Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to set up ADSL under Linux to make LAN connect to the Internet". The content of the explanation in this article is simple and clear, easy to learn and understand. Please follow the editor's train of thought to study and learn "how to set up ADSL under Linux to make LAN connect to the Internet".

System preparation: a functioning Linux (which everyone has)

Hardware requirements: at least one network card, broadband equipment has been applied and opened at the same time

ADS (LAN) L of Guangzhou Telecom uses PPPOE dialing mode, so in order to use ADSL under Linux, PPPOE client software must be installed.

The following explains how to install: I take RedHat Linux 7.3 as the platform, the installation method of Linux for other platforms can refer to the following installation steps.

First, the prerequisites for installation 1. Make sure the network card is installed and working properly. Use the command # ifconfig eth0 to check the network card status 2. Do not set the default route (gateway) in the system, let ADSL dial up and get it automatically. If the default route has been set, delete the line GATEWAY= in the file / etc/sysconfig/network, and then execute it as root: # / etc/rc.d/init.d/network restart 3. Pppd package has been installed if there is a file / usr/sbin/pppd, it means that pppd; has been installed. If not, install ppp-2.3.11-4.i386.rpm from the RedHatLinux installation CD (version may be different) this software package 2. Install the PPPOE client software Linux more PPPOE client software, and mostly use GNU License, it is recommended to use rp-pppoe this software package

From the website of http://www.roaringpenguin.com/pppoe/, you can plant not only the binary package of rp-pppoe under the RedHat platform, but also the source code package.

1. Installation of binary software package: a. The binary software package http://www.roaringpenguin.com/pppoe/rp-pppoe-3.5-1.i386.rpm B. Install and execute with root: # rpm-Uvh rp-pppoe-3.5-1.i386.rpm 2. Install from source code: installing from source code is also applicable to Linux for other platforms, but the gcc compiler must be installed on the Linux system.

a. Download the source code package http://www.roaringpenguin.com/pppoe/rp-pppoe-3.5.tar.gz B. Extract # tar xvfz rp-pppoe-3.5.tar.gz # cd rp-pppoe-3.5 C. Compile and install the running script #. / go will automatically compile and install, and finally, automatically call / usr/sbin/adsl-setup for configuration, as explained in 3.

3. Configure PPPOE client software after installing the software package, you must configure the configuration file / etc/ppp/pppoe.conf of pppoe, so that ADSL dialing uses parameters such as user name and password in the configuration file. We don't have to change the file manually, we can use the adsl-setup tool to configure: # / usr/sbin/adsl-setup when it appears

> Enter your PPPoE user name:

Enter the user name of the ADSL account when it appears

> Enter the Ethernet interface connected to the ADSL modem

For Solaris, this is likely to be something like / dev/hme0. For Linux, it will be ethn, where n is a number. (default eth0): enter eth0, which is the name of the network card connected to ADSL when it appears

> > Enter the demand value (default no):

Enter no when it appears

> Enter the DNS information here:

Enter "server", which means that the DNS server IP address obtained automatically using ADSL dialing when it appears

> Please enter your PPPoE password:

Enter the password of the ADSL account when it appears

> Choose a type of firewall (0-2):

Enter 0 and do not use the firewall when it appears

>

If the information entered is correct, enter y to complete the configuration, otherwise, enter n to re-enter.

Start the PPPOE client software and use the command / usr/sbin/adsl-start to start the PPPOE client software to connect. If successful, Connected will appear. If it is not successful, please check the network cable, ADSL MODEM and other physical devices, and check the information in / var/log/messages / usr/sbin/adsl-stop close and ISP connection / usr/sbin/adsl-status check the status of the current connection if you want to start the ADSL connection automatically when the Linux system starts, enter the following command # chkconfig-add adsl will add the ADSL self-startup script at the current runlevel 5. Test when the connection is successful Use the command # ifconfig-a to include information about ppp0 in the output, which is also bound with an IP address, indicating that the IP address has been obtained from dialing.

Use the command # netstat-nr to view the routing table information, and the default route should be the IP address obtained above.

If there is no default route, we can manually add: the IP address obtained above # route add default gw uses the command # nslookup www.sina.com.cn if the IP of Sina is resolved, it means that the DNS server has been correctly obtained from dialing. Finally, use the command to ping a domain name or IP. If there is a response, you are done.

Note: it seems that during the configuration process, you will be prompted whether to load ADSL at startup and select yes, which will save you the need to start after login.

Use double network cards to drive the company network and home network to access the Internet.

Hardware requirements: double network cards as above

NAT mode: the Nic connected to the internal network sets IP to a private address (192.168.0.0Universe 24, 172.16.0.0Uniplex 16, 10.0.0.0Uniplex 8)

For example, 192.168.100.123ax 24. Do not set the default route (gateway), DNS is set to Guangzhou area (61.144.56.100), other

The corresponding change of the region is the DNS of the region. Create the firewall file with the touch command in the / etc/rc.d/ directory, execute chmod uplix firewall to change the file properties, edit the / etc/rc.d/rc.local file, and add / etc/rc.d/firewall at the end to ensure that the script runs automatically when you boot.

The firewall content is: #! / bin/sh echo "Enable IP Forwarding …"

Echo "1" > / proc/sys/net/ipv4/ip_forward echo "Starting iptables rules..."

/ sbin/modprobe iptable_filter / sbin/modprobe ip_tables / sbin/modprobe iptable_nat # Refresh all chains / sbin/iptables-F-t nat iptables-t nat-A POSTROUTING-s 192.168.0.0According to 24-o ppp0-j MMASQUERADE client settings (windows98/2000/xp, linux), the gateway is set to this linux address (192.168.100.123) and DNS is set to 61.144.56.100.

