|
|
通常局域网为了共享接入,一般是需要有一台机器固定做服务器,装有两块网卡,其中一块用于拨号,另一块用于连接
局域网,可是,这对于家庭用户不太方便,尤其是几户人家共享接入。
可是,笔者发现这在XP里面,很容易实现,每个用户都可以拨号,其他用户则以他为网关,就可以上网。很方便。
我看了“有状态防火墙”一文后,试了一下,LINUX也可以。具体做法如下:
以太网线(网通PPPOE)进入一户,接HUB的UPLINK口,其他用户网线接入HUB普通网络接口,每个用户设置固定地址,
比如,192.168.133.XXX。
机器OS系统:Mandrake Linux 9.2b2
这样,每个用户可以单独拨号,使用接入服务。在Mandrake里面设置pppoe拨号,用图形界面效果不好,总是报用户密码错。但是命令行界面比较好,只需执行/usr/sbin/adsl-setup。上网只需拨号/usr/sbin/adsl-start。但共享时比较麻烦。不像XP可以方便改网关地址,不管是谁先拨号,占住了线,其他人都可以将网关地址设为他的机器地址
。
在LINUX也可以,只是不熟悉,找了半天,才发现。
首先:
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
修改其中的GATEWAY=192.168.133.aaa // 当前实际网关地址。
DNS不用改。
再执行:
#/etc/init.d/network restart
就好了。这是机器做客户端时的设置。
服务器端的工作,因为通常网卡使用静态地址,网关已设好,如果上来就拨号,路由表会乱掉,导致无法上网。所以,要先将路由表的缺省网关,删掉。然后,再拨号。
#/sbin/route del default
#/usr/sbin/adsl-start
可问题是拨号完了,还要共享。还需将共享插入在/usr/sbin/adsl-start的批处理命令里。由于,普通用户断线就关机,所以,没设置断线恢复路由表功能。
#!/bin/sh
# Generated automatically from adsl-start.in by configure.
#***********************************************************************
#
# adsl-start
#
# Shell script to bring up an ADSL connection
#
# Copyright (C) 2000 Roaring Penguin Software Inc.
#
# $Id: adsl-start.in,v 1.8 2002/04/09 17:28:39 dfs Exp $
#
# This file may be distributed under the terms of the GNU General
# Public License.
#
# LIC: GPL
#
# Usage: adsl-start [config_file]
# adsl-start interface user [config_file]
# Second form overrides USER and ETH from config file.
# If config_file is omitted, defaults to /etc/ppp/pppoe.conf
#
#***********************************************************************
### added for pppoe ####
/sbin/route del default
# From AUTOCONF
prefix=/usr
exec_prefix=/usr
# Paths to programs
CONNECT=/usr/sbin/adsl-connect
ECHO=/bin/echo
IFCONFIG=/sbin/ifconfig
# Set to "C" locale so we can parse messages from commands
LANG=C
export LANG
# Defaults
CONFIG=/etc/ppp/pppoe.conf
USER=""
ETH=""
ME=`basename $0`
# Must be root
if [ "`/bin/id -u`" != 0 ] ; then
$ECHO "$ME: You must be root to run this script" >& 2
exit 1
fi
# Debugging
if [ "$DEBUG" = "1" ] ; then
$ECHO "*** Running in debug mode... please be patient..."
DEBUG=/tmp/pppoe-debug-$$
export DEBUG
mkdir $DEBUG
if [ "$?" != 0 ] ; then
$ECHO "Could not create directory $DEBUG... exiting"
exit 1
fi
DEBUG=$DEBUG/pppoe-debug.txt
# Initial debug output
$ECHO "---------------------------------------------" > $DEBUG
$ECHO "* The following section contains information about your system" >> $DEBUG
date >> $DEBUG
$ECHO "Output of uname -a" >> $DEBUG
uname -a >> $DEBUG
$ECHO "---------------------------------------------" >> $DEBUG
$ECHO "* The following section contains information about your network" >> $DEBUG
$ECHO "* interfaces. The one you chose for PPPoE should contain the words:" >> $DEBUG
$ECHO "* 'UP' and 'RUNNING'. If it does not, you probably have an Ethernet" >> $DEBUG
$ECHO "* driver problem." >> $DEBUG
$ECHO "Output of ifconfig -a" >> $DEBUG
$IFCONFIG -a >> $DEBUG
$ECHO "---------------------------------------------" >> $DEBUG
if [ "`uname -s`" = "Linux" ] ; then
$ECHO "* The following section contains information about kernel modules" >> $DEBUG
$ECHO "* If the module for your Ethernet card is 'tulip', you might" >> $DEBUG
$ECHO "* want to look for an updated version at http://www.scyld.com" >> $DEBUG
$ECHO "Output of lsmod" >> $DEBUG
lsmod >> $DEBUG
$ECHO "---------------------------------------------" >> $DEBUG
fi
$ECHO "* The following section lists your routing table." >> $DEBUG
$ECHO "* If you have an entry which starts with '0.0.0.0', you probably" >> $DEBUG
$ECHO "* have defined a default route and gateway, and pppd will" >> $DEBUG
