Redhat9 + ADSL + iptables + DHCPD

This solution uses services such as ppp0, DHCP, iptables, and squid (DHCP and squid can be left empty)

Ultimate goal: the server RedHat uses ADSL dial-up Internet access. Other machines in the LAN below access the Internet through the server's iptables service, and basic Internet access services are not affected. If you have many clients, you can install the squid service to make the client access the webpage faster. Of course, if you are too lazy to configure the TCP/IP settings of the client, you can start the DHCP service.

Server: redhat9.0 3com905b x 2 ZTE's zxdsl831 Beijing Netcom ADSL line (non-monthly subscription)
IP Address Allocation:
RedHat Server:
Eth0: 192.168.0.1 255.255.255.0 do not configure Other gateways, such as DNS (),
This Nic is used to connect other machines in the LAN

Eht1: 192.168.1.2 255.255.255.0 Other gateways and DNS do not configure (),
This Nic is used for ADSL dial-up. Do not set it to 192.168.1.1, because the default configuration address of my zte adsl is 192.168.1.1.

The above two NICs on our server are static settings, rather than the common saying that the ADSL Nic should be set to DHCP to get the address.

Set the IP address of the client. Select DHCP here. If you want to set static settings, you can set
IP addresses between 192.168.0.2 and 192.168.0.254. The subnet mask is 255.255.255.0, the gateway points to 192.168.0.1, And the DNS points to 192.168.0.1 or other DNS addresses of your ISP.

Now we have configured the ADSL connection. Many people on the Internet say that the RedHat self-ADSL has a problem, but I have no problems with the configuration. I directly use the command ADSL-setup to configure

Enter ADSL-setup to enter the configuration dialog.

Welcome to the ADSL Client Setup. First, I will run some checks on
Your system to make sure the pppoe client is installed properly...

The following DSL config was found on your system:

Device: Name:
Ppp0 dslppp0

Please enter the device if you want to configure the present DSL config
(Default ppp0) or enter 'n' if you want to create a new one: the name of the created dial-up connection, which is the default value.

Login Name

Enter your login name (default): Enter the login username of the ADSL account

Interface

Enter the Ethernet interface connected to the ADSL Modem
For Solaris, this is likely to be something like/dev/hme0.
For Linux, it will be ethx, where 'x' is a number.
(Default eth1): The network card bound to the ADSL device. Here is eht1.

Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds
After which the link shoshould be dropped. If you want the link
Stay up permanently, enter 'no' (two letters, lower-case .)
Note: Demand-activated links do not interact well with dynamic IP
Addresses. You may have some problems with demand-activated links.
Enter the demand value (default no): Default

DNS

Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide dynamic dns address ',
Enter 'server' (all lower-case) Here. Note that we do not enter any DNS address here. We will configure ADSL to automatically obtain the DNS address from the ISP.
If you just press enter, I will assume you know what you are
Doing and not modify your DNS setup.
Enter the DNS information here:

Password

Please enter your password: enter the password of the ADSL account
Please re-enter your password: password verification

Userctrl

Please enter 'yes' (two letters, lower-case.) If you want to allow
Normal user to start or stop DSL connection (default yes): Default

Firewalling

Please choose the firewall rules to use. Note that these rules are
Very basic. You are strongly encouraged to use a more sophisticated
Firewall setup; however, these will provide basic security. If you
Are running any servers on your machine, you must choose 'none' and
Set up firewalling yourself. Otherwise, the firewall rules will deny
Access to all standard servers like Web, e-mail, FTP, etc. If you
Are Using SSH, the rules will block outgoing SSH connections which
Allocate a privileged source port.

The firewall choices are:
0-None: This script will not set any firewall rules. You are responsible
For ensuring the security of your machine. You are strongly
Recommended to use some kind of firewall rules.
1-standalone: appropriate for a basic stand-alone Web-surfing Workstation
2-masquerade: appropriate for a machine acting as an Internet gateway
For a LAN
Choose a type of firewall (0-2): Because we want to use iptables later, select 2

Start this connection at boot time

Do you want to start this connection at boot time?
Please enter NO or yes (default no): I am not a monthly subscription, so select no. If you are a monthly subscription, select YES.

