标签:26 PPPOE etc web01 pppoe root Oct
PPPoE
服务端m01:
为了确保密码不被嗅探,PPPoE 服务器将使用 CHAP 作为认证协议。
eth0连互联网,eth1连内部网络
网关侧 PPPoE 接口使用的 IP 地址固定为 172.16.1.61;
用户侧 PPPoE 接口将被随机分配一个 172.16.1.200-250 网段中未被使用的地址。
PPPoE 服务器搭建完成后,选择内网中的一台主机使用以下认证信息来测试连接:
| 用户名 | 密码 |
|---|---|
| pppoe | 123456 |
服务端配置
(1) 安装
[root@m01 ~]# yum -y install rp-pppoe
(2) 修改pppoe配置文件
[root@m01 ~]# cat > /etc/ppp/pppoe-server-options << EOF
# PPP options for the PPPoE server
# LIC: GPL
require-chap
auth
logfile /var/log/ppp/pppoe-server.log
ms-dns 223.5.5.5
ms-dns 8.8.8.8
EOF
(3) 添加 PPPoE 用户
[root@m01 ~]# cat > /etc/ppp/chap-secrets << EOF
# Secrets for authentication using CHAP
# client server secret IP addresses
"pppoe" * "123456" *
EOF
(4) 创建服务配置文件
[root@m01 ~]# cat > /etc/ppp/pppoe-server-env << EOF
INT=eth1
LOCAL=172.16.1.61
START=172.16.1.200-250
NUMBER=50
EOF
(5) 创建服务文件
[root@m01 ~]# vi /etc/systemd/system/pppoe-server.service
[Unit]
Description=PPPoE Server.
After=syslog.target
[Service]
Type=forking
EnvironmentFile=/etc/ppp/pppoe-server-env
ExecStart=/sbin/pppoe-server -I $INT -L $LOCAL -R $START -N $NUMBER
[Install]
WantedBy=multi-user.target
(6) 开启 NAT 功能(基于 iptables)
iptables -t nat -A POSTROUTING -s 172.16.1.0/24 -o eth0 -j MASQUERADE
(7) 开启 IPv4 地址转发功能
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && sysctl -p
(8) 开启 PPPoE 服务并加入开机自启
systemctl start pppoe-server
systemctl enable pppoe-server
客户端配置
(1) 安装
[root@web01 ~]# yum -y install rp-pppoe
(2) root用户,执行 pppoe-setup 生成配置
# 按照提示输入对应内容即可
[root@web01 ~]# pppoe-setup
Welcome to the PPPoE client setup. First, I will run some checks on
your system to make sure the PPPoE client is installed properly...
LOGIN NAME
Enter your Login Name (default root): pppoe
INTERFACE
Enter the Ethernet interface connected to the PPPoE modem
For Solaris, this is likely to be something like /dev/hme0.
For Linux, it will be ethX, where 'X' is a number.
(default eth0): eth1
Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds
after which the link should be dropped. If you want the link to
stay up permanently, enter 'no' (two letters, lower-case.)
NOTE: Demand-activated links do not interact well with dynamic IP
addresses. You may have some problems with demand-activated links.
Enter the demand value (default no):
DNS
Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide dynamic DNS addresses',
enter 'server' (all lower-case) here.
If you just press enter, I will assume you know what you are
doing and not modify your DNS setup.
Enter the DNS information here:
PASSWORD
Please enter your Password:
Please re-enter your Password:
USERCTRL
Please enter 'yes' (three letters, lower-case.) if you want to allow
normal user to start or stop DSL connection (default yes):
FIREWALLING
Please choose the firewall rules to use. Note that these rules are
very basic. You are strongly encouraged to use a more sophisticated
firewall setup; however, these will provide basic security. If you
are running any servers on your machine, you must choose 'NONE' and
set up firewalling yourself. Otherwise, the firewall rules will deny
access to all standard servers like Web, e-mail, ftp, etc. If you
are using SSH, the rules will block outgoing SSH connections which
allocate a privileged source port.
The firewall choices are:
0 - NONE: This script will not set any firewall rules. You are responsible
for ensuring the security of your machine. You are STRONGLY
recommended to use some kind of firewall rules.
1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway
for a LAN
Choose a type of firewall (0-2): 0
Start this connection at boot time
Do you want to start this connection at boot time?
Please enter no or yes (default no):yes
** Summary of what you entered **
Ethernet Interface: eth1
User name: pppoe
Activate-on-demand: No
DNS: Do not adjust
Firewalling: NONE
User Control: yes
Accept these settings and adjust configuration files (y/n)? y
Adjusting /etc/sysconfig/network-scripts/ifcfg-ppp0
Adjusting /etc/ppp/chap-secrets and /etc/ppp/pap-secrets
(But first backing it up to /etc/ppp/chap-secrets.bak)
(But first backing it up to /etc/ppp/pap-secrets.bak)
Congratulations, it should be all set up!
Type '/sbin/ifup ppp0' to bring up your xDSL link and '/sbin/ifdown ppp0'
to bring it down.
Type '/sbin/pppoe-status /etc/sysconfig/network-scripts/ifcfg-ppp0'
to see the link status.
(3) 运行
[root@web01 ~]# ifdown ppp0 // 停止
[root@web01 ~]# ifup ppp0 // 运行
[root@web01 ~]# ifconfig ppp0 # 查看网口配置
ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1492
inet 172.16.1.200 netmask 255.255.255.255 destination 172.16.1.61
ppp txqueuelen 3 (Point-to-Point Protocol)
RX packets 163 bytes 13618 (13.2 KiB)
RX errors 1 dropped 0 overruns 0 frame 0
TX packets 98 bytes 12190 (11.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
(4) 查看日志信息
[root@web01 ~]# tail -f /var/log/messages
Oct 6 17:26:51 web01 kernel: PPP generic driver version 2.4.2
Oct 6 17:26:52 web01 pppd[52196]: pppd 2.4.5 started by admin, uid 0
Oct 6 17:26:52 web01 pppoe[52197]: PPP session is 1 (0x1)
Oct 6 17:26:52 web01 pppd[52196]: Using interface ppp0
Oct 6 17:26:52 web01 pppd[52196]: Connect: ppp0 <--> /dev/pts/1
Oct 6 17:26:53 web01 pppd[52196]: CHAP authentication succeeded: Access granted
Oct 6 17:26:53 web01 pppd[52196]: CHAP authentication succeeded
Oct 6 17:26:53 web01 kernel: PPP BSD Compression module registered
Oct 6 17:26:53 web01 pppd[52196]: BSD-Compress (15) compression enabled
Oct 6 17:26:53 web01 pppd[52196]: local IP address 172.16.1.200
Oct 6 17:26:53 web01 pppd[52196]: remote IP address 172.16.1.61
标签:26,PPPOE,etc,web01,pppoe,root,Oct 来源: https://www.cnblogs.com/backups/p/pppoe.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。