Use Iptables + RedHatLinux9.0 as the ADSL Router-Linux Enterprise Application-Linux server application information. The following is a detailed description. Description and conventions
# All commands in "[]" should be directly typed in the command line
1. Preface Recently, I helped a friend build the ADSL gateway route for their company. It was originally made using FreeBSD and now I want to use Red Hat Linux again.
2. Installation preparation and Environment Description 1) Red Hat Linux 9.0 minimal installation: directly select Custom in the installation type, and then select the "minimal installation" option during package installation. This mode is sufficient for routing gateway.
3. Software Adjustment 1) rp-pppoe
Directly execute its configuration command:
[Adsl-start]
Welcome to the Roaring Penguin ADSL client setup. First, I will run
Some checks on your system to make sure the PPPoE client is installed
Properly...
Looks good! Now, please enter some information:
USER NAME
>>> Enter your PPPoE user name: [enter ADSL-Login-UserName here]
INTERFACE
>>> Enter the Ethernet interface connected to the ADSL modem
For Solaris, this is likely to be something like/dev/hme0.
For Linux, it will be ethn, where n is a number.
(Default eth1): [Enter your right interface here. normaly shocould be eth0 or eth1]
>>> Enter the demand value (default no): [This is the default value. Press Enter.]
DNS
>>> Enter the DNS information here: [server] # server indicates that DNS is specified by the ISP
PASSWORD
>>> Please enter your PPPoE password: [] # ADSL dialing password
>>> Please re-enter your PPPoE password:
FIREWALLING
The firewall choices are:
0-NONE: This script will not set any firewall rules. You are responsible
For ensuring the security of your machine. You are STRONGLY
Recommended to use some kind of firewall rules.
1-STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2-MASQUERADE: Appropriate for a machine acting as an Internet gateway for a LAN
>>> Choose a type of firewall (0-2): [2] # Better firewall
** Summary of what you entered **
Ethernet Interface: eth1
User name: ddtthz! Internet
Activate-on-demand: No
DNS: server
Firewalling: NONE
>>> Accept these settings and adjust configuration files (y/n )? [Y] # Done!
(2) eth0 is connected to the ADSL line, and eth1 (192.168.1.4/24) is connected to the internal LAN (192.168.1.0/24)
3) iptables
Notes for administrators familiar with Ipchains:
Differences between iptables and ipchains
· The Name Of The default chain of iptables is changed from small to uppercase, And the meaning is no longer the same: the INPUT and OUTPUT rules are placed for the destination address and the packets sent from the local machine respectively.
· The-I option only indicates the input network interface, and the-o option is used when the input network interface is used.
· TCP and UDP ports now use -- source-port or -- sport (or -- destination-port/-- dport) the options are spelled out and must be placed after the "-p tcp" or "-p udp" options, because they are loaded with TCP and UDP extensions, respectively.
· In the past, the "-y" flag of TCP was changed to "-- syn" and must be placed after "-p tcp.
· The original DENY target is finally changed to DROP.
· You can clear a single chain in the list.
· You can clear the rule counter while clearing the built-in chain.
· The current instantaneous value of the counter can be displayed when the list shows the chain.
· REJECT and LOG are now extended, meaning they become independent kernel modules.
· The chain name can be up to 31 characters long.
· MASQ is now changed to MASQUERADE and uses different syntaxes. REDIRECT retains the original name, but also changes the syntax used.
Design Concept:
(1) prohibit forwarding of any packets first, and then set the packets that are allowed to pass through step by step.
[/Sbin/iptables-p forward drop]
(2) MASQUERADE the PPP link
[/Sbin/iptables-t nat-a postrouting-o ppp0-j MASQUERADE]
(3) allow two specific machines to access the external WWW, based on the MAC address
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
