Set up broadband in Linux to connect LAN to the Internet

Source: Internet
Author: User
Tags touch command

Hardware requirements: at least one network card, the broadband device has been applied for and has been activated. ADSLAN) L of Guangzhou Telecom uses the PPPOE dialing method. Therefore, to use ADSL in Linux, you must install the PPPOE client software.

The following describes how to install: I use RedHat Linux 7.3 as the platform. For installation methods of Linux on other platforms, refer to the following steps.

I. Prerequisites for Installation

Make sure that the NIC is installed and the command is running properly

# Ifconfig eth0 // view the NIC status

Do not set the default route gateway in the system). If the default route is automatically obtained after the ADSL dial-up, use the following method to delete it:

Delete GATEWAY = in the/etc/sysconfig/network file and run the following command as root:

#/Etc/rc. d/init. d/network restart 3

If a file/usr/sbin/pppd exists, pppd is installed. If not, installing the ppp-2.3.11-4.i386.rpm version on the CD from RedHatLinux may be different.

Ii. Install PPPOE client software

There are many PPPOE clients in Linux, and most of them use GNU License. We recommend that you use the rp-pppoe package. From http://www.roaringpenguin.com/pppoe/this website, you can not download only the Binary Package of rp-pppoe on the re, you can also download the source code package. Binary Package installation:

A. http://www.roaringpenguin.com/pppoe/rp-pppoe-3.5-1.i386.rpm of binary software package

B. Run jkjk as the root user.

# Rpm-Uvh rp-pppoe-3.5-1.i386.rpm

Install from source code: installation from source code is also applicable to Linux on other platforms, but the gcc compiler must be installed in Linux.

A. Download source code software package http://www.roaringpenguin.com/pppoe/rp-pppoe-3.5.tar.gz

B. Extract

# Tar xvfz rp-pppoe-3.5.tar.gz

# Cd rp-pppoe-3.5

C. Compile and install the running script

#./Go

Will be automatically compiled and installed. Finally, the system automatically calls/usr/sbin/adsl-setup for configuration. For details, see 3.

3. Configure PPPOE client software

After installing the software package, you must configure the pppoe configuration file/etc/ppp/pppoe. conf so that the user name, password, and other parameters in the configuration file can be used during ADSL dialing. You do not have to manually modify this file. You can use the adsl-setup tool to configure the file: #/usr/sbin/adsl-setup.

>>> Enter your PPPoE user name:

Enter the username of the ADSL account.

>>> Enter the Ethernet interface connected to the ADSL modem

For Solaris, this is likely to be something like/dev/hme0.for Linux, it will be ethn, where n is a number. default eth0): Enter eth0, which is the name of the network card connected to ADSL.

>>> Enter the demand value (default no ):

If no is input

>>> Enter the DNS information here:

Enter "server", which indicates that the IP address of the DNS server automatically obtained by using ADSL dialing appears

>>> Please enter your PPPoE password:

Enter the password of the ADSL account.

>>> Choose a type of firewall (0-2 ):

Enter 0. If no firewall is used

>>> Accept these settings and adjust configuration files (y/n )?

If the entered information is correct, enter y to complete the configuration. Otherwise, enter n to re-enter.

4. Start the PPPOE client software

Run the command/usr/sbin/adsl-start to start the PPPOE client software. If the connection succeeds, Connected will appear. If the connection fails, check the network cable, adsl modem, and other physical devices, and view the information in/var/log/messages/usr/sbin/adsl-stop close and ISP connection/usr/sbin/adsl-status to view the current connection status in Linux the system automatically starts the ADSL connection at startup, enter the following command # chkconfig-add adsl to add the self-starting script of ADSL at the current running level.

V. Test

After the connection is successful, use the command # ifconfig-a to include ppp0 information in the output. The IP address is also bound to it, indicating that the IP address has been obtained from the dial-up.

Run the command # netstat-nr to view the route table information. The default route should be the IP address obtained above.

If there is no default route, we can manually add: # route add default gw the IP address obtained above the command # nslookup www.sina.com.cn if Sina's IP address is resolved, it indicates that the DNS server has been correctly obtained from the dial-up. Finally, ping a domain name or IP address using the command. If a response is received, it means that you have achieved success.

Note: It seems that during the configuration process, you will be prompted whether to load ADSL at startup and select yes. This will save your login and start again.

6. use dual NICs to drive Internet access through the company network and Home Network

Hardware requirements: Same as dual-nic

NAT mode: Set the private IP address 192.168.0.0/24, 172.16.0.0/16, and 10.0.0.0/8 for the NIC connected to the internal network ),

For example, 192.168.100.123/24. Do not set the default route gateway), and set DNS to 61.144.56.100 in Guangzhou.

The corresponding region change is the DNS of this region. in/etc/rc. run the touch command in the d/directory to create the firewall file, run the chmod u + x firewall command to change the file attributes, and edit/etc/rc. d/rc. add/etc/rc at the end of the local file. d/firewall to ensure that the script runs automatically at startup.

Firewall content :#! /Bin/sh echo "Enable IP Forwarding ..."

Echo "1">/proc/sys/net/ipv4/ip_forward echo "Starting iptables rules... "

/Sbin/modprobe iptable_filter/sbin/modprobe ip_tables/sbin/modprobe iptable_nat # Refresh all chaos/sbin/iptables-F-t nat iptables-t nat-a postrouting-s 192.168.0.0/24 -o ppp0-j MMASQUERADE client sets windows98/2000/xp and linux) the gateway is set to 192.168.100.123 in linux, and the DNS is set to 61.144.56.100.

