论坛徽章:: 1

电梯直达

1楼 [收藏(0)] [报告]

发表于 2005-12-22 09:14 |只看该作者 |倒序浏览

其实这个在cu上也是早就有的步骤了，不过做完后总感觉少了一些什么步骤，所以我重新把步骤写了上来。

必须用到的档案
下面这个是mppe+mppc补丁
http://www.polbox.com/h/hs001/#AEN55
下面这个是内核
http://www.kernel.org/pub/linux/kernel/v2.6/
iptables补丁
http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/
iptables下载
http://www.iptables.org/news.html#2005-07-29

编译核心，因为我们是在2.6的基础上编译，所以总的来说还是比较简单的。下面我们把所档案下载到/usr/src下

#cd /usr/src
#wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.13.tar.bz2
#wget http://ftp.netfilter.org/pub/pat ... ng-20051221.tar.bz2
#wget http://www.iptables.org/projects ... ables-1.3.3.tar.bz2
#wget http://mppe-mppc.alphacron.de/linux-2.6.13-mppe-mppc-1.3.patch.gz

接着解压：

#tar xjvf linux-2.6.13.tar.bz2
# tar xjvf patch-o-matic-ng-20051221.tar.bz2
#tar xjvf iptables-1.3.3.tar.bz2

接着给内核打mppe+mppc补丁

#zcat linux-2.6.13-mppe-mppc-1.3.patch.gz | patch -p1 -d linux-2.6.13

给内核打ipp2p,time等补丁

#cd patch-o-matic-ng-20051213
#KERNEL_DIR=/usr/src/linux-2.6.13 IPTABLES_DIR=/usr/src/iptables-1.3.3 ./runme comment
#KERNEL_DIR=/usr/src/linux-2.6.13 IPTABLES_DIR=/usr/src/iptables-1.3.3 ./runme time
#KERNEL_DIR=/usr/src/linux-2.6.13 IPTABLES_DIR=/usr/src/iptables-1.3.3 ./runme ipp2p

补丁有很多，根据要的选择。其中有一个pptp_nat的补丁我在2.6.13上无论如何也打败，后来在2.6.15和2.6.11以下的内核都成功。

我们在2.6的基础上编译，所以可以省下很多麻烦，最简单的方法就是将现有的.config复制过来.

#cp /boot/config-2.6.9-22.EL /usr/src/linux-2.6.13/.config

接着make menuconfig 进入菜单，选择load alternate config file导入我们刚刚复制过来的.config文件,接着进入 Device Drivers --->Network device support ---> Microsoft PPP compression/encryption (MPPC/MPPE) 将mppc+mppe编译进模组
接着选择iptables的一些模块
进入Networking ---> 项里查找我们的模块，将它编译进模组.然后保存退出。
有时会出现这样的情况，就是在make menuconfig里找不到我们打的补丁项，不要紧，我用可以打开.config文件,可以看到如下的内容,然后我们终对我们打的补丁选择。

# IP: Netfilter Configuration
#
这里省略
CONFIG_IP_NF_PPTP=m
CONFIG_IP_NF_NAT_PPTP=m
CONFIG_IP_NF_NAT_PROTO_GRE=m
CONFIG_IP_NF_MATCH_TIME=m
CONFIG_IP_NF_MATCH_GEOIP=m
CONFIG_IP_NF_MATCH_IPP2P=m

之前应该是这样的

#CONFIG_IP_NF_PPTP is not set

样式的，我们把它改为CONFIG_IP_NF_PPTP=m

接着编译内核

#make
#make modules
#make modules_install
#make install
#reboot

如果那里出错时，你要看提示信息，比如我make出错时，你看到SCSI类的错误字眼,那么你就要用make menuconfig里找到SCSI项，将它删除。其实如果你的机器没有SCSI设备,最好是不要编译它。

接着重启动机器，用新的内核。这种方式编译的内核如果出现无法启动的情况概率几乎是0，除非你......
不过我碰到一种情况是，如果你之前装过显卡驱动的话，你用新内核无法进到X,这是很正常的，重新装一下显卡驱动即可。