Transparent Agent configuration Agent Software squid:

Edit / usr/local/squid/etc/squid.conf and modify the following to ensure the following configuration:

Http_port 192.168.100.123:8080

Cache_mem 48 MB acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https Snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemakmultiplier acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl flag src 192.168.100.0 255.255.255.0

Httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on cache_effective_user nobody cache_effective_group nobody http_access allow flag

Http_access deny all

(only local area network users are allowed to use agents. For more information, please refer to the squid manual on Access Control Lists to restrict access to agents)

Cache_dir ufs / var/spool/squid 100 16 256

Cache_dir type Directory-Name Mbytes Level-1 Level2

(description: specify the size of the swap space that squid uses to store objects and its directory structure. Multiple such swap spaces can be defined with multiple cache_dir commands, and these swap spaces can be distributed over different disk partitions. "directory" indicates the top-level directory of the swap space. If you want to use the entire disk as swap space, you can use this directory as the mount point to mount the entire disk. The default value is / var/spool/squid. "Mbytes" defines the total amount of space available. Why do you define so many subdirectories? This is because if there are too few subdirectories, the number of files stored in one subdirectory will greatly increase, which will also lead to a great increase in the time it takes for the system to find a file, resulting in a sharp decline in the overall performance of the system. Therefore, in order to reduce the number of files in each directory, we must increase the number of directories used. If you only use one-level subdirectories, the number of subdirectories under the top-level directory is too large, so we use a two-level subdirectory structure. So, how do you determine the number of subdirectories your system needs? We can use the following formula to estimate.

Known quantity:

DS = Total available swap space (unit KB) / number of swap SPAC

OS = average size of each object = 20k

NO = average number of objects stored in each secondary subdirectory = 256

Unknown quantity:

L1 = number of first-level subdirectories

L2 = number of secondary subdirectories

Calculation formula:

L1 x L2 = DS / OS / NO

(note that this is an indefinite equation and can have multiple solutions.)

Acl allow_domain dstdomain "/ etc/squid/allow_domain"

Create a cache directory

[root@proxy squid] # squid-z

Modify the directory owner squid:

[root@proxy squid] # chown squid:squid / usr/spool/squid

Finally, start squid:

[root@iptable logs] # / usr/local/squid/bin/RunCache &

And the following ports should be * in the system:

[root@proxy logs] # netstat-ln tcp 0 0 0.0.0. 0 LISTEN udp 3128 0.0.0. 0. 0. 0. 0. 0.

These indicate that squid has started normally.

Then use Redhat's serviceconf tool to make the squid server start automatically when the system starts.

Settings for 5.iptables

Create the firewall file with the touch command in the / etc/rc.d/ directory, execute chmod uplix firewll to change the file properties, edit the / etc/rc.d/rc.local file, and add / etc/rc.d/firewall at the end to ensure that the script is automatically executed at boot time.

The content of the firewall file is:

#! / bin/sh

Echo "Enabling IP Forwarding..."

Echo 1 > / proc/sys/net/ipv4/ip_forward

Echo "Starting iptables rules..."

# Refresh all chains

/ sbin/iptables-F-t nat

Iptables-t nat-A PREROUTING-I eth2-p tcp- m tcp-dport 80-j REDIRECT-to-ports 8080

Iptables-t nat-A POSTROUTING-s 192.168.0 vlan 24-o ppp0-- j MMASQUERADE 7. Transparent agents that implement squid+iptables in a three-layer switched network with multiple squid+iptables often have three layers of switching in enterprise networks. It can effectively isolate broadcasts and prevent broadcast storms. Dividing the vlan through layer 3 switches makes it relatively easy to apply and manage. But it also brings a little trouble to the setting of the agent. The traditional agent has to set up the agent.

Server address and port, which is not a problem for layer 3 switched networks. The key is the setting of the gateway in the transparent proxy. In the layer 3 switched network, the gateway of each vlan computer should be set to the gateway of the vlan. For example, the gateway of vlan1 in the following table must be 192.168.100.1 and the gateway of Vlan2 must be 192.168.110.1. It is absolutely impossible to set the gateway to the address of proxy server in an ordinary network. Therefore, the main problem of setting transparent proxy in layer 3 switching network is the setting of layer 3 central switch and proxy server routing. there should be a default route pointing to the proxy server in the routing table of layer 3 switch, and a gateway containing all vlan in the routing table of server.

The following is my network description: there are 15 vlan in the intranet as shown in the routing table, the proxy server (squid+iptables) has two network cards in the vlan1, the eth0 connection external network ip is A.B.C.D, and the gateway is 192.168.100.123and192.168.100.12324 without a gateway. Add a route to the server to point 192.168.100.1 eth2 to the gateway of vlan1 192.168.100.1 route route-net 192.168.0.0 netmask 255.255.0.0 to ensure communication with other vlan, so that the network part is configured successfully. Let's not talk about transparent proxy settings here, please refer to other articles. In this way, all vlan computers can surf the Internet as long as the gateway and dns are configured. For example, a computer in vlan3 has an ip setting of 192.168.120.47 and a gateway of 192.168.120.1. The DNS address is given by the service provider (Guangzhou area ADSL:61.144.56.100), so it is OK. The route out of the network is-> 192.168.120.47-> 192.168.120.1-> 192.168.100.1-> 192.168.100.123-> A.B.C.1->.

Thank you for reading, the above is the content of "how to set ADSL under Linux to make LAN connect to the Internet". After the study of this article, I believe you have a deeper understanding of how to set up ADSL to make LAN connect to the Internet under Linux, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.