** Summary of what you entered **

Ethernet interface: eth1
User name: Username
Activate-on-demand: No
DNS: Do not adjust
Firewalling: Masquerade
User Control: Yes
Accept these settings and adjust configuration files (y/n )? Select Yes to save the settings.

After using the adslsetup command to configure ppp0, let's take a look at the configuration of ppp0 in xwindows.

Note: here we select the DNS information automatically obtained from the provider. This is critical. Otherwise, even if the client can access the Internet, the local server will not be able to see the webpage.

Now, the ADSL configuration is complete. We use the command ADSL-start to activate the ADSL connection.

Basically, if you can ping an external IP address, use the NSLookup command at most to test it.
Whether the DNS is normal.

We only need to configure iptables after confirming that the ADSL connection is correct.

Modify/etc/sysconfig/iptables (delete all the original content ).

# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: IFUP-post will punch the current nameservers through
# Firewall; such entries will ** not * be listed here.
* Mangle
: Prerouting accept [0: 0]
: Input accept [0: 0]
: Forward accept [0: 0]
: Output accept [0: 0]
: Postrouting accept [0: 0]
* Nat
: Prerouting accept [0: 0]
: Postrouting accept [0: 0]
: Output accept [0: 0]
[0: 0]-A postrouting-O ppp0-J Masquerade
Commit
* Filter
: Input accept [0: 0]
: Forward accept [0: 0]
: Output accept [0: 0]
Commit

Modify/etc/sysctl. conf and set net. ipv4.ip _ forward to 1, as shown below:
Net. ipv4.ip _ forward = 1
In this way, the IP forwarding function is automatically enabled every time you restart the machine or restart the network service (/etc/init. d/network restart!

Restart the iptables service:
/Etc/rc. d/init. d/iptables restart

Iptables-T nat-l-N check whether the proxy rule is correct. The result is as follows:
[Root @ localhost root] # iptables-T nat-l-N
Chain prerouting (Policy accept)
Target prot opt source destination

Chain postrouting (Policy accept)
Target prot opt source destination
Masquerade all -- 0.0.0.0/0 0.0.0.0/0

Chain output (Policy accept)
Target prot opt source destination

CAT/proc/sys/NET/IPv4/ip_forward check whether the value is 1. The result is as follows: [/B]
[Root @ localhost root] $ CAT/proc/sys/NET/IPv4/ip_forward
1

In fact, if your customer segment is configured with a static IP address, you can now share the Internet via the server. If you want to configure a DHCP server, modify/etc/DHCPD. conf
# Start of/etc/DHCPD. conf
Ddns-Update-style interim;
Ignore client-updates;
Subnet 192.168.0.0 netmask 255.255.255.0 {
# --- Default Gateway
Option routers 192.168.0.1;
Option subnet-mask limit 255.0;
# --- Option domain-name-servers ISP's dns1, ISP's dns2;
Option domain-name-servers 192.168.0.1, 202.106.0.20, 202.106.148.1;
Option time-offset-18000; # Eastern Standard Time
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- You understand NetBIOS very well
# Option NetBIOS-node-type 2;
Range dynamic-BOOTP 192.168.0.2 192.168.0.254;
Default-lease-time 21600;
Max-lease-time 43200;
}
# End of/etc/DHCPD. conf

I will not talk about squid configuration. It is very simple, but the DNS address must be configured during the configuration process. The default value is none. Otherwise, squid cannot be started when ADSL is not connected. For details, refer to the DNS address of DHCPD. conf.

All right, after RedHat server reboot, all Windows client ipconfig/Renew lucky address, after server ADSL-start, everything is OK! When do you want to stop the Internet access? You only need to enter the following command on the server side: ADSL-stop.