SOLARIS+ADSL+QDNS+IPFILTER

weixin_38059644 2004-06-04 03:43:02


SOLARIS+ADSL+QDNS+IPFIL

本人声明如需转载请保留如下信息:

作者:  LLZQQ
MAIL: LLZQQ@126.COM
FROM: WWW.CHINAUNIX.NET

1.1确定系统上安装了下列包:

# pkginfo -l | grep ppp

SUNWpppd        -        Solaris PPP Device Drivers
SUNWpppdr        -        Solaris PPP configuration files
SUNWpppdt        -        Solaris PPP Tunneling
SUNWpppdu        -        Solaris PPP daemon and utilities
SUNWpppdx        -        Solaris PPP 64-bit (ONLY needed for SPARC)

1.2建立拨号配置文件:

# vi /etc/ppp/pppoe.if
rtls0
# touch /reconfigure
# sync
# reboot
# ls /dev | grep ppp
sppp
sppptun
# grep ppp /etc/name_to_major
sppp 146
sppptun 147
# vi /etc/ppp/peers/adsl

============== /etc/ppp/peers/adsl ================
sppptun
plugin pppoe.so
connect "/usr/lib/inet/pppoec rtls0"
persist
user "sjz681a0156@adsl2"
noauth
noipdefault
noccp
novj
noaccomp
nopcomp
defaultroute
============== /etc/ppp/peers/adsl ================

# mv /etc/ppp/options.tmpl /etc/ppp/options
# mv /etc/ppp/options.ttya.tmpl /etc/ppp/options.ttya

1.3设置拨号USERNAME和PASSWORD:

# vi /etc/ppp/pap-secrets
sjz681a0156@adsl2          *           123456        //注意他们之间不是空格而是[TAB]
# vi /etc/ppp/chap-secrets
sjz681a0156@adsl2          *           123456        //注意他们之间不是空格而是[TAB]

# chmod 600 /etc/ppp/pap-secrets
# chmod 600 /etc/ppp/chap-secrets

1.4确定网卡与ADSL-MODEM之间能够通信:

# /usr/lib/inet/pppoec -i rtls0
0:e0:fc:4:63:12  Svc:"" Uniq:00000001 Name:"sjz603-8850"

1.5建立拨号连接:

# /usr/bin/pppd call adsl
# ifconfig -a

lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4>; mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
elxl0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4>; mtu 1500 index 2
        inet 192.168.0.1 netmask ffffff00 broadcast 192.168.0.255
        ether 60:0:de:a1:3:4
rtls0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4>; mtu 1500 index 3
        inet 192.168.1.2 netmask ffffff00 broadcast 192.168.1.255
        ether 0:e0:4c:ee:8f:35
sppp0: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4>; mtu 1492 index 6
        inet 218.11.23.138 -->; 61.182.243.1 netmask ffffff00
        ether 0:0:0:0:0:0

1.6建立开机自动启动脚本:

# vi /etc/init.d/ppplink

=========================/etc/init.d/ppplink==========================
#!/sbin/sh
#
# This script compliments the Sun script /etc/init.d/pppd
# It goes the rest of the way and brings the link up.
# Written by Phil Dibowitz.
#
# This script is provided AS-IS. No warantee of ANY kind implied
# or stated. Use at your own risk.
#

case "$1" in
'start')
if [ ! -x /usr/bin/pppd -o ! -c /dev/sppp ] ; then
# User probably just received the warning
# From Sun's pppd script, don't bother them more
exit 1
fi
if [ -s /usr/sbin/sppptun -a -f /etc/ppp/pppoe.if ] ; then
# If same conditions are satisfied
# Bring up the link
/usr/bin/pppd call adsl
fi
;;  

'stop')
echo "Taking down PPP link..."
/usr/bin/pkill -x pppd
echo "done"
;;

*)
echo "Usage: $0 { start | stop }"
exit 1
;;

esac
exit 0
=========================/etc/init.d/ppplink==========================

# chmod 744 /etc/init.d/ppplink
# chown root:sys /etc/init.d/ppplink
# ln /etc/init.d/ppplink /etc/rc2.d/S48ppplink

2.1安装设置QDNS:

