3、网络接口,注:auto dsl-provider开始的内容是pppoeconf向导添加的:
$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto eth1
iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
# gateway 192.168.1.254
dns-nameservers 8.8.8.8
dnd-search domain.com
auto dsl-provider
iface dsl-provider inet ppp
pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf
provider dsl-provider
auto eth0
iface eth0 inet manual
4、ADSL断线自动重拨,找到/etc/ppp/options 文件里如下几行
# Do not exit after a connection is terminated; instead try to reopen
# the connection.
# persist
去掉 # persist 之前的"# ",试试断开ADSL、重启网络、拔掉ADSL网线片刻再插上等操作,ADSL会在不久之后重新连接,这个时间么,,,有点儿长。
四、Iptables
Ubuntu安装了 iptables,但默认没有启动iptables,也不像 RHEL/CentOS 那样把iptables设置为服务。从Centos里复制出来一份 iptables 配置文件,按照自己的需要修改成如下内容:
# Copied from Centos6
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state -s 192.168.1.0/24 --state NEW -m tcp -p tcp --dport 22 -j ACCEPT #仅允许内网连接ssh
-A INPUT -m state -s 192.168.1.0/24 --state NEW -m tcp -p tcp --dport 3128 -j ACCEPT #仅允许内网连接代理服务
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
编辑网络配置文件, 在相应网卡的配置文件里增加一句
pre-up iptables-restore /etc/iptables
我的配置如下:
$ sudo vi /etc/network/interfaces
auto dsl-provider
iface dsl-provider inet ppp
pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf
pre-up iptables-restore /etc/iptables
provider dsl-provider
重启网络
$ sudo /etc/init.d/networking restart
用nmap测试:
配置iptables之前
Nmap scan report for 113.227.36.81
Host is up (0.25s latency).
Not shown: 992 closed ports
PORT STATE SERVICE
22/tcp open ssh
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1025/tcp filtered NFS-or-IIS
1434/tcp filtered ms-sql-m
4444/tcp filtered krb524
之后
Nmap scan report for 113.227.56.137
Host is up (0.48s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
113/tcp closed auth
Nmap scan report for 192.168.1.1
Host is up (0.00022s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
3128/tcp open squid-http
内网Firefox设置代理 192.168.1.1:3128 上网正常!
下一步要试试透明代理~~~~~