- 论坛徽章:
- 0
|
回复 5# lsstarboy
我把/usr/share/examples/ppp/ppp.conf.sample复制到/etc/ppp/并改名为ppp.conf下面是其内容,实在弄不明白。用BSD才几天,我甚至不知道设置好后该如何启动网络。希望各位前辈能给个详细步骤。。
/etc/ppp/ppp.conf
#################################################################
#
# PPP Sample Configuration File
#
# Originally written by Toshiharu OHNO
#
# $FreeBSD: src/share/examples/ppp/ppp.conf.sample,v 1.36.2.1.6.1 2010/12/21 17:09:25 kensmith Exp $
#
#################################################################
# This file is separated into sections. Each section is named with
# a label starting in column 0 and followed directly by a ``:''. The
# section continues until the next label. Blank lines and characters
# after a ``#'' are ignored (a literal ``#'' must be escaped with a ``\''
# or quoted with ""). All commands inside sections that do not begin
# with ``!'' (e.g., ``!include'') *must* be indented by at least one
# space or tab or they will not be recognized!
#
# Lines beginning with "!include" will ``include'' another file. You
# may want to ``!include ~/.ppp.conf'' for backwards compatibility.
#
# Default setup. Always executed when PPP is invoked.
# This section is *not* pre-loaded by the ``load'' or ``dial'' commands.
#
# This is the best place to specify your modem device, its DTR rate,
# your dial script and any logging specification. Logging specs should
# be done first so that the results of subsequent commands are logged.
#
default:
set log Phase Chat LCP IPCP CCP tun command
set device /dev/cuad1
set speed 115200
set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT \
OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"
# Client side PPP
#
# Although the PPP protocol is a peer to peer protocol, we normally
# consider the side that initiates the connection as the client and
# the side that receives the connection as the server. Authentication
# is required by the server either using a unix-style login procedure
# or by demanding PAP or CHAP authentication from the client.
#
# An on demand example where we have dynamic IP addresses and wish to
# use a unix-style login script:
#
# If the peer assigns us an arbitrary IP (most ISPs do this) and we
# can't predict what their IP will be either, take a wild guess at
# some IPs that you can't currently route to. Ppp can change this
# when the link comes up.
#
# The /0 bit in "set ifaddr" says that we insist on 0 bits of the
# specified IP actually being correct, therefore, the other side can assign
# any IP number.
#
# The fourth arg to "set ifaddr" makes us send "0.0.0.0" as our requested
# IP number, forcing the peer to make the decision. This is necessary
# when negotiating with some (broken) ppp implementations.
#
# This entry also works with static IP numbers or when not in -auto mode.
# The ``add'' line adds a `sticky' default route that will be updated if
# and when any of the IP numbers are changed in IPCP negotiations.
# The "set ifaddr" is required in -auto mode only.
# It's better to put the ``add'' line in ppp.linkup when not in -auto mode.
#
# Finally, the ``enable dns'' line tells ppp to ask the peer for the
# nameserver addresses that should be used. This isn't always supported
# by the other side, but if it is, ppp will update /etc/resolv.conf with
# the correct nameserver values at connection time.
#
# The login script shown says that you're expecting ``ogin:''. If you
# don't receive that, send a ``\n'' and expect ``ogin:'' again. When
# it's received, send ``ppp'', expect ``word:'' then send ``ppp''.
# You *MUST* customise this login script according to your local
# requirements.
#
pmdemand:
set phone 1234567
set login "ABORT NO\\sCARRIER TIMEOUT 5 ogin:--ogin: ppp word: ppp"
set timeout 120
set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
add default HISADDR
enable dns
# If you want to use PAP or CHAP instead of using a unix-style login
# procedure, do the following. Note, the peer suggests whether we
# should send PAP or CHAP. By default, we send whatever we're asked for.
#
# You *MUST* customise ``MyName'' and ``MyKey'' below.
#
PAPorCHAPpmdemand:
set phone 1234567
set login
set authname "MyName"
set authkey "MyKey"
set timeout 120
set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
add default HISADDR
enable dns
# On demand dialup example with static IP addresses:
# Here, the local side uses 192.244.185.226 and the remote side
# uses 192.244.176.44.
#
# # ppp -auto ondemand
#
# With static IP numbers, our setup is similar to dynamic:
# Remember, ppp.linkup is searched for a "192.244.176.44" label, then
# an "ondemand" label, and finally the "MYADDR" label.
#
ondemand:
set phone 1234567
set login "ABORT NO\\sCARRIER TIMEOUT 5 ogin:--ogin: ppp word: ppp"
set timeout 120
set ifaddr 192.244.185.226 192.244.176.44
add default HISADDR
enable dns
# An on-demand dialup example using an external Terminal Adapter (TA)
# that supports multi-link ppp itself.
#
# This may be specific to the AETHRA TA.
#
TA:
set phone 12345678 # Replace this with your ISPs phone number
set authname "somename" # Replace these with your login name & password.
