DNS: 168.95.192.1
Firewalling: NONE
>>> Accept these settings and adjust configuration files (y/n)? y ←ADSL 就會啟動了
#ping 168.95.1.1 測試ISP DNS是否回應
如果你不想ADSL-SETUP設定?
想要編輯參數檔案。
下面有幾個檔案,你就要多去瞭解。
#cat /etc/ppp/chap-secrets 檢查 ADSL帳號密碼
"88888@hinet.net" * "123456"
#cat etc/ppp/options.dialup 檢查Linux ADSL - PPPD 服務是否對應 router 路由表
(若為其他不同的 Linux 則 PPPD 會在不同的設定資料夾)
# General configuration options for PPPD:
lock
defaultroute (ADSL 轉為預設 router GW )
noipdefault (極為重要)
modem (極為重要)
/dev/ttyS0
57600
crtscts
# Uncomment the line below for more verbose error reporting:
#debug
# If you have a default route already, pppd may require the other side
# to authenticate itself, which most ISPs will not do. To work around this,
# uncomment the line below. Note that this may have negative side effects
# on system security if you allow PPP dialins. See the docs in /usr/doc/ppp*
# for more information.
noauth 不自動啟動
passive 觸動上網模式
asyncmap 0 異地同步地圖
name "brujula" 「 brujula 」似乎是這個版本的擬人名稱,我也不清處brujula是誰,但網路上可以查到一個 linux 有一位 LA brujula 的名字。
設定完文字檔案後?
# adsl-start 啟動 ADSL撥接服務
設定外部上網連線說明完畢!
下一節?就玩玩「內部網路設置 DHCP 服務器」
補註: ADSL-SETUP Firewall 另外一項要訣:
The firewall choices are:
0 - NONE: This script will not set any firewall rules. You are responsible
for ensuring the security of your machine. You are STRONGLY
recommended to use some kind of firewall rules.
1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway
for a LAN
>>> Choose a type of firewall (0-2):
建議,你若有「編輯好的 NAT、DNAT、SNAT、reles」可以將內容先寫入「/etc/ppp/」兩個檔案之一,並且將「設定外部網路連線,留在最後設定,來避免「網路佈署」內外網路無法連線。
目錄
/etc/ppp/
檔案
firewall-masq
firewall-standalone
這個兩個檔案?作用上很方便,可以用來改變許多問題。
但在 CDrouter 真正的防火牆文件設置在「/etc/rc.d/rc.firewall.*」共有兩個檔案
個人錯誤糾正 20101129 發現錯誤
「close = class」用錯英文,因為打字打得過於迅速?毫無知覺下,就發文ㄌ