快捷搜索:

在NETBSD上配置ADSL+IPF+IPNAT

OS: 2.x

设置设置设备摆设摆设网卡的IP地址:

# vi /etc/ifconfig.rtk0

inet 192.168.0.1 netmask 255.255.255.0

# vi /etc/ifconfig.tlp0

inet 192.168.1.2 netmask 255.255.255.0

设置设置设备摆设摆设主机名:

# vi /etc/myname

netbsd

# vi /etc/hosts

127.0.0.1    localhost    netbsd

设置设置设备摆设摆设DNS解析:

# vi /etc/resolv.conf

nameserver 202.99.160.68

nameserver 202.99.168.8

设置设置设备摆设摆设网关:

# vi /etc/mygate

192.168.0.10

设置设置设备摆设摆设主机本地解析:

# vi /etc/hosts

192.168.0.10    win2k

设置设置设备摆设摆设SSHD办事:

# vi /etc/defaults/rc.conf

sshd=YES

# vi /etc/ssh/sshd_config

PermitRootLogin yes

安装设置设置设备摆设摆设ADSL:

# pkg_add rp-pppoe-3.5.tgz

# mkdir /etc/ppp

# cp /usr/pkg/share/examples/rp-pppoe/pppoe.conf /etc/ppp/pppoe.conf

# adsl-start

设置设置设备摆设摆设防火墙代理上网:

# vi /etc/ipf.conf

=================================/etc/ipf.conf==============================

# +-----------+  +------------------------------+  +------------------+

# | ADSL-Modem|---| ppp0 tlp0 NAT+IPF  rtk0 |---| Internal Network |

# +-----------+  +------------------------------+  +------------------+

#

# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# Interface: all

# Block all incoming and outgoing packets unless they're allowed later.

# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

block in all

block out all

# Possibly dangerous: packets with ip-options, short and fragmented packets

block in log quick on ppp0 proto icmp from any to any

block in log quick all with short

block in log quick all with ipopts

block in log quick all with frag

block in log quick all with opt lsrr

block in log quick all with opt ssrr

# Local network traffic is allowed

pass out quick on lo0

pass in quick on lo0

pass out quick on rtk0

pass in quick on rtk0

# Block faked or unlikely "local" addresses

block in log body quick on ppp0 from 192.168.0.0/16 to any

block in log body quick on ppp0 from 172.16.0.0/12 to any

block in log body quick on ppp0 from 10.0.0.0/8 to any

block in log body quick on ppp0 from 192.0.2.0/24 to any

block in log body quick on ppp0 from 0.0.0.0/8 to any

block in log body quick on ppp0 from 127.0.0.0/8 to any

block in log body quick on ppp0 from 169.254.0.0/16 to any

block in log body quick on ppp0 from 224.0.0.0/3 to any

block in log body quick on ppp0 from 204.152.64.0/23 to any

# Blocking of outgoing faked or unlikely "internal" addresses

block out log body quick on ppp0 from any to 192.168.0.0/16

block out log body quick on ppp0 from any to 172.16.0.0/12

=================================/etc/ipf.conf==============================

# vi /etc/sysctl.conf

net.inet.ip.forwarding=1

net.inet.tcp.mss_ifmtu=1

# vi /etc/ipnat.conf

map ppp0 192.168.0.0/24 ->; 0/32 proxy port ftp ftp/tcp mssclamp 1440

map ppp0 192.168.0.0/24 ->; 0/32 portmap tcp/udp auto mssclamp 1440

map ppp0 192.168.0.0/24 ->; 0/32 mssclamp 1440

启用防火墙设置:

# vi /etc/defaults/rc.conf

ipfilter=YES                            # uses /etc/ipf.conf

ipnat=YES                                # uses /etc/ipnat.conf

ipfs=YES        ipfs_flags=""        # save/load ipnat and ipf states

ifwatchd=YES

设置设置设备摆设摆设动态域名更新:

# wget http://www.3322.org/dyndnspage/ez-ipupdate-3.0.10.tgz

# tar zxvf ez-ipupdate-3.0.10.tgz

# cd ez-ipupdate-3.0.10

# vi conf_file.c

增添一行:

#include ;

# vi ez-ipupdate.c

注释掉落下面几行(4515行):

//else

// {

//  fprintf(stderr, "no update needed at this time\n";

// }

# ./configure

# make

# make install

设置拨号后自动运行:

# vi /etc/ppp/ip-up

#!/bin/sh

/usr/local/bin/ez-ipupdate -i ppp0 -h nero.3322.org -S qdns -u llzqq:9335333

# chmod 700 /etc/ppp/ip-up

您可能还会对下面的文章感兴趣: