FreeBSD 5.0 ​​Gateway Guide

xiaoxiao2021-03-06  107

FreeBSD 5.0 ​​Gateway Guide from:

http://freebsdchina.org

Version 2.0. Preview3

Huang Dong (HDCOLA@bj1860.net)

1. Preface 1

2. Install MPD 2

3. PPPOE 2

3.1. Using PPP 2

3.1.1. Setting up a PPP output using PPPoE 2

3.1.2. Automatically connect when setting startup 3

3.1.3. Manual connection 4

3.2. Using MPD 4

3.2.1. Configure your new Kernel 4

3.2.2. Configure MPD Profile 4

3.2.3. Automatically connect when setting startup 5

3.2.4. Manual connection 5

4. Set NAT Services 5

4.1. Starting PPP NAT Support 5

4.1.1. Automatically start 5 when system startup

4.1.2. Manual start 6

4.2. NATD 6 using IPFW

4.2.1. System Configuration 6

4.2.2. Set NATD 6 for PPP

4.2.3. Set NATD 7 for MPD

5. Configuration file summary 8

5.1. PPP allocate 8

5.1.1. /Etc/rc.conf 8

5.1.2. /Etc/ppp/ppp.conf 8

5.2. MPD allocated 9

5.2.1. Kernel configuration file 9

5.3. PPP NAT allocated 9

5.4. PPP uses NATD to allot 9

5.5. Use NATD MPD to allocate 9

5.6. PPP uses iPnat to allocate 9

5.7. MPD uses ipnat to allocate 9

1 Introduction

This article is called the FreeBSD 5.0 ​​ADSL installation guide. Because it is, the more you do, the name is called the gateway installation guide. It refers to the installation of a series of applications for the gateway. This name also hopes that everyone can make an idea. I hope everyone can tell me some of my opinions and suggestions, my contact method is: hdcola@bj1860.net. At the same time, you can also go to http://www.huangdong.com/bbs/ to discuss with everyone.

The main purpose of this paper is to explain how to use FreeBSD to create a gateway, which involves ADSL (PPPoE), VPN (PPTP), NAT, Firewall. I don't want to write a big-like article, the main target is that everyone will slowly use PPPoE and VPN in the broadband.

This article does not involve the traditional part of the traditional telephone dial, the main reason is that there are too many articles to tell it. The in-depth discussion of FireWall will not mention this article, because it itself will be a space with this article, I believe that for IPFW, Ipfilter will write a more professional article.

In order to let everyone understand that PPPoE is different from PPTP, so as not to produce my previous confusion, let's tell you their use. Now we use PPPoE mainly ADSL, we can use the ADSL Modem just a dialer, which does not have a network function, just like using the unit device. PPTP is a server with an IP address on the network. I know usually in the campus network, the company network will use such a dial-up server to make a bill or security.

The PPPoE and PPTP tools used herein are primarily the PPP with FreeBSD and the MPD using NETGRAPH. You can use PPP to reach the PPPoE dial, using MPD, you can use MPD to implement the features of PPPoE and PPTP. Due to the power of MPD, I recommend you to use MPD when using PPTP.

I feel that Quakelee is recommended to give me a good tool like MPD, while the universal work of MPD. And OneFlower timely pointed out how clever uses the IPFW configuration file. At the same time, I would like to thank the absolute irrigation to urge this article so quickly a new version. Almost feel the big babies and little babies, they allow me to test all the settings in this article using the ADSL devices in the home. ?

2. Install MPD

Since PPP is a feature comes with FreeBSD, MPD is an additional software for FreeBSD. You can compile it with FreeBSD Ports Collection. The latest version of MPD is 3.13, the compilation method using Ports is: CD / USR / PORTS / NET / MPD

Make Install

Make clean

If you don't have Ports Collection, you can also find the Package installation package of MPD3.13 in the BSD version of Http://www.huangdong.com/bbs/. The installation method using the package installation package is:

PKG_ADD MPD-3.13.tbz

You can also download the MPD source code package yourself by http://www.dellroad.org/mpd/.

