<kbd id='V8ci57GrquPLhHJ'></kbd><address id='V8ci57GrquPLhHJ'><style id='V8ci57GrquPLhHJ'></style></address><button id='V8ci57GrquPLhHJ'></button>

              <kbd id='V8ci57GrquPLhHJ'></kbd><address id='V8ci57GrquPLhHJ'><style id='V8ci57GrquPLhHJ'></style></address><button id='V8ci57GrquPLhHJ'></button>

                      <kbd id='V8ci57GrquPLhHJ'></kbd><address id='V8ci57GrquPLhHJ'><style id='V8ci57GrquPLhHJ'></style></address><button id='V8ci57GrquPLhHJ'></button>

                              <kbd id='V8ci57GrquPLhHJ'></kbd><address id='V8ci57GrquPLhHJ'><style id='V8ci57GrquPLhHJ'></style></address><button id='V8ci57GrquPLhHJ'></button>

                                      <kbd id='V8ci57GrquPLhHJ'></kbd><address id='V8ci57GrquPLhHJ'><style id='V8ci57GrquPLhHJ'></style></address><button id='V8ci57GrquPLhHJ'></button>

                                              <kbd id='V8ci57GrquPLhHJ'></kbd><address id='V8ci57GrquPLhHJ'><style id='V8ci57GrquPLhHJ'></style></address><button id='V8ci57GrquPLhHJ'></button>

                                                      <kbd id='V8ci57GrquPLhHJ'></kbd><address id='V8ci57GrquPLhHJ'><style id='V8ci57GrquPLhHJ'></style></address><button id='V8ci57GrquPLhHJ'></button>

                                                              <kbd id='V8ci57GrquPLhHJ'></kbd><address id='V8ci57GrquPLhHJ'><style id='V8ci57GrquPLhHJ'></style></address><button id='V8ci57GrquPLhHJ'></button>

                                                                  申博太阳城_公司内部Linux做路由器网关的搭建进程
                                                                  作者:申博太阳城文化传媒公司 2018-01-08 19:21 100

                                                                  最近对公司收集做了一次小小的调解,启用Linux做网关替代原有的路由器,首要缘故起因有3:

                                                                  1.对及时流量的监控

                                                                  2.机能需求,发明用路由器的话假如公司内部职员开启BT等p2p软件,毗连数巨多,,路由器机能 会降落不少

                                                                  3.vpn的需求,公司内部有OA,同时打点职员要通过vpn毗连打点处事器。以是成立了pptp的vpn

                                                                  前提:网关处事器装两块网卡 eth0:外网卡 eth1:内网卡

                                                                  相干处事及软件:

                                                                  1.dhcp处事:dhcpd包,体系自带rpm

                                                                  2.流量监控器材:iptraf, 体系自带rpm

                                                                  3.vpn:pptpd包,网上下载的rpm包

                                                                  4.包转发,地点映射,防火墙法则:用iptables来实现

                                                                  dhcp设置:
                                                                  #cat /etc/dhcpd.conf
                                                                  allow booting;
                                                                  allow bootp;
                                                                  ddns-update-style interim;
                                                                  ignore client-updates;
                                                                  default-lease-time 86400;
                                                                  max-lease-time 259200;
                                                                  subnet 192.168.1.0 netmask 255.255.255.0 {
                                                                                                             option routers 192.168.1.1;
                                                                                                             option ntp-servers 192.168.1.1;
                                                                                                             option subnet-mask 255.255.255.0;
                                                                                                             option domain-name-servers 202.106.0.20,202.106.196.115;
                                                                                                             range 192.168.1.100 192.168.1.200;
                                                                                                             next-server 192.168.1.2;
                                                                                                             filename "pxelinux.0";
                                                                  }

                                                                  #cat /etc/sysconfig/dhcpd

                                                                  DHCPDARGS=eth1

                                                                  pptpd设置:
                                                                  #cat /etc/pptpd.conf | sed -e /^#/d -e /^$/d
                                                                  option /etc/ppp/options.pptpd
                                                                  logwtmp
                                                                  bcrelay eth0
                                                                  localip 172.16.0.1
                                                                  remoteip 172.16.0.134-234
                                                                  #cat /etc/ppp/options.pptpd |sed -e /^#/d -e /^$/d
                                                                  name pptpd
                                                                  refuse-pap
                                                                  refuse-chap
                                                                  refuse-mschap
                                                                  require-mschap-v2
                                                                  require-mppe-128
                                                                  ms-dns 202.106.0.20
                                                                  proxyarp
                                                                  debug
                                                                  lock
                                                                  nobsdcomp
                                                                  novj
                                                                  novjccomp
                                                                  nologfd
                                                                  # cat /etc/ppp/chap-secrets |sed -e /^#/d -e /^$/d
                                                                  wangxiaoming pptpd '159753xxx' *
                                                                  lixiaohua pptpd '123456xxx' *

                                                                  留意:这里只加了两个用户,可以自界说加载,仿佛pptpd最多支持100个用户吧。我建的时辰查日记看的,没细心研究,不外应该够了。尚有就是pptpd.conf 中的给vpn的ip最好不要和内网重叠。