kernel: gentoo-sources-3.10.7
eth0: LAN側のNIC
eth1: WAN側のNIC
# emerge rp-pppoe
# cd /usr/src/linux
# make menuconfig
Networking support --->
Device Drivers
[*] Network device support
<*> PPP (point-to-point protocol) support
<*> PPP over Ethernet
<*> PPP support for async serial ports
Networking options --->
[*] IP: advanced router
[*] Network packet filtering framework (Netfilter) --->
Core Netfilter Configuration --->
{*} Netfilter Xtables support (required for ip_tables)
<M> "TCPMSS" target support
IP: Netfilter Configuration --->
<M> IPv4 connection tracking support (required for NAT)
<M> IP tables support (required for filtering/masq/NAT)
<M> Packet filtering
<M> REJECT target support
<M> Full NAT
<M> MASQUERADE target support
<M> REDIRECT target support
# emacs /etc/conf.d/net
config_ppp0="ppp"
link_ppp0="eth1"
plugins_ppp0="pppoe"
pppd_ppp0="
defaultroute
usepeerdns"
username_ppp0="user@example.com"
password_ppp0="pass"
# chmod 600 /etc/conf.d/net
# cd /etc/init.d
# ln -s net.lo net.ppp0
# rc-update add net.ppp0 default
# /etc/init.d/net.ppp0 start
# iptables -P INPUT ACCEPT
# iptables -P OUTPUT ACCEPT
# iptables -P FORWARD ACCEPT
# iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
# iptables -t nat -A POSTROUTING -j MASQUERADE
# /etc/init.d/iptables save
# /etc/init.d/iptables start
# rc-update add iptables default
# echo 1 > /proc/sys/net/ipv4/ip_forward
# for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done
# emacs /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_dynaddr = 1
多分これで動いた
特にiptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
を設定しないとWebサイトによっては接続ができなくなる
参考
Linuxルーター構築(rp-pppoe+iptables) http://centossrv.com/linux-router.shtml
Home Router Guide http://www.gentoo.org/doc/en/home-router-howto.xml
0 件のコメント:
コメントを投稿