[自改Router系列] 係Debian/Ubuntu到起Router
本帖最後由 hixyz111 於 2-1-2012 16:34 編輯唔會教點裝Debian or Ubuntu,自己爬Google
先整個network diagram
http://i.imgur.com/Z5OC9.png
要有Switch*1/LAN Card * 2/Wifi-AP *1
準備工作:
Ubuntu 11.04/11.10
In Terminal:
1. sudo nano /etc/sysctl.conf
2. 改net.ipv4.ip_forward=1
3. save
4. sudo sysctl -p
Debian
su --login (變成root)
nano /etc/sysctl.conf
改net.ipv4.ip_forward=1
sysctl -p
改/etc/network/interfaces:
設定好所有LAN Interfaces
Ubuntu 11.04/11.101. sudo nano /etc/network/interfacesDebian (要係root)nano /etc/network/interfaces2.係nano度改
共通
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.0.1
broadcast 192.168.0.255
post-up iptables-restore < /etc/iptables.conf
post-up ip route add 192.168.0.0/24 dev eth0
auto eth1
iface eth1 inet static
address 192.168.1.1
broadcast 192.168.1.255
post-up ip route add 192.168.1.0/24 dev eth0
auto eth2
iface eth2 inet static
address 192.168.2.1
broadcast 192.168.2.255
post-up ip route add 192.168.2.0/24 dev eth2
post-down iptables-restore < /etc/iptablesdown.conf
Internet Connectivity (PPP):
點都要有Internet Connectivity
首先要Bridge左Modem先(因為要Router做PPP)
Ubuntu 11.04/11.10
1. sudo pppoeconf
Debian(要root)
2. pppoeconf
NAT:
Ubuntu 11.04/11.10 :
1.sudo iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
2.sudo iptables-save > /etc/iptables.confDebian(要root) :
1.iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
2.iptables-save > /etc/iptables.conf
DHCP Server:
Ubuntu 11.04/11.10 :
sudo apt-get install isc-dhcp-server
Y
nano /etc/dhcp/dhcpd.conf
Debian(要root) :
apt-get install isc-dhcp-server
Y
nano /etc/dhcp/dhcpd.conf共通
將 /etc/dhcp/dhcpd.conf變成:
option domain-name-servers 192.231.203.3;
option domain-name-servers 192.231.203.132;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.2 192.168.0.254;
option broadcast-address 192.168.0.255;
option routers 192.168.0.1;
}
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.2 192.168.1.254;
option broadcast-address 192.168.1.255;
option routers 192.168.1.1;
}
(唔使係eth2到行DHCP Server,因為要Set Modem IP: 192.168.2.2) Setup SSH(Secure Shell) Server
如果你係一個sysadmin,你可以利用SSH進行Remote Management(係第二部電腦度打Command)
(sudo) apt-get install openssh-server
再係第二部(Linux)電腦度打
ssh user@(IP of ppp0)
跟住打USER 密碼就可以
不過,打USER 密碼個方法係好唔安全
因為可以俾HACKER Brute Force破門而入
所以可以用Public Key infrastructure
係第二部(Linux)電腦度打
ssh-keygen -t rsa -b 4096俾佢一個名
Passphrase可以唔打(直接ENTER)
再打ssh-copy-id -i name.pub user@(ip of router)再改/etc/ssh/sshd_config
而uncomment "Password Auth no"個行
再打 (sudo) /etc/init.d/ssh restart就可以 只用windows 只用windows
9298 發表於 24-1-2012 15:00 http://www.nakuz.com/bbs/images/common/back.gif
TP-Link/Dlink嘅Router Firmware係Linux-based
頁:
[1]