重启动机器后编译iptables

#cd /usr/src/iptables-1.3.3
#export KERNEL_DIR=/usr/src/linux-2.6.13
#export IPTABLES_DIR=/usr/src/iptables-1.3.3
#make BINDIR=/sbin LIBDIR=/lib MANDIR=/usr/share/man install

至此打补丁完毕。至于安装pptp等都比较简单，我贴出我的配制文件给你们。

[root@localhost linux-2.6.13]# cat /etc/pptpd.conf
###############################################################################
# $Id: pptpd.conf,v 1.8 2004/04/28 11:36:07 quozl Exp $
#
# Sample Poptop configuration file /etc/pptpd.conf
#
# Changes are effective when pptpd is restarted.
###############################################################################

# TAG: ppp
#    Path to the pppd program, default '/usr/sbin/pppd' on Linux
#
ppp /usr/local/sbin/pppd

# TAG: option
#    Specifies the location of the PPP options file.
#    By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/options.pptpd

# TAG: debug
#    Turns on (more) debugging to syslog
#
debug

# TAG: stimeout
#    Specifies timeout (in seconds) on starting ctrl connection
#
# stimeout 10

# TAG: noipparam
#    Suppress the passing of the client's IP address to PPP, which is
#    done by default otherwise.
#
#noipparam

# TAG: logwtmp
#    Use wtmp(5) to record client connections and disconnections.
#
#logwtmp

# TAG: bcrelay <if>
#    Turns on broadcast relay to clients from interface <if>
#
#bcrelay eth1

# TAG: localip
# TAG: remoteip
#    Specifies the local and remote IP address ranges.
#
#    Any addresses work as long as the local machine takes care of the
#    routing.  But if you want to use MS-Windows networking, you should
#    use IP addresses out of the LAN address space and use the proxyarp
#    option in the pppd options file, or run bcrelay.
#
#    You can specify single IP addresses seperated by commas or you can
#    specify ranges, or both. For example:
#
#             192.168.0.234,192.168.0.245-249,192.168.0.254
#
#    IMPORTANT RESTRICTIONS:
#
#    1. No spaces are permitted between commas or within addresses.
#
#    2. If you give more IP addresses than MAX_CONNECTIONS, it will
#       start at the beginning of the list and go until it gets
#       MAX_CONNECTIONS IPs. Others will be ignored.
#
#    3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
#       you must type 234-238 if you mean this.
#
#    4. If you give a single localIP, that's ok - all local IPs will
#       be set to the given one. You MUST still give at least one remote
#       IP for each simultaneous client.
#
# (Recommended)
localip 192.168.0.1
remoteip 192.168.0.10-20
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245

[root@localhost linux-2.6.13]#

[ 本帖最后由枫影谁用了于 2005-12-22 09:20 编辑 ]

枫影谁用了

富足长乐

论坛徽章:: 1

2楼 [报告]

发表于 2005-12-22 09:17 |只看该作者

[root@localhost linux-2.6.13]# cat /etc/ppp/options.pptpd
name *
lock
mtu 1450
mru 1450
proxyarp
auth
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 3
lcp-echo-interval 5
deflate 0
# Handshake Auth Method
+chap
+mschap-v2
# Data Encryption Methods
mppe required,stateless
ms-dns 192.168.0.1
ms-dns 202.96.134.133
[root@localhost linux-2.6.13]#

[root@localhost linux-2.6.13]# cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client       server  secret       IP addresses
#username    pptpd password       *
#"sa1"       * "220213021"    *
#"wsy"       * "ad00min"       *
#"cjh"          * "7755126699"    *
"administrator" * "szfi5695server" *
"ryu"          * "ryu"          *
####### redhat-config-network will overwrite this part!!! (begin) ##########
"rerei@163.gd"       "ADSL"  "59683inserver"
"srerehi@163.gd"       *    "yunse2366rver"
####### redhat-config-network will overwrite this part!!! (end) ############
[root@localhost linux-2.6.13]#

iptables脚本部分在cu有很多贴了，2.6编译内核的基本步骤也就是这样。