set authkey "somepasswd" # This profile assumes you're using PAP or CHAP.
enable lqr echo
set reconnect 3 5
set redial 3 10
set lqrperiod 45
disable pred1 deflate mppe
deny pred1 deflate mppe
set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATB41CL2048 \
OK-AT-OK ATB40&J3E1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"
set login
set logout
set hangup
set timeout 60 300 # The minimum charge period is 5 minutes, so don't
# hangup before then
set device /dev/cuad0 # Or whatever
set speed 115200 # Use as high a speed as possible
enable dns # Ask the peer what to put in resolv.conf
# Take a wild guess at an IP number and let the other side decide
set ifaddr 172.16.0.1/0 212.0.0.0/0 0 0
add! default hisaddr
set mru 1504 # Some extra room for the MP header
set server /var/run/ppp/ppp-TA "" 0177 # The diagnostic port (-rw-------)
# Example segments
#
# The following lines may be included as part of your configuration
# section and aren't themselves complete. They're provided as examples
# of how to achieve different things.
examples:
# Multi-phone example. Numbers separated by a : are used sequentially.
# Numbers separated by a | are used if the previous dial or login script
# failed. Usually, you will prefer to use only one of | or :, but both
# are allowed.
#
set phone 12345678|12345679:12345670|12345671
#
# Some phone numbers may include # characters - don't forget to escape
# (or quote) them:
#
set phone "12345##678"
#
# Ppp can accept control instructions from the ``pppctl'' program.
# First, you must set up your control socket. It's safest to use
# a UNIX domain socket, and watch the permissions:
#
set server /var/run/ppp/internet MySecretPassword 0177
#
# Although a TCP port may be used if you want to allow control
# connections from other machines:
#
set server 6670 MySecretpassword
#
# If you don't like ppp's builtin chat, use an external one:
#
set login "\"!chat \\-f /etc/ppp/ppp.dev.chat\""
#
# If we have a ``strange'' modem that must be re-initialized when we
# hangup:
#
set hangup "\"\" AT OK-AT-OK ATZ OK"
#
# To adjust logging without blowing away the setting in default:
#
set log -command +tcp/ip
#
# To see log messages on the screen in interactive mode:
#
set log local LCP IPCP CCP
#
# If you're seeing a lot of magic number problems and failed connections,
# try this (see the man page):
#
set openmode active 5
#
# For noisy lines, we may want to reconnect (up to 20 times) after loss
# of carrier, with 3 second delays between each attempt:
#
set reconnect 3 20
#
# When playing server for M$ clients, tell them who our NetBIOS name
# servers are:
#
set nbns 10.0.0.1 10.0.0.2
#
# Inform the client if they ask for our DNS IP numbers:
#
enable dns
#
# If you don't want to tell them what's in your /etc/resolv.conf file
# with `enable dns', override the values:
#
set dns 10.0.0.1 10.0.0.2
#
# Some people like to prioritize DNS packets:
#
set urgent udp +53
#
# If we're using the -nat switch, redirect ftp and http to an internal
# machine:
#
nat port tcp 10.0.0.2:ftp ftp
nat port tcp 10.0.0.2:http http
#
# or don't trust the outside at all
#
nat deny_incoming yes
#
# I trust user brian to run ppp, so this goes in the `default' section:
#
allow user brian
#
# But label `internet' contains passwords that even brian can't have, so
# I empty out the user access list in that section so that only root can
# have access:
#
allow users
#
# I also may wish to set up my ppp login script so that it asks the client
# for the label they wish to use. I may only want user ``dodgy'' to access
# their own label in direct mode:
#
dodgy:
allow user dodgy
allow mode direct
