• 企业400电话
  • 微网小程序
  • AI电话机器人
  • 电商代运营
  • 全 部 栏 目

    企业400电话 网络优化推广 AI电话机器人 呼叫中心 网站建设 商标✡知产 微网小程序 电商运营 彩铃•短信 增值拓展业务
    OPENBSD上的ADSL和防火墙设置配置
    下面我用的是OPENBSD 3.6

    配置ADSL:
    # vi /etc/ppp/ppp.conf
    ========================ppp.conf=======================
    default:
    set log Phase Chat IPCP CCP tun command
    set redial 15 0
    set reconnect 15 10000

    pppoe:
    set device "!/usr/sbin/pppoe -i rl1"
    disable acfcomp protocomp
    deny acfcomp
    set mtu max 1492
    set crtscts off
    set speed sync
    enable lqr
    set lqrperiod 5
    set cd 5
    set dial
    set login
    set timeout 0
    set authname "sjz681a0156@adsl2"
    set authkey 123456
    add! default HISADDR
    enable mssfixup
    ========================ppp.conf=======================

    建立防火墙代理配置:
    # vi /etc/pf.conf
    =========================pf.conf=======================
    ext_if = "tun0"
    int_if = "{ dc0, rl0 }"
    int_net = "{ 192.168.0.0/24, 192.168.10.0/24 }"
    loop = "lo0"
    tcp_services = "{ www, ftp }"
    boss_ip = "{ 192.168.10.10, 192.168.10.11, 192.168.10.12, 192.168.10.13, 192.168.10.14, 192.168.10.15 }"
    noroute = "{ 127.0.0.1/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 255.255.255.255/32 }"
    web_server = "{ 192.168.10.5, 192.168.100.16 }"
    set block-policy return
    set loginterface $ext_if

    set optimization aggressive

    scrub in all

    altq on $int_if cbq bandwidth 1200Kb queue { dflt, boss }
    queue dflt bandwidth 300Kb cbq(default)
    queue boss bandwidth 900Kb cbq(borrow)

    nat on $ext_if from $int_net to any -> $ext_if

    block all

    block return
    block in quick on $ext_if os NMAP
    block in quick on $ext_if from $noroute to any
    block out quick on $ext_if from any to $noroute

    pass in quick on $ext_if inet proto tcp from any to any port > 60000 keep state
    #pass in quick on $ext_if inet proto icmp all icmp-type 8 code 0 keep state
    pass in quick on $ext_if inet proto tcp from any to any port $tcp_services flags S/SAFR keep state

    pass quick on $loop all
    pass in on $int_if from $int_net
    pass out on $int_if from any to $int_net
    pass out on $int_if from any to $boss_ip queue boss
    pass out on $ext_if all keep state

    pass in on $ext_if inet proto tcp from any to $web_server port = 80 flags S/SAFR keep state (max 200, source-track rule, max-src-nodes 200, max-src-states 2) queue boss
    =========================pf.conf=======================

    禁用系统自定义的PF规则

    # vi /etc/rc.conf
    pf=NO

    启用IP转发:
    # vi /etc/sysctl.conf
    net.inet.ip.forwarding=1

    设置开机启动ADSL拨号:

    # mkdir /etc/rc.d
    # vi /etc/rc.d/adsl.sh
    --------------+----------------+---------------+-------------
    #!/bin/sh
    # /etc/rc.d/adsl.sh
    # 7-11-2004
    # llzqq@126.com

    pppoe_status () {

    IP=$(/sbin/ifconfig tun0 | awk '/netmask/{print $2}')

    if [ ! -z "$IP" ]; then
    echo "pppoe link is up, ip: " $IP
    else
    echo "pppoe link is down"
    fi
    }

    pppoe_start () {

    echo -n "starting pppoe "; ppp -ddial pppoe > /dev/null

    for i in 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0; do
    sleep 2; echo -n "."
    IP=$(/sbin/ifconfig tun0 | awk '/netmask/{print $2}')
    if [ ! -z "$IP" ]; then
    break
    fi
    done
    echo "."
    pppoe_status
    }

    pppoe_stop () {

    PID=$(ps aux | awk '/ppp -ddial/{print $2}')
    kill $PID
    echo "pppoe link is down"
    }

    case "$1" in
    'start')
    pppoe_start
    ;;
    'stop')
    pppoe_stop
    ;;
    'status')
    pppoe_status
    ;;
    *)
    echo "Usage: $0 {start|stop|status}"
    exit 1
    esac
    --------------+----------------+---------------+-------------
    # chmod 555 /etc/rc.d/adsl.sh

    开机时自动进行ADSL拨号

    # vi /etc/rc.local

    if [ -f /etc/ppp/ppp.conf ]; then
    . /etc/rc.d/adsl.sh start
    fi

    # vi /etc/rc.shutdown
    /etc/rc.d/adsl.sh stop

    启用NAME缓存服务器(不是必须的):
    # vi /var/named/named.boot
    options forward-only
    forwarders 202.99.160.68 202.99.168.8

    根据拨号需要加载和关闭防火墙:
    # vi /etc/ppp/ppp.linkup
    MYADDR:
    ! sh -c "/sbin/ifconfig pflog0 up"
    ! sh -c "/sbin/pflogd"
    ! sh -c "/sbin/pfctl -e -F all -f /etc/pf.conf"

    # vi /etc/ppp/ppp.linkdown
    MYADDR:
    ! sh -c "/sbin/pfctl -d -F all"
    ! sh -c "kill `cat /var/run/pflogd.pid`"
    ! sh -c "/sbin/ifconfig pflog0 down"
    ! sh -c "/sbin/route delete default"

    配置动态域名更新:

    # tar zxvf ez-ipupdate-3.0.10.tgz
    # cd ez-ipupdate-3.0.10
    # vi conf_file.c
    增加一行:
    #include errno.h>

    # vi ez-ipupdate.c
    注释掉下面几行(4515行):
    //else
    // {
    // fprintf(stderr, "no update needed at this time\n");
    // }

    # ./configure
    # make
    # make install

    设置拨号后自动运行:

    # vi /etc/ppp/ppp.linkup
    MYADDR:
    ! sh -c "/sbin/ifconfig pflog0 up"
    ! sh -c "/sbin/pflogd"
    ! sh -c "/sbin/pfctl -e -F all -f /etc/pf.conf"
    !bg /usr/local/bin/ez-ipupdate -i tun0 -h nero.3322.org -S qdns -w wildcard -u user:pwd

    解决通过PF防火墙用主动模式连接外网FTP服务器的问题:

    # vi /etc/pf.conf
    rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021

    # vi /etc/inetd.conf
    127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy

    # reboot

    设置SQUID的透明代理:

    # vi /etc/squid/squid.conf
    http_port 127.0.0.1:3128

    # vi /etc/pf.conf
    rdr on $int_if proto tcp from $int_net to any port 80 -> 127.0.0.1 port 3128
    上一篇:Unix vmstat 命令详解宝典
    下一篇:Unix BSD Linux的口令机制初探
  • 相关文章
  • 

    © 2016-2020 巨人网络通讯 版权所有

    《增值电信业务经营许可证》 苏ICP备15040257号-8

    OPENBSD上的ADSL和防火墙设置配置 OPENBSD,上的,ADSL,和,防火墙,