Linux下NAT和MAC绑定的安装
时间:2007-04-09 来源:win2lin
安装环境:HP NetServer E60,服务器自带网卡为eht0,另加网卡8139为eth1。 Linux发行版本:考虑到功能单一,使用了Mandrake 9.2。
配置目的:单位里面上外网都经过这台NAT,并且没有经过MAC登记的电脑不能上网。
安装过程中碰到的问题:
1、第一个问题真是郁闷,这台服务器原来重装过的,可是这次却怎么也无法从光驱启动。弄了半天,才发现是光驱跳线为从盘,两个IDE口都反复插过,都无法从光驱启动。反映的现象是:在检测信息中没有CD-ROM。把光驱跳线改为主盘,解决问题。
2、安装都很简单,可是在重启network时,有时会失败,经指点,网卡要跳线到交换机上去。以后不要犯这个错误了,调试时候。老实搭好环境。
3、iptables这个文件编辑时候特别小心。同样几个文件,其它文件可以在win下编辑传上去就可以用。这个文件就怎么看是正确的语句,启动就会出错。记住这个文件小心不要在win下打开,而且最好脚本一句句调试,老老实实写,少复制。
4、一切都调试好了,放到机房里面去,发现怎么没效果。ping也ping不通。没办法接上显示器,发现居然因为找不到键盘鼠标,机器停在那里了。我晕。在CMOS里面也找不到什么设置,可以不接键鼠,没办法,接上吧。
主要配置过程:
1、eth0接外网,eth1接内网。
2、eth0配置文件 /etc/sysconfig/netowrk-scripts/ifcfg-eth0
DEVICE=eth0
GATEWAY=10.50.143.65
BOOTPROTO=static
IPADDR=10.50.143.124
NETMASK=255.255.255.0
ONBOOT=yes 3、eth1配置文件 /etc/sysconfig/netowrk-scripts/ifcfg-eth1 DEVICE=eth1
BOOTPROTO=static
IPADDR=192.168.0.1
NETMASK=255.255.255.0
ONBOOT=yes 3、network配置文件 /etc/sysconfig/network HOSTNAME=mygate.myunit.com
FORWARD_IPV4="yes"
NETWORKING=yes 4、resolv.conf文件 /etc/resolv.conf search myunit.com local
nameserver 127.0.0.1
nameserver 202.96.113.34 #你自己的DNS
nameserver 202.96.113.35 #你自己的DNS
nameserver 202.101.172.46 #你自己的DNS
# ppp temp entry 5、sysctl.conf文件 /etc/sysctl.conf # Kernel sysctl configuration file for Mandrake Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details. # Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Disables IP dynaddr
net.ipv4.ip_dynaddr = 0
# Disable ECN
net.ipv4.tcp_ecn = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1 # Controls the System Request debugging functionality of the kernel
#kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
net.ipv4.icmp_ignore_bogus_error_responses=0
net.ipv4.conf.all.rp_filter=0
net.ipv4.icmp_echo_ignore_broadcasts=0
net.ipv4.icmp_echo_ignore_all=0
net.ipv4.conf.all.log_martians=0
kernel.sysrq=1
上面一般只要检查 net.ipv4.ip_forward = 1 这一句就可以。否则NAT不起作用。 6、iptables 文件 /etc/sysconfig/iptables *nat
##################################
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
##################################
-F
-Z
-X
-A POSTROUTING -s 192.168.0.0/24 -j SNAT --to 10.50.143.124
-L -v
COMMIT
#############################################################
*filter
##################################
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
##################################
-F
-Z
-X
-L -v
COMMIT
##############################################################
7、安装DHCP并配置dhcpd.conf文件 要安装三个RPM包。 dhcp-common-3.0-1.rc12.2mdk.i586.rpm 和 dhcp-client-3.0-1.rc12.2mdk.i586.rpm 在第一张光盘上,dhcp-server-3.0-1.rc12.2mdk.i586.rpm在第二张光盘上。 按顺序用 rpm -ivh 来安装即可。 然后配置 /etc/dhcpd.conf文件。 ddns-update-style interim;
ignore client-updates; subnet 192.168.0.0 netmask 255.255.255.0 { # --- default gateway
option routers 192.168.0.1;
option subnet-mask 255.255.255.0; option nis-domain "domain.org";
option domain-name "domain.org";
option domain-name-servers 202.96.113.34,202.96.113.35,202.101.172.46; option time-offset -18000; # Eastern Standard Time
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2; range dynamic-bootp 192.168.0.2 192.168.0.31;
default-lease-time 21600;