Transparent proxy configuration agent software squid:

Edit/usr/local/squid/etc/squid. conf, modify the following content, and ensure the following Configuration:

Http_port 192.168.100.123: 8080

Cache_mem 48 MB acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports 443 563 # http://dt.ap-southeast-1.maxcompute.aliyun-inc.com/api, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemak ā er acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl flag src 192.168.100.0/255.255.255.0

Httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on cache_effective_user nobody cache_effective_group nobody http_access allow flag

Http_access deny all

Restrictions only allow LAN users to use proxies. For details, refer to the content of Access Control Lists in squid manual to restrict Access proxies)

Cache_dir ufs/var/spool/squid 100 16 256

Cache_dir type Directory-Name Mbytes Level-1 Level2

Editor's note: Specify squid to store the size of the swap space and its directory structure of the object. You can use multiple cache_dir commands to define multiple such swap spaces, and these swap spaces can be distributed across different disk partitions.

"Directory" specifies the top-level directory of the swap space. If you want to use the entire disk as the swap space, you can mount the entire disk as a mount point. The default value is/var/spool/squid. "Mbytes", which defines the total available space.

Note that the squid process must have the read and write permissions on the directory.

Level-1 indicates the number of first-Level subdirectories that can be created under the top-Level directory. The default value is 16. similarly, Level-2 is the number of Level-2 sub-directories that can be created. The default value is 256. Why define so many subdirectories? This is because if there are too few subdirectories, the number of files stored in a sub-directory will be greatly increased, which will also lead to a significant increase in the system's time to find a file, this reduces the overall performance of the system.

Therefore, to reduce the number of files in each directory, we must increase the number of directories used. If only the first-level sub-directory is used, the number of sub-directories under the top-level directory is too large, so we use the two-level sub-directory structure. How can we determine the number of subdirectories required by your system? We can use the formula below to estimate .]

Known amount:

DS = total available swap space, in KB)/swap space

OS = average size of each object = 20 k

NO = average number of objects stored in each second-level sub-directory = 256

Unknown quantity:

L1 = number of first-level sub-Directories

L2 = number of list subdirectories

Calculation formula:

L1 x L2 = DS/OS/NO

Note that this is an Indefinite Equation and there can be multiple solutions)

Acl allow_domain dstdomain "/etc/squid/allow_domain"

Create cache directory

[Root @ proxy squid] # squid-z

Modify the squid of the directory owner:

[Root @ proxy squid] # chown squid: squid/usr/spool/squid

Last start squid:

[Root @ iptable logs] #/usr/local/squid/bin/RunCache &

In addition, the following ports should be monitored in the system:

[Root @ proxy logs] # netstat-ln tcp 0 0 0.0.0.0: 3128 0.0.0.0: * LISTEN udp 0 0 0.0.0.0: 3130 0.0.0.0 :*

It indicates that squid has started properly.

Then, use the serviceconf tool of Redhat to enable the squid server automatically when the system starts.

Iptables settings

In the/etc/rc. d/directory, run the touch command to create the firewall file and run the chmod u + x firewll command to change the file attributes,

Edit the/etc/rc. d/rc. local file and add/etc/rc. d/firewall at the end to ensure that the script is automatically executed at startup.

The content of the firewall file is:

#! /Bin/sh

Echo "Enabling IP Forwarding ..."

Echo 1>/proc/sys/net/ipv4/ip_forward

Echo "Starting iptables rules... Else"

# Refresh all chains

/Sbin/iptables-F-t nat

Iptables-t nat-a prerouting-I eth1-p TCP/IP-m tcp-dport 80-j REDIRECT-to-ports 8080

Iptables-t nat-a postrouting-s 192.168.0.0/24-o ppp0--j MMASQUERADE

7. Implement squid + iptables transparent proxy in a layer-3 switching network with multiple VLANs

In an enterprise, there are usually three layers of network switching. It effectively isolates broadcast and prevents broadcast storms. Vlan Division through layer-3 switches makes application and management easier. But it also brings a little trouble to proxy settings. Traditional proxies need to be set up as proxies.

Server address and port, which is no problem for the layer-3 switching network. The key is to set the gateway in the transparent proxy. In a layer-3 switched network, the computer gateway of each vlan must be set as the gateway of the vlan, for example: in the following table, the gateway of vlan1 must be 192.168.100.1 and the gateway of vlan2 must be 192.168.110.1. It is absolutely impossible to set the gateway as the proxy server address in a common network. Therefore, the main problems of transparent proxy settings in a layer-3 switching network are concentrated in the configuration of layer-3 Central switch and Proxy Server Routing. A default route entry in the layer-3 Switch routing table must point to the proxy server, the route table of the server must have a gateway that contains all VLANs.

The following is my Network Description: The Intranet has 15 VLANs, as shown in the route table. The proxy server squid + iptables) in vlan1, the server has two NICs, and eth0 connects to the Internet with the ip address A. B .C.D, the gateway is. b. c.1.eth1 connects to the Intranet ip address 192.168.100.123/24 without a gateway.

Add a route to the server and point 192.168.0.0/16 to the gateway 192.168.100.1 of vlan1,

# Route add-net 192.168.0.0 netmask route 0.0 eth1

To ensure communication with other VLANs, the network is successfully configured. For more information about transparent proxy settings, see other articles. In this way, all vlan computers can access the Internet as long as the gateway and dns are configured. For example, for a computer in vlan3, the IP address is 192.168.120.47, the gateway is 192.168.120.1, And the dns address is the ADSL in Guangzhou that the service provider gives: 61.144.56.100. The outbound route is-> 192.168.120.47-> 192.168.120.1-> 192.168.100.1-> 192.168.100.123-> A. B. C.1-> .......

Related Articles]

  • AdSL dial-up Internet access For Ubuntu Linux 7.04
  • Description of ADSL dial-up Internet access in Linux
  • ADSL Network Protocol PPPOE

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.