3. PPPoe

3.1. Using PPP

3.1.1. Setting up a PPP call out using PPPoE

Back up the PPP.conf in / etc / ppp, the following is the content in the new PPP.conf:

DEFAULT:

SET log Phase Chat LCP IPCP CCP TUN COMMAND

Nat enable Yes

NAT Same_ports Yes

NAT us_sockets Yes

Set Redial 15 28800

Set reconnect 15 28800

PPPoe:

# Join the name of the NIC connection to the ADSL device configured in Kernel, mine is FXP0

Set Device PPPoe: FXP0:

SET MRU 1492

Set MTU 1492

Set speed sync

ENABLE LQR

Set lqrperiod 5

SET CD 5

SET DIAL

Set login

Set Timeout 0

Set authname your username used to login

Set Authkey Your Password Used to Login

SET IFADDR 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0

Add Default Hisaddr # Add A (Sticky) Default Route

Enable DNS

# Note: Only three places you need to make changes, they are PPPoE: FXP0: and usernames and passwords.

If you don't know where the device name from the NIC can get it through the ifconfig -a command, my computer's results are as follows:

FXP0: Flags = 8843 MTU 1500

INET 192.168.10.50 Netmask 0xfffffffff00 Broadcast 192.168.10.255

Ether 00: D0: 59: 0D: 08: 03

Media: Ethernet AutoSelect (10Baset / UTP)

Status: Active

LO0: Flags = 8049 MTU 16384

INET 127.0.0.1 Netmask 0xff000000

3.1.2. Automatically connect when setting startup

Add the following parameters in /etc/rc.conf (PPP_Mode Set the function of the disconnection redial):

PPP_ENABLE = "YES"

# PPP_Mode = "DDIAL"

PPP_MODE = "Background"

PPP_PROFILE = "PPPoe"

The PPP_Profile here corresponds to an entry in the PPP.conf in / etc / ppp. 3.1.3. Manual connection

If you want to manually initiate a connection, just enter on the command line:

PPP -DDial PPPoe

The last parameter is an entry in PPP.conf set in / etc / ppp.

3.2. Using MPD

3.2.1. Configure your new kernel

Add the following to the PPPoe protocol of the ADSL to the Kernel configuration file:

# ADSL PPPOE SUP

Options netgraph

Options Netgraph_ETHER

Options netgraph_socket

Options netgraph_pppoe

After recompilating, installed and restart the machine, you can use Netgraph. That is, MPD can be used normally.

3.2.2. Configure MPD Profiles

MPD configuration files are stored in / usr / local / etc / mpd, which has produced a series of Sample files for us after installation of MPD. We need to generate three profiles using PPPoE:

3.2.2.1. Mpd.conf

PPPoe:

New -i ng0 pppoe pppoe

Set ifce addrs 1.1.1.1 2.2.2.2

SET IFACE ROUTE DEFAULT

SET IFACE DISABLE ON-DEMAND

SET IFACE IDLE 0

Set Bundle Disable MultiLink

Set bundle authname username

Set Link No Acfcomp Protocomp

Set Link Disable PAP CHAP

Set Link Accept Chap

Set Link Mtu 1460

SET IPCP YES VJComp

Set Ipcp Ranges 0.0.0.0.0/0 0.0.0.0/0

Open ifce

Here you need to use your PPPoe user name to replace the UserName behind the set bundle author.

3.2.2.2. MPD.LINKS

PPPoe:

Set link type pppoe

Set PPPoE IFACE FXP0

Set PPPoe Service "ADSL"

Here you need to replace FXP0 using your network card.

3.2.2.3. Mpd.secret

UserName "Password"

Use your username in MPD.conf to replace the username here, use your PPPoE server to replace the Password here.