$ECHO "* not create a default route using your ISP. Try getting" >> $DEBUG
$ECHO "* rid of this route." >> $DEBUG
$ECHO "Output of netstat -n -r" >> $DEBUG
netstat -n -r >> $DEBUG
$ECHO "---------------------------------------------" >> $DEBUG
$ECHO "Contents of /etc/resolv.conf" >> $DEBUG
$ECHO "* The following section lists DNS setup." >> $DEBUG
$ECHO "* If you can browse by IP address, but not name, suspect" >> $DEBUG
$ECHO "* a DNS problem." >> $DEBUG
cat /etc/resolv.conf >> $DEBUG
$ECHO "---------------------------------------------" >> $DEBUG
$ECHO "* The following section lists /etc/ppp/options." >> $DEBUG
$ECHO "* You should have NOTHING in that file." >> $DEBUG
$ECHO "Contents of /etc/ppp/options" >> $DEBUG
cat /etc/ppp/options >> $DEBUG 2>/dev/null
$ECHO "---------------------------------------------" >> $DEBUG
else
DEBUG=""
fi
# Sort out command-line arguments
case "$#" in
1)
CONFIG="$1"
;;
3)
CONFIG="$3"
;;
esac
if [ ! -f "$CONFIG" -o ! -r "$CONFIG" ] ; then
$ECHO "$ME: Cannot read configuration file '$CONFIG'" >& 2
exit 1
fi
. $CONFIG
# Check for command-line overriding of ETH and USER
case "$#" in
2|3)
ETH="$1"
USER="$2"
;;
esac
# Check for pidfile
if [ -r "$PIDFILE" ] ; then
PID=`cat "$PIDFILE"`
# Check if still running
kill -0 $PID > /dev/null 2>&1
if [ $? = 0 ] ; then
$ECHO "$ME: There already seems to be an ADSL connection up (PID $PID)" >& 2
exit 1
fi
# Delete bogus PIDFILE
rm -f "$PIDFILE" "$PIDFILE.pppd" "$PIDFILE.pppoe" "$PIDFILE.start"
fi
echo $$ > $PIDFILE.start
# Start the connection in the background unless we're debugging
if [ "$DEBUG" != "" ] ; then
$CONNECT "$@"
exit 0
fi
$CONNECT "$@" > /dev/null 2>&1 &
CONNECT_PID=$!
if [ "$CONNECT_TIMEOUT" = "" -o "$CONNECT_TIMEOUT" = 0 ] ; then
exit 0
fi
# Don't monitor connection if dial-on-demand
if [ "$DEMAND" != "" -a "$DEMAND" != "no" ] ; then
exit 0
fi
# Monitor connection
TIME=0
while [ true ] ; do
/usr/sbin/adsl-status $CONFIG > /dev/null 2>&1
# Looks like the interface came up
if [ $? = 0 ] ; then
# Print newline if standard input is a TTY
tty -s && $ECHO " Connected!"
###### added for pppoe sharing ############################
UPLINK="ppp0"
INTERFACES="lo eth0 ppp0"
echo "Starting firewall..."
iptables -P INPUT DROP
iptables -A INPUT -i ! ${UPLINK} -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -i ${UPLINK} -j REJECT --reject-with tcp-reset
iptables -A INPUT -p udp -i ${UPLINK} -j REJECT --reject-with icmp-port-unreachable
#explicitly disable ECN
if [ -e /proc/sys/net/ipv4/tcp_ecn ]
then
echo 0 > /proc/sys/net/ipv4/tcp_ecn
fi
#disable spoofing on all interfaces
for x in ${INTERFACES}
do
echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter
done
#we e a router of some kind, enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
#dynamic IP address, use masquerading
echo "Enabling masquerading (dynamic ip)..."
iptables -t nat -A POSTROUTING -o ${UPLINK} -j MASQUERADE
#################### end of pppoe sharing code ###########
exit 0
fi
if test -n "$FORCEPING" ; then
$ECHO -n "$FORCEPING"
else
tty -s && $ECHO -n "$PING"
fi
sleep $CONNECT_POLL
TIME=`expr $TIME + $CONNECT_POLL`
if [ $TIME -gt $CONNECT_TIMEOUT ] ; then
break
fi
done
$ECHO "TIMED OUT" >& 2
# Timed out! Kill the adsl-connect process and quit
kill $CONNECT_PID > /dev/null 2>&1
# Clean up PIDFILE(s)
rm -f "$PIDFILE" "$PIDFILE.pppd" "$PIDFILE.pppoe" "$PIDFILE.start"
exit 1
现在,有一点不好做,就是在开机的时候,就判断,局域网里是否有机器已经拨号上网了,如果有,将网关设为它,如果没有自己拨号,然后共享。因为,现在互联网的网站都不支持ICMP,就是ping,不返回时间,没法判断,网关是否已接通。所以,请大家帮忙完善这个脚本。 |
|
IP卡
狗仔卡
发表于 2003-9-30 18:36:26
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