免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
论坛 操作系统 BSD 单网卡的BSD系统能否实现ADSL路由?
123
最近访问板块 发新帖
楼主: devis.ma
打印 上一主题 下一主题

单网卡的BSD系统能否实现ADSL路由? [复制链接]

zero-B

论坛徽章:
2
IT运维版块每日发帖之星 日期:2015-10-05 06:20:00操作系统版块每日发帖之星 日期:2015-10-05 06:20:00
21 [报告]
发表于 2006-05-17 20:22 |只看该作者
原帖由 lemony 于 2006-5-17 18:59 发表
单网卡当然可以做啊~~

我现在就是单网卡做的nat

一个5口交换机

2台BB,一台FreeBSD,都接入交换机中,因为我这里是光纤拨号,不需要猫,直接把网线插入交换机中

然后用FreeBSD拨号,并且设置成网关 ...



mark一下,回来看。
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
vity

论坛徽章:
0
22 [报告]
发表于 2006-05-17 20:56 |只看该作者

单臂路由 + NAT 实例

应该叫"单臂路由"吧,其实win也行的,可以用 anyrouter 软件,只不过功能少些.
好,给个实例,因为我们上网要交钱办帐号,所以...
我现在回帖用的就是自己单网卡的笔记本,不想加装网卡了.提供路由和NAT.

%less /etc/rc.conf

# -- sysinstall generated deltas -- # Mon May 15 04:59:39 2006
# Created: Mon May 15 04:59:39 2006
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="192.168.1.1"
hostname="husir.exam.gov"
ifconfig_bge0="inet 192.168.1.179  netmask 255.255.255.0"
#加一句,下句设 ip别名,担当内网网卡.
#只不过防火墙的地方注意他们是一块网卡,进出规则不能矛盾.
#其实我认为这样的防火枪没什么用.好在是 bsd 系统
ifconfig_bge0_alias0="inet 192.168.20.249  netmask 255.255.255.248"

gateway_enable="YES"
natd_enable="YES"
natd_interface="bge0"

firewall_enable="YES"
firewall_script="/etc/nat_ipfw.conf"

ntpdate_enable="YES"
ntpdate_flags="asia.pool.ntp.org"
ntpd_enable="YES"

keymap="us.iso"
linux_enable="YES"
usbd_enable="YES"
moused_enable="YES"
saver="warp"

$less /etc/nat_ipfw.conf
#!/bin/sh -

setup_loopback () {
        ############
        # Only in rare cases do you want to change these rules
        #
        ${fwcmd} add 100 pass all from any to any via lo0
        ${fwcmd} add 200 deny all from any to 127.0.0.0/8
        ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
}

        fwcmd="/sbin/ipfw"

############
# Flush out the list before we begin.
#
${fwcmd} -f flush

        # set these to your outside interface network and netmask and ip
        oif="bge0"
        onet="192.168.1..0"
        omask="255.255.255.0"
        oip="192.168.1.179"

        # set these to your inside interface network and netmask and ip
        iif="bge0_alias0"
        inet="192.168.20.0"
        imask="255.255.255.248"
        iip="192.168.20.249"

        # natd_interface
        natd_interface="bge0"

        setup_loopback

        # Stop spoofing
#       ${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif}
#       ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif}

        # Stop RFC1918 nets on the outside interface
        ${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif}
        ${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif}
#       ${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif}

                # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
        # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
        # on the outside interface
        ${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif}
        ${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif}
        ${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif}
        ${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif}
        ${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif}


        ${fwcmd} add divert natd all from any to any via ${natd_interface}

        # Stop RFC1918 nets on the outside interface
        ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}
        ${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif}
#       ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif}

        # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
        # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
        # on the outside interface
        ${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif}
        ${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif}
        ${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif}
        ${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif}
        ${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif}

        # allow any ip via bge0 & bge0_alias0
        ${fwcmd} add pass ip from any to any

        # Allow IP fragments to pass through
        ${fwcmd} add pass all from any to any frag

        # Allow TCP through if setup succeeded
        ${fwcmd} add pass tcp from any to any established

        # Allow setup of incoming email
#       ${fwcmd} add pass tcp from any to ${oip} 25 setup

        # Allow access to our DNS
#       ${fwcmd} add pass tcp from any to ${oip} 53 setup
#       ${fwcmd} add pass udp from any to ${oip} 53
#       ${fwcmd} add pass udp from ${oip} 53 to any

        # Allow access to our WWW
#       ${fwcmd} add pass tcp from any to ${oip} 80 setup

        # Reject&Log all setup of incoming connections from the outside
        ${fwcmd} add deny log tcp from any to any in via ${oif} setup

        # Allow setup of any other TCP connection
        ${fwcmd} add pass tcp from any to any setup

        # Allow DNS queries out in the world
        ${fwcmd} add pass udp from ${oip} to any 53 keep-state

        # Allow NTP queries out in the world
        ${fwcmd} add pass udp from ${oip} to any 123 keep-state

        # Everything else is denied by default, unless the
        # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel
        # config file.
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
快乐玩家

论坛徽章:
0
23 [报告]
发表于 2007-03-14 14:04 |只看该作者
提示: 作者被禁止或删除 内容自动屏蔽
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
isjfk

论坛徽章:
0
24 [报告]
发表于 2007-03-14 14:40 |只看该作者
这个...远在我大学时代,就被我们公寓那些无数个无私的同学以免费为整个一层楼的兄弟提供互联网接入的具体行动证明是切实可行的......


oh my god,汉语的表达能力真是惊人呀...
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
大大狗

论坛徽章:
1
荣誉版主 日期:2011-11-23 16:44:17
25 [报告]
发表于 2007-03-14 14:46 |只看该作者
一块网卡做路由我只在WIN用过
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
caicheng1015

论坛徽章:
0
26 [报告]
发表于 2007-03-14 21:30 |只看该作者
一块网卡做路由,一定行的
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
123
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP