Enable dual-network by bypassing multiple NICs in Linux

Text/figure tsunami Tian Ming (Ansty) now some domestic universities and internal networks use Ruijie or harbor certification, most likely to ensure their own security, however, these certifications have many annoying restrictions. For example, when the official certificate program of Ruijie is connected, it checks whether there are multiple NICs on the operating platform, whether there is Agent software or

Text/figure Tian Ming (Ansty)
At present, some universities and internal enterprises in China use Ruijie or harbor certification, which guarantees their own security, but these certifications have many annoying restrictions. For example, when the official re certification program is connected, it checks whether there are multiple NICs on the operating platform, whether there is software such as Agent software or gateway installed, and if yes, it stops authentication.
Our current network environment has two networks: campus network and broadband network. There are multiple machines in the LAN, which can connect to the broadband through routing and connect to the campus network through one machine. this machine is our egress route to the campus network.
As mentioned above, the official re certification program will detect the operating platform and strictly check multiple NICs, proxies, and shared connections. we need to find a way to bypass these restrictions. For Windows platform bypass, it is very simple to do not introduce, here only talk about the implementation of Linux.
In Linux, the basic principle is that all machines in the Lan are interconnected through routers, the routers are responsible for ADSL dialing, and all machines can be connected through the Internet on the routers. Machine A connects to the campus network and enables the shared connection function. as A gateway for machines in the Lan to enter the campus network, the route table is used to automatically select the network.
 
Network Environment
1) system environment
System version: Ubuntu 7.10
Ansty @ Ansty :~ $ Sudo uname-
Linux Ansty 2.6.22-14-generic #1 SMP Tue Dec 18 08:02:57 UTC 2007 i686 GNU/Linux
2) Nic
Ansty @ Ansty :~ $ Sudo ifconfig-
Eth0 Link encapsulation: Ethernet, hardware address **: * 0
Inet address: 192.168.1.100, broadcast address: 192.168.1.255, mask: 255.255.255.0
Up broadcast running multicast mtu: 1500, hops: 1
Received data packet: 62645, error: 0, discard: 0, overload: 0, number of frames: 0
Send data packet: 61388, error: 0, discard: 0, overload: 0, carrier: 0
Collision: 0, sending queue length: 1000
Received bytes: 74313331 (70.8 MB), sent bytes: 4567716 (4.3 MB)
Interrupt: 19, basic Address: 0x2000
 
Eth1 link encapsulation: Ethernet, hardware address **: * 2
Inet address: 172. ***, broadcast: 172. ***. ***. 255, mask: 255.255.255.0
Up broadcast running multicast mtu: 1500, hops: 1
Received data packet: 15314, error: 0, discard: 0, overload: 0, number of frames: 0
Send data packet: 6522, error: 0, discard: 0, overload: 0, carrier: 0
Collision: 0, sending queue length: 1000
Received byte: 17196095 (16.3 MB), sent byte: 475199 (464.0KB)
Interruption: 20
 
Lo link encapsulation: Local loopback
Inet address: 127.0.0.1, mask: 255.0.0.0
Up loopback running mtu: 16436, hops: 1
Received data packet: 93, error: 0, discard: 0, overload: 0, number of frames: 0
Send data packet: 93, error: 0, discard: 0, overload: 0, carrier: 0
Collision: 0, sending queue length: 0
Received byte: 11384 (11.1KB), sent byte: 11384 (11.1KB)
 
The eth0 Nic is used to connect to the ADSL router. the IP address is 192.168.1.100. the eth1 Nic is used to connect to the port provided by the campus network, and the IP address is 172 .***.***.***.
 
Function implementation
On the basis of the above network environment, we began to configure the network to achieve our goal.
1) network configuration
Eth1 is used to connect to the campus network. Because the campus network in my school dynamically obtains IP addresses, select "automatic configuration (DHCP)", as shown in Figure 1. If you are using a fixed IP address, select a fixed IP address. The IP address allocated to server A is 172 .***.***.***.