# wget http://www.3322.org/dyndnspage/ez-ipupdate-3.0.10-solaris-x86.tgz
# gzip -d ez-ipupdate-3.0.10-solaris-x86.tgz
# tar vxf ez-ipupdate-3.0.10-solaris-x86.tar
# cd ez-ipupdate-3.0.10-solaris-x86
# mv ez-ipupdate /usr/local/bin
# chmod 700 /usr/local/bin/ez-ipupdate
# chown root:sys /usr/local/bin/ez-ipupdate

2.2建立QDNS的开机启动脚本:

# vi /etc/rc3.d/S98ipupdate
================================= S98ipupdate================================
#!/sbin/sh
#
# Copyright (c) 2001 by llzqq in home, Inc
# All rights reserved.
#
#ident  "@(#)ip-update  1.1     04/05/02 SMI"

case "$1" in
start)
    [ -f /usr/local/bin/ez-ipupdate ] || exit 0

    /usr/local/bin/ez-ipupdate -i sppp0 -h nero.3322.org -S qdns -u llzqq:yourpasswd
        ;;
esac
exit 0
================================= S98ipupdate================================

3.1安装防火墙IP-FIL:

# wget http://archive.cert.uni-stuttgart.de/ip-filter/ip-fil3.4.33pre2.tar.gz
# gzip -d ip-fil3.4.33pre2.tar.gz
# tar vxf ip-fil3.4.33pre2.tar
# cd ip_fil3.4.33pre2
# /usr/ccs/bin/make solaris
# cd SunOS5
# /usr/ccs/bin/make package
# cd i386-5.9
# pkgadd -d ipf.pkg
# cp ipf.pkg /export/backup/ipf.pkg

3.2建立防火墙规则:

# vi /etc/opt/ipf/ipf.conf
=================================ipf.conf==============================
#
# +-----------+   +------------------------------+   +------------------+
# | ADSL-Modem|---| sppp0 rtls0  NAT+IPF   elxl0 |---| Internal Network |
# +-----------+   +------------------------------+   +------------------+
#
# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Interface: all
# Block all incoming and outgoing packets unless they're allowed later.
# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
block in log all
block out log all

# Possibly dangerous: packets with ip-options, short and fragmented packets
#block in log body quick from any to any with ipopts
#block in log body quick proto tcp from any to any with short
#block in log body quick all with frag

# Loopback traffic is allowed
pass out quick on lo0
pass in quick on lo0

# Local network traffic is allowed
pass out quick on elxl0
pass in quick on elxl0
pass out quick on rtls0
pass in quick on rtls0

# The pass rules to enable Services
pass in on sppp0 proto icmp from any to any icmp-type echo
pass in on sppp0 proto tcp from any to any port = 20 flags S keep state
pass in on sppp0 proto tcp from any to any port = 21 flags S keep state
pass in on sppp0 proto tcp from any to any port = 22 flags S keep state
pass in on sppp0 proto tcp from any to any port = 25 flags S keep state
pass in on sppp0 proto tcp from any to any port = 80 flags S keep state
pass in on sppp0 proto tcp from any to any port = 110 flags S keep state
pass in on sppp0 proto tcp from any to any port = 443 flags S keep state
pass in on sppp0 proto tcp from any to any port 55000 >;< 56000 flags S keep state

# Block faked or unlikely "local" addresses
block in log body quick on sppp0 from 192.168.0.0/16 to any
block in log body quick on sppp0 from 172.16.0.0/12 to any
block in log body quick on sppp0 from 10.0.0.0/8 to any
block in log body quick on sppp0 from 127.0.0.0/8 to any
block in log body quick on sppp0 from 169.254.0.0/16 to any
block in log body quick on sppp0 from 224.0.0.0/3 to any

# Blocking of outgoing faked or unlikely "internal" addresses
block out log body all
block out log body quick on sppp0 from any to 192.168.0.0/16
block out log body quick on sppp0 from any to 172.16.0.0/12
block out log body quick on sppp0 from any to 10.0.0.0/8
block out log body quick on sppp0 from any to 127.0.0.0/8
block out log body quick on sppp0 from any to 0.0.0.0/8
block out log body quick on sppp0 from any to 169.254.0.0/16
block out log body quick on sppp0 from any to 192.0.2.0/24
block out log body quick on sppp0 from any to 204.152.64.0/23
block out log body quick on sppp0 from any to 224.0.0.0/3