#
# We don't want certain packets to keep our connection alive
#
set filter alive 0 deny udp src eq 520 # routed
set filter alive 1 deny udp dst eq 520 # routed
set filter alive 2 deny udp src eq 513 # rwhod
set filter alive 3 deny udp src eq 525 # timed
set filter alive 4 deny udp src eq 137 # NetBIOS name service
set filter alive 5 deny udp src eq 138 # NetBIOS datagram service
set filter alive 6 deny tcp src eq 139 # NetBIOS session service
set filter alive 7 deny udp dst eq 137 # NetBIOS name service
set filter alive 8 deny udp dst eq 138 # NetBIOS datagram service
set filter alive 9 deny tcp dst eq 139 # NetBIOS session service
set filter alive 10 deny 0/0 MYADDR icmp # Ping to us from outside
set filter alive 11 permit 0/0 0/0
#
# And in auto mode, we don't want certain packets to cause a dialup
#
set filter dial 0 deny udp src eq 513 # rwhod
set filter dial 1 deny udp src eq 525 # timed
set filter dial 2 deny udp src eq 137 # NetBIOS name service
set filter dial 3 deny udp src eq 138 # NetBIOS datagram service
set filter dial 4 deny tcp src eq 139 # NetBIOS session service
set filter dial 5 deny udp dst eq 137 # NetBIOS name service
set filter dial 6 deny udp dst eq 138 # NetBIOS datagram service
set filter dial 7 deny tcp dst eq 139 # NetBIOS session service
set filter dial 8 deny tcp finrst # Badly closed TCP channels
set filter dial 9 permit 0 0
#
# Once the line's up, allow these connections
#
set filter in 0 permit tcp dst eq 113 # ident
set filter out 0 permit tcp src eq 113 # ident
set filter in 1 permit tcp src eq 23 estab # telnet
set filter out 1 permit tcp dst eq 23 # telnet
set filter in 2 permit tcp src eq 21 estab # ftp
set filter out 2 permit tcp dst eq 21 # ftp
set filter in 3 permit tcp src eq 20 dst gt 1023 # ftp-data
set filter out 3 permit tcp dst eq 20 # ftp-data
set filter in 4 permit udp src eq 53 # DNS
set filter out 4 permit udp dst eq 53 # DNS
set filter in 5 permit 192.244.191.0/24 0/0 # Where I work
set filter out 5 permit 0/0 192.244.191.0/24 # Where I work
set filter in 6 permit icmp # pings
set filter out 6 permit icmp # pings
set filter in 7 permit udp dst gt 33433 # traceroute
set filter out 7 permit udp dst gt 33433 # traceroute
#
# ``dodgynet'' is an example intended for an autodial configuration which
# is connecting a local network to a host on an untrusted network.
dodgynet:
set log Phase # Log link uptime
allow mode auto # For autoconnect only
set device /dev/cuad1 # Define modem device and speed
set speed 115200
deny lqr # Don't support LQR
set phone 0W1194 # Remote system phone number,
set authname "pppLogin" # login
set authkey "MyPassword" # and password
set dial "ABORT BUSY ABORT NO\\sCARRIER \ # Chat script to dial the peer
TIMEOUT 5 \"\" ATZ OK-ATZ-OK \
ATE1Q0M0 OK \\dATDT\\T \
TIMEOUT 40 CONNECT"
set login "TIMEOUT 10 \"\" \"\" \ # And to login to remote system
gin:--gin: \\U word: \\P"
# Drop the link after 15 minutes of inactivity
# Inactivity is defined by the `set filter alive' line below
set timeout 900
# Hard-code remote system to appear within local subnet and use proxy arp
# to make this system the gateway for the rest of the local network
set ifaddr 172.17.20.247 172.17.20.248 255.255.240.0
enable proxy
# Allow any TCP packet to keep the link alive
set filter alive 0 permit tcp
# Only allow dialup to be triggered by http, rlogin, rsh, telnet, ftp or
# private TCP ports 24 and 4000
set filter dial 0 7 0 0 tcp dst eq http
set filter dial 1 7 0 0 tcp dst eq login
set filter dial 2 7 0 0 tcp dst eq shell
set filter dial 3 7 0 0 tcp dst eq telnet
set filter dial 4 7 0 0 tcp dst eq ftp
set filter dial 5 7 0 0 tcp dst eq 24
set filter dial 6 deny ! 0 0 tcp dst eq 4000 |
|
免费注册
发表于 2011-12-05 16:50
发表于 2011-12-06 21:29