The eth0 Nic is used to connect to the ADSL network through a route. the IP address is automatically allocated by the vro. Therefore, the dynamic IP address is used here, and the obtained IP address is 192.168.1.100.
Other non-Ubuntu systems can access the internet to check related Nic configuration materials. However, you can use the ifconfig command to configure the NIC, which is not described here.
2) install the authentication program
To achieve our goal, you must use a third party instead of the official re certification program. The xmuruijie-1.3 is used here. Compared with xrgsu, it does not detect multiple NICs, because XMU-Ruijie does not detect multiple NICs. the Function only performs authentication.
This program is written in Python and is easy to install.
Unzip: tar-xvzf xmuruijie-1.3.tar.gz
Installation: $ cd xmuruijie-1.3, $ sudo./install. sh install
The Root permission is required during installation. do not use sudo on the ubuntu terminal. in other versions of Linux, switch to the Root permission.
3) configuration
Enter "sudo gedit/etc/xmuruijie. conf" in the terminal to configure the xmuruijie. conf file. the key content is as follows.
# This is the configuration file of XMU-Ruijie
# Parameters for authentication
[Auth]
User: Your-Acount
Passwd: Your-Password
Interface: eth0
# Parameters for daemonize:
[Daemon]
Logfile:/var/log/xmuruijie. log
Pid:/var/run/xmuruijie. pid
 
Change the your-ACO in this file to an authenticated account, change Your-Passwor to a password, and change eth0 to the NIC used to connect to the campus network. here I changed it to eth1.
Because our school needs to use the xrgsu algorithm for authentication, we also need to modify/etc/init. d/xmuruijie and add the "-x" parameter to start. Enter "sudo gedit/etc/init. d/xmuruijie" on the terminal and find the following section in "/usr/sbin/xmuruijie? D "followed by a"-x.
 
Case "$1" in
Start)
Echo "Starting xmuruijie"
/Usr/sbin/xmuruijie-d-x
Echo "Running dhcp client to get ip address ..."
If [-f "/sbin/dhcpcd"]; then
 
4) use
In ubuntu, all network operations require Root permissions, so do not forget sudo during execution.
Start authentication: sudo/etc/init. d/xmuruijie start
After authentication, the program runs in the background.
Stop authentication: sudo/etc/init. d/xmuruijie stop
5) configure the static route table
Here, authentication is done, and the rest is to configure the network selection for the Linux dual network. After the default dual-network interface is activated and connected, two default gateways will appear in the static route table of the system, and sometimes there will be problems accessing the Internet in Linux, so we need to delete a default gateway.
Run the command "ansty @ Ansty :~ /Xmuruijie-1.3 $ route-n "to get the Kernel IP route table as follows.
 
Target gateway subnet mask flag hop reference interface
172. **. **. 0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
0.0.0.0 172. ** 0.0.0.0 UG 0 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UA 100 0 0 eth0
 
Which gateway should we use as our default gateway? Among them, 172. ** is the gateway of the campus network, and 192.168.1.1 is the gateway of the vro and connected to the ADSL line.
In ubuntu, run the "sudo route del-net 0.0.0.0 netmask 0.0.0.0 gw to delete the gateway" command to delete the address that does not use the default gateway. The rest is the default gateway. Here, I use the 192.168.1.1 route as the default gateway, and then run "sudo route del-net 0.0.0.0 netmask 0.0.0.0 172. **" to delete the campus network gateway.
But in this way, we will not be able to access campus network resources, and all the data will only go out of the Gateway 192.168.1.1. To solve the problem of accessing the campus network, we need to use the static route table to let the data in an IP segment go out through the specified gateway. That is to say, adding a static route table can solve the problem.
Command format: sudo route add-net ip segment netmask subnet mask gw Gateway
Run "sudo route add-net 202. ***. ***. 0 netmask 255.255.255.0 gw 172. **. **. * ** "to pass the IP address segment of my school through 172. **. **. * ** go out of the Gateway.
Run the command "ansty @ Ansty :~ /Xmuruijie-1.3 $ route-n "to view the Kernel IP route table.
 
Target gateway subnet mask & nbs