# The general pass rules.
pass out quick on sppp0 proto tcp from any to any keep state
pass out quick on sppp0 proto udp from any to any keep state
pass out quick on sppp0 proto icmp from any to any keep state

pass out quick on any proto tcp from any to any keep state
pass out quick on any proto udp from any to any keep state
pass out quick on any proto icmp from any to any keep state
================================ipf.conf===============================

3.3建立NAT规则:

# vi /etc/opt/ipf/ipnat.conf
================================ipnat.conf=============================
map sppp0 192.168.0.0/24 ->; 0/32 proxy port ftp ftp/tcp mssclamp 1452
map sppp0 192.168.0.0/24 ->; 0/32 portmap tcp/udp auto mssclamp 1452
map sppp0 192.168.0.0/24 ->; 0/32 mssclamp 1452
================================ipnat.conf=============================

3.4如果服务器不在本地可以重定向到目标服务器:

================================ipnat.conf=============================
rdr sppp0 0.0.0.0/0 port 20 ->; 192.168.0.10 port 20
rdr sppp0 0.0.0.0/0 port 21 ->; 192.168.0.10 port 21
rdr sppp0 0.0.0.0/0 port 22 ->; 192.168.0.10 port 22
rdr sppp0 0.0.0.0/0 port 80 ->; 192.168.0.10 port 80
rdr sppp0 0.0.0.0/0 port 443 ->; 192.168.0.10 port 443
================================ipnat.conf=============================

3.5利用IPF实现负载均衡:

rdr sppp0 0.0.0.0/0 port 80 ->; 192.168.1.1,192.168.1.2 port 80 tcp round-robin
rdr sppp0 0.0.0.0/0 port 80 ->; 192.168.1.3,192.168.1.4 port 80 tcp round-robin
rdr sppp0 0.0.0.0/0 port 80 ->; 192.168.1.5,192.168.1.6 port 80 tcp round-robin

3.6设置IP转发

# touch /etc/gateways

3.7重启动系统:

# sync
# reboot

3.8非常注意:

一定要REBOOT系统,以便让系统自动把IP-FIL加载到内核。如果不REBOOT系统而手动运行IP-FIL的启动脚本(/etc/rc2.d/S65ipfboot),很可能导致系统崩溃。
复制代码
...全文
25 6 打赏 收藏 转发到动态 举报
写回复
用AI写文章
6 条回复
切换为时间正序
请发表友善的回复…
发表回复
cn99qdns cn99qdns
【标题】:“cn99qdns cn99qdns” 【描述】:“cn99qdns cn99qdns cn99qdns cn99qdnscn99qdns” 从提供的信息来看,标题和描述似乎重复了一个关键词“cn99qdns”,这可能是指一个特定的软件、服务或程序,但没有...
Cn99Qdns.exe
Cn99Qdns.exe
Cn99QDNS FTP动态域名客户端
《Cn99QDNS FTP动态域名客户端:解析与应用》 Cn99QDNS FTP动态域名客户端是一款专门设计用于解决动态IP地址问题的工具,尤其针对那些使用希网动态域名服务系统的用户。在互联网环境中,许多家庭或小型企业用户的...
Easy DNS Lookup and Reverse Name lookup using qdns.dll (dll
Easy DNS Lookup and Reverse Name lookup using qdns.dll (dll vb source is included in zip). For use see included sample ASP page.
qdns:一个用于 Python 的线程化 DNS 解析器
**QDNS:Python 的线程化 DNS 解析库** QDNS 是一个专为 Python 设计的高效、线程化的 DNS(Domain Name System)解析库。它允许开发者在 Python 应用程序中快速、并发地执行 DNS 查询,提高了解析速度和整体应用...
其他技术讨论专区

476

社区成员

790,963

社区内容

发帖
与我相关
我的任务
社区描述
其他技术讨论专区
其他 技术论坛(原bbs)
社区管理员
  • 其他技术讨论专区社区
加入社区
  • 近7日
  • 近30日
  • 至今

加载中

查看更多榜单
社区公告
暂无公告

试试用AI创作助手写篇文章吧

+ 用AI写文章