3.2.3. Automatically connect when setting startup

Create a new file in the /usr/local/tc/rc.d directory, named 000.mpd.sh, content:

/ usr / local / sbin / mpd -b pppoe

It should be noted that you need to make 000.mpd.sh have executable capabilities. You can use this command:

CHMOD X /USR /LOCAL/etc/rc.d/000.mpd.sh

3.2.4. Manual connection

In fact, it is 000. MPD.SH which sentences:

/ usr / local / sbin / mpd -b pppoe

4. Set up NAT services

4.1. Startup PPP NAT Support

4.1.1. Automatically start when the system starts

At the same time, you also need to specify this desk freebsd as a gateway server. Set the Gateway selection in /etc/rc.conf and PPP dial-up options:

Gateway_enable = "yes"

PPP_NAT = "YES"

NATD_ENABLE = "YES"

NATD_INTERFACE = "TU0"

Gateway_enable = "YES" In addition to setting up in /etc/rc.conf, you can add the following settings in /etc/ppp/ppp.conf:

Nat enable Yes

This will open the PPP built-in NAT service. If you add this parameter in ppp.conf, it doesn't matter if you add ppp_nat = "yes" in rc.conf.

For NAT support using PPP We will find that it is the best choice for NAT features for light-type applications and only providing transparent forwarded gateways to use PPP.

4.1.2. Manual startup

If you have changed Nat Enable Yes in ppp.conf, you can still start PPP using the PPP -DDial PPPoE command line. Moreover, PPP also supports NAT's functionality directly. But you can also have you:

PPP-Nat -DDial PPPoe

Command to manually display the PPP NAT support.

4.2. NATD using IPFW

4.2.1. System configuration

4.2.1.1. Add firewall configuration in Kernel

Add the following option parameters in the kernel configuration file:

Options ipfirewall

Options IpfireWall_Verbose

Options ipfirewall_verbose_limit = 100

4.2.1.2. Setting the system startup parameters

Add the following settings in /etc/rc.conf:

ipfirewall_enable = "yes"

FireWall_Type = "open"

4.2.2. Set NATD for PPP

In order to make PPPs have portmapping features which use NATD. For PPP, use ifconfig after starting the PPP, use IFConfig, PPP start and TUN0 or TUNX are used in KERNEL:

Device tun # packet tunnel.

Equipment to form an independent network device. So before the device NATD you need to confirm the device number that your PPP will use. Usually, if only one is dial once, the device name should be TUN0. Add the following NATD settings in /etc/rc.conf:

NATD_ENABLE = "YES"

NATD_INTERFACE = "TUN0"

NATD_FLAGS = "- f /etc/natd.conf"

Also don't forget that in rc.conf also needs a setting of Gateway_enable = "Yes". Since my portmapping project is more, I like to put all settings into a file, which is /etc/natd.conf. The following is my NATD.CONF setting:

Dynamic YES

Redirect_port TCP 192.168.10.100:80 8080

Redirect_port udp 192.168.10.100:3782 3782

REDIRECT_PORT UDP 192.168.10.100:3783 3783

Redirect_port TCP 192.168.10.100:3782 3782

Redirect_port TCP 192.168.10.100:3783 3783

Since the PPP is used, its IP address is dynamically allocated, so the parameter used by Dynamic Yes.

4.2.3. Set NATD for MPD

In the previous section, we explain that NATD needs to use a network interface to do the network card interface of the outer network, which uses NG0 or NGX in the MPD. You can refer to your mpd.conf settings. Used in this document is NG0, so we need to add the following settings in our /etc/rc.conf:

NATD_ENABLE = "YES" NATD_INTERFACE = "Ng0"

NATD_FLAGS = "- f /etc/natd.conf"

For settings in natd.conf, see the settings in the next section, in fact, in the MPD and PPP, in addition to the NATD interface, other is the same.

Since the MPD cannot start through /tc/rc.conf, the shell script in /usr/local/tc/rc.d will start late from NATD startup time, so in order to start MPD in NATD, you can use The following method:

In /etc/rc.firewall

############

# Flush out the list before we begin.

#

$ {fwcmd} -f flush

Back

/ usr / local / sbin / mpd -b pppoe

Sleep 10

This allows NATD to start, the MPD has started and has been dynamically obtained for the NG0 network card. It should be noted that don't forget to delete the mpd.sh in /usr/local/tc/rc.d.

转载请注明原文地址:https://www.9cbs.com/read-124691.html

New Post(0)