Centos6.5 pppoe-server
[root@localhost network-scripts]# rpm -q rp-pppoe
package rp-pppoe is not installed
-----------------
[root@localhost network-scripts]# yum list |grep pppoe
rp-pppoe.x86_64 3.10-16.el6 base
-----------------
[root@localhost network-scripts]# yum install rp-pppoe -y
-----------------
[root@localhost network-scripts]# rpm -q rp-pppoe
rp-pppoe-3.10-16.el6.x86_64
-----------------设置支持ip转发
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
-----------------修改服务器配置----------------
vi /etc/ppp/pppoe-server-options
# PPP options for the PPPoE server
# LIC: GPL
#require-pap
require-chap
login
lcp-echo-interval 10
lcp-echo-failure 2
logfile /var/log/pppoe.log
ms-dns 8.8.8.8
ms-dns 114.114.114.114
--------------------添加用户名密码,修改/etc/ppp/chap-secrets文件,
chap1 * "chap1" *
chap2 * "chap2" *
chap3 * "chap3" *
chap4 * "chap4" *
chap5 * "chap5" *
chap6 * "chap6" *
chap7 * "chap7" *
chap8 * "chap8" *
chap9 * "chap9" *
chap10 * "chap10" *
chap11 * "chap11" *
chap12 * "chap12" *
chap13 * "chap13" *
chap14 * "chap14" *
chap15 * "chap15" *
chap16 * "chap16" *
chap17 * "chap17" *
chap18 * "chap18" *
chap19 * "chap19" *
chap20 * "chap20" *
chap21 * "chap21" *
chap22 * "chap22" *
chap23 * "chap23" *
chap24 * "chap24" *
chap25 * "chap25" *
chap26 * "chap26" *
chap27 * "chap27" *
chap28 * "chap28" *
chap29 * "chap29" *
chap30 * "chap30" *
--------------------给eth0接口创建虚接口eth0:2并up
ifconfig eth0:2 20.20.20.2 netmask 255.255.255.0
ifconfig eth0:2 up
--------------------给eth0接口创建虚接口eth0:2重启网络生效
cd /etc/sysconfig/network-script/
cp ifcfg-eth0 ifcfg-eth0:2
vi ifcfg-eth0:2
DEVICE=eth0:2
HWADDR=00:0C:29:AD:F8:B7
TYPE=Ethernet
UUID=d60f7bad-0f18-420a-8e19-3e361f8ffed4
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=20.20.20.1
NETMASK=255.255.255.0
service network restart
--------------------添加防火墙规则
做nat
iptables -t nat -A POSTROUTING -s 20.20.20.0/24 -j MASQUERADE (这种是针对出口是dhcp自动获取上网方式的)
iptables -t nat -A POSTROUTING -s 20.20.20.0/24 -o eth1 -j SNAT --to-source 180.168.xxx.xxx (这种是针对出口是static地址上网方式的,ip route add default via 180.168.xxx.yyy,对于使用公网ip180.168.xxx.xxx上网,会被网络侧攻击,防止ssh攻击可以这样做iptables -t filter -A INPUT -p tcp --dport 22 -d 180.168.xxx.xxx -j REJECT)
iptables -I FORWARD -d 20.20.20.0/24 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1440
service iptables save 保存防火墙规则到配置文件/etc/sysconfig/iptables
echo 1 > /proc/sys/net/ipv4/ip_forward
sysctl -w net.ipv4.ip_forward=1
--------------------如下FORWARD链中REJECT的规则,阻止了数据报文的转发,进行删除iptables -D FORWARD 1,然后service iptables save保存到配置
iptables -nvL FORWARD
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
389 23343 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
0 0 TCPMSS tcp -- * * 20.20.20.0/24 0.0.0.0/0 tcp flags:0x17/0x02 TCPMSS set 1256
--------------------启动pppoe-server
pppoe-server -I eth0:2 -L 20.20.20.1 -R 20.20.20.100-200
--------------------查看pppoe-server的进程
[root@localhost network-scripts]# ps aux |grep pppoe
root 3200 0.0 0.0 4104 300 ? S 04:04 0:00 pppoe-server -I eth0:1 -L 20.20.20.1 -R 20.20.20.100-200