max-lease-time 43200; # we want the nameserver to appear at a fixed address
#################### Yuan Ling Dao #############################
host MyComputer {
hardware ethernet 00:13:D4:38:B3:53;
fixed-address 192.168.0.2;
} 按自己要求修改并增加客户机,MAC和IP对应。 8、配置 ethers文件 /etc/ethers 00:13:D4:38:B3:53 192.168.0.2 9、在/etc/rc.d/rc.local文件末尾增加 arp -f 语句以自动执行。 检查调整,重启即可。
GATEWAY=10.50.143.65
BOOTPROTO=static
IPADDR=10.50.143.124
NETMASK=255.255.255.0
ONBOOT=yes 3、eth1配置文件 /etc/sysconfig/netowrk-scripts/ifcfg-eth1 DEVICE=eth1
BOOTPROTO=static
IPADDR=192.168.0.1
NETMASK=255.255.255.0
ONBOOT=yes 3、network配置文件 /etc/sysconfig/network HOSTNAME=mygate.myunit.com
FORWARD_IPV4="yes"
NETWORKING=yes 4、resolv.conf文件 /etc/resolv.conf search myunit.com local
nameserver 127.0.0.1
nameserver 202.96.113.34 #你自己的DNS
nameserver 202.96.113.35 #你自己的DNS
nameserver 202.101.172.46 #你自己的DNS
# ppp temp entry 5、sysctl.conf文件 /etc/sysctl.conf # Kernel sysctl configuration file for Mandrake Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details. # Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Disables IP dynaddr
net.ipv4.ip_dynaddr = 0
# Disable ECN
net.ipv4.tcp_ecn = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1 # Controls the System Request debugging functionality of the kernel
#kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
net.ipv4.icmp_ignore_bogus_error_responses=0
net.ipv4.conf.all.rp_filter=0
net.ipv4.icmp_echo_ignore_broadcasts=0
net.ipv4.icmp_echo_ignore_all=0
net.ipv4.conf.all.log_martians=0
kernel.sysrq=1
上面一般只要检查 net.ipv4.ip_forward = 1 这一句就可以。否则NAT不起作用。 6、iptables 文件 /etc/sysconfig/iptables *nat
##################################
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
##################################
-F
-Z
-X
-A POSTROUTING -s 192.168.0.0/24 -j SNAT --to 10.50.143.124
-L -v
COMMIT
#############################################################
*filter
##################################
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
##################################
-F
-Z
-X
-L -v
COMMIT
##############################################################
7、安装DHCP并配置dhcpd.conf文件 要安装三个RPM包。 dhcp-common-3.0-1.rc12.2mdk.i586.rpm 和 dhcp-client-3.0-1.rc12.2mdk.i586.rpm 在第一张光盘上,dhcp-server-3.0-1.rc12.2mdk.i586.rpm在第二张光盘上。 按顺序用 rpm -ivh 来安装即可。 然后配置 /etc/dhcpd.conf文件。 ddns-update-style interim;
ignore client-updates; subnet 192.168.0.0 netmask 255.255.255.0 { # --- default gateway
option routers 192.168.0.1;
option subnet-mask 255.255.255.0; option nis-domain "domain.org";
option domain-name "domain.org";
option domain-name-servers 202.96.113.34,202.96.113.35,202.101.172.46; option time-offset -18000; # Eastern Standard Time
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2; range dynamic-bootp 192.168.0.2 192.168.0.31;
default-lease-time 21600;
max-lease-time 43200; # we want the nameserver to appear at a fixed address
#################### Yuan Ling Dao #############################
host MyComputer {
hardware ethernet 00:13:D4:38:B3:53;
fixed-address 192.168.0.2;
} 按自己要求修改并增加客户机,MAC和IP对应。 8、配置 ethers文件 /etc/ethers 00:13:D4:38:B3:53 192.168.0.2 9、在/etc/rc.d/rc.local文件末尾增加 arp -f 语句以自动执行。 检查调整,重启即可。
相关阅读 更多 +
