- 论坛徽章:
- 1
|
其实这个在cu上也是早就有的步骤了,不过做完后总感觉少了一些什么步骤,所以我重新把步骤写了上来。
必须用到的档案
下面这个是mppe+mppc补丁
http://www.polbox.com/h/hs001/#AEN55
下面这个是内核
http://www.kernel.org/pub/linux/kernel/v2.6/
iptables补丁
http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/
iptables下载
http://www.iptables.org/news.html#2005-07-29
编译核心,因为我们是在2.6的基础上编译,所以总的来说还是比较简单的。下面我们把所档案下载到/usr/src下
接着解压:
#tar xjvf linux-2.6.13.tar.bz2
# tar xjvf patch-o-matic-ng-20051221.tar.bz2
#tar xjvf iptables-1.3.3.tar.bz2
接着给内核打mppe+mppc补丁
#zcat linux-2.6.13-mppe-mppc-1.3.patch.gz | patch -p1 -d linux-2.6.13
给内核打ipp2p,time等补丁
#cd patch-o-matic-ng-20051213
#KERNEL_DIR=/usr/src/linux-2.6.13 IPTABLES_DIR=/usr/src/iptables-1.3.3 ./runme comment
#KERNEL_DIR=/usr/src/linux-2.6.13 IPTABLES_DIR=/usr/src/iptables-1.3.3 ./runme time
#KERNEL_DIR=/usr/src/linux-2.6.13 IPTABLES_DIR=/usr/src/iptables-1.3.3 ./runme ipp2p
补丁有很多,根据要的选择。其中有一个pptp_nat的补丁我在2.6.13上无论如何也打败,后来在2.6.15和2.6.11以下的内核都 成功。
我们在2.6的基础上编译,所以可以省下很多麻烦,最简单的方法就是将现有的.config复制过来.
#cp /boot/config-2.6.9-22.EL /usr/src/linux-2.6.13/.config
接着make menuconfig 进入 菜单 ,选择load alternate config file导入我们刚刚复制 过来的.config文件,接着进入 Device Drivers --->Network device support ---> Microsoft PPP compression/encryption (MPPC/MPPE) 将mppc+mppe编译进模组
接着选择iptables的一些模块
进入Networking ---> 项里查找我们的模块,将它编译进模组.然后保存退出。
有时会出现这样的情况,就是在make menuconfig里找不到我们打的补丁项,不要紧,我用可以打开.config文件,可以看到如下的内容,然后我们终对我们打的补丁选择。
# IP: Netfilter Configuration
#
这里省略
CONFIG_IP_NF_PPTP=m
CONFIG_IP_NF_NAT_PPTP=m
CONFIG_IP_NF_NAT_PROTO_GRE=m
CONFIG_IP_NF_MATCH_TIME=m
CONFIG_IP_NF_MATCH_GEOIP=m
CONFIG_IP_NF_MATCH_IPP2P=m
之前应该是这样的
#CONFIG_IP_NF_PPTP is not set
样式的,我们把它改为CONFIG_IP_NF_PPTP=m
接着编译内核
#make
#make modules
#make modules_install
#make install
#reboot
如果那里出错时,你要看提示信息,比如我make出错时,你看到SCSI类的错误字眼,那么你就要用make menuconfig里找到SCSI项,将它删除。其实如果你的机器没有SCSI设备,最好是不要编译它。
接着重启动机器,用新的内核。这种方式编译的内核如果出现无法启动的情况概率几乎是0,除非你......
不过我碰到一种情况是,如果你之前装过显卡驱动的话,你用新内核无法进到X,这是很正常的,重新装一下显卡驱动即可。
重启动机器后编译iptables
#cd /usr/src/iptables-1.3.3
#export KERNEL_DIR=/usr/src/linux-2.6.13
#export IPTABLES_DIR=/usr/src/iptables-1.3.3
#make BINDIR=/sbin LIBDIR=/lib MANDIR=/usr/share/man install
至此打补丁完毕。至于安装pptp等都比较简单,我贴出我的配制文件给你们。
[root@localhost linux-2.6.13]# cat /etc/pptpd.conf
###############################################################################
# $Id: pptpd.conf,v 1.8 2004/04/28 11:36:07 quozl Exp $
#
# Sample Poptop configuration file /etc/pptpd.conf
#
# Changes are effective when pptpd is restarted.
###############################################################################
# TAG: ppp
# Path to the pppd program, default '/usr/sbin/pppd' on Linux
#
ppp /usr/local/sbin/pppd
# TAG: option
# Specifies the location of the PPP options file.
# By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/options.pptpd
# TAG: debug
# Turns on (more) debugging to syslog
#
debug
# TAG: stimeout
# Specifies timeout (in seconds) on starting ctrl connection
#
# stimeout 10
# TAG: noipparam
# Suppress the passing of the client's IP address to PPP, which is
# done by default otherwise.
#
#noipparam
# TAG: logwtmp
# Use wtmp(5) to record client connections and disconnections.
#
#logwtmp
# TAG: bcrelay <if>
# Turns on broadcast relay to clients from interface <if>
#
#bcrelay eth1
# TAG: localip
# TAG: remoteip
# Specifies the local and remote IP address ranges.
#
# Any addresses work as long as the local machine takes care of the
# routing. But if you want to use MS-Windows networking, you should
# use IP addresses out of the LAN address space and use the proxyarp
# option in the pppd options file, or run bcrelay.
#
# You can specify single IP addresses seperated by commas or you can
# specify ranges, or both. For example:
#
# 192.168.0.234,192.168.0.245-249,192.168.0.254
#
# IMPORTANT RESTRICTIONS:
#
# 1. No spaces are permitted between commas or within addresses.
#
# 2. If you give more IP addresses than MAX_CONNECTIONS, it will
# start at the beginning of the list and go until it gets
# MAX_CONNECTIONS IPs. Others will be ignored.
#
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238 if you mean this.
#
# 4. If you give a single localIP, that's ok - all local IPs will
# be set to the given one. You MUST still give at least one remote
# IP for each simultaneous client.
#
# (Recommended)
localip 192.168.0.1
remoteip 192.168.0.10-20
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
[root@localhost linux-2.6.13]#
[ 本帖最后由 枫影谁用了 于 2005-12-22 09:20 编辑 ] |
|