root 3201 0.0 0.1 49488 1860 ? Ss 04:04 0:00 pppd pty /usr/sbin/pppoe -n -I eth0:2 -e 1:a0:9d:86:16:2c:99 -S '' file /etc/ppp/pppoe-server-options 20.20.20.1:20.20.20.100 nodetach noaccomp nobsdcomp nodeflate nopcomp novj novjccomp default-asyncmap
nobody 3204 0.0 0.0 6184 708 ? S 04:04 0:00 /usr/sbin/pppoe -n -I eth0:2 -e 1:a0:9d:86:16:2c:99 -S
root 3215 0.0 0.1 49488 1848 ? Ss 04:04 0:00 pppd pty /usr/sbin/pppoe -n -I eth0:2 -e 2:a0:9d:86:fc:89:13 -S '' file /etc/ppp/pppoe-server-options 20.20.20.1:20.20.20.101 nodetach noaccomp nobsdcomp nodeflate nopcomp novj novjccomp default-asyncmap
nobody 3216 0.0 0.0 6184 704 ? S 04:04 0:00 /usr/sbin/pppoe -n -I eth0:2 -e 2:a0:9d:86:fc:89:13 -S
root 3229 0.0 0.1 49488 1848 ? Ss 04:06 0:00 pppd pty /usr/sbin/pppoe -n -I eth0:2 -e 3:a0:9d:86:fc:89:73 -S '' file /etc/ppp/pppoe-server-options 20.20.20.1:20.20.20.102 nodetach noaccomp nobsdcomp nodeflate nopcomp novj novjccomp default-asyncmap
nobody 3230 0.0 0.0 6184 708 ? S 04:06 0:00 /usr/sbin/pppoe -n -I eth0:2 -e 3:a0:9d:86:fc:89:73 -S
root 3240 0.0 0.0 103248 872 pts/0 S+ 04:06 0:00 grep pppoe
[root@localhost network-scripts]# service pppoe-server status
pppoe-server (pid 1573) 正在运行...
[root@localhost network-scripts]#
--------------------设置开机启动
添加如下命令到脚本/etc/rc.d/rc.local中
pppoe-server -I eth0:2 -L 20.20.20.1 -R 20.20.20.100-200
ip route add default via 180.168.xxx.yyy
/usr/local/bin/python3 /home/eth.py &
cat /dev/null > /var/log/pppoe.log 清空log
-------------------------------------
对于虚拟机的虚接口桥接到真实主机的无线网卡时,常出现虚接口消失的情况,可以使用python写个检测程序eth.py
#!/usr/local/bin/python3
import os,re,time
while True:
val = os.popen("ifconfig").read()
if ["eth1:1"] == re.findall(r"eth1:1",val):
print("eth1:1 is exist")
time.sleep(3)
else:
os.popen('ifconfig eth1:1 40.10.10.1 netmask 255.255.255.0')
time.sleep(3)
os.popen('ifconfig eth1:1 up')
time.sleep(3)
print("eth1:1 has been created")
if ["eth1:3"] == re.findall(r"eth1:3",val):
print("eth1:3 is exist")
time.sleep(3)
else:
os.popen('ifconfig eth1:3 100.100.100.1 netmask 255.255.255.0')
time.sleep(3)
os.popen('ifconfig eth1:3 up')
time.sleep(3)
print("eth1:3 has been created")
print("eth1:1 and eth1:3 are all up")
在Centos 7上面将pppoe-server 启动放在/etc/rc.d/rc.local中,遇到一个问题看如下log:cat /var/log/messages|grep pppoe|tail -3
问题:Centos给文件设置了777权限仍不能访问(有时候,不仅仅是把错误log放到百度中就会有答案,需要思考自己的问题怎样正确的表达,你回很快得到答案^_^)
Aug 30 12:49:02 localhost pppoe-server[33906]: Session 32 created for client 80:54:6a:57:07:aa (20.20.20.131) on ens33.300 using Service-Name ''
Aug 30 12:49:02 localhost pppd[33906]: Can't open log file /var/log/pppoe.log: Permission denied
Aug 30 12:49:02 localhost pppoe-server[7569]: Session 32 closed for client 80:54:6a:57:07:aa (20.20.20.131) on ens33.300
Aug 30 12:49:02 localhost pppoe-server[7569]: Sent PADT
网上的如下解决方法,能解决上面的问题
开启了SELinux导致
1.查看SELinux状态:
/usr/sbin/sestatus -v ##如果SELinux status参数为enabled即为开启状态
SELinux status: enabled
##也可以用这个命令检查getenforce
2.关闭SELinux:
a.临时关闭(不用重启机器):
setenforce 0 ##设置SELinux 成为permissive模式
b.临时开启(不用重启机器):
setenforce 1 ##设置SELinux 成为enforcing模式
c.修改配置文件需要重启机器:
修改/etc/selinux/config 文件
将SELINUX=enforcing改为SELINUX=disabled
重启机器即可
