[自改Router系列] 係Debian/Ubuntu到起Router

hixyz111

唔會教點裝Debian or Ubuntu,自己爬Google

先整個network diagram

要有Switch*1/LAN Card * 2/Wifi-AP *1

準備工作:
Ubuntu 11.04/11.10

1. 
   
2. In Terminal:
   
3. 1. sudo nano /etc/sysctl.conf
   
4. 2. 改net.ipv4.ip_forward=1
   
5. 3. save
   
6. 4. sudo sysctl -p
   

複製代碼

Debian

1. 
   
2. su --login (變成root)
   
3. nano /etc/sysctl.conf
   
4. 改net.ipv4.ip_forward=1
   
5. sysctl -p
   

複製代碼

改/etc/network/interfaces:
設定好所有LAN Interfaces
Ubuntu 11.04/11.10

1. 1. sudo nano /etc/network/interfaces

複製代碼

Debian (要係root)

1. nano /etc/network/interfaces

複製代碼

2.係nano度改
共通

1. 
   
2. # This file describes the network interfaces available on your system
   
3. # and how to activate them. For more information, see interfaces(5).
   
4. 
   
5. auto lo
   
6. iface lo inet loopback
   
7. 
   
8. auto eth0
   
9. iface eth0 inet static
   
10. address 192.168.0.1
    
11. broadcast 192.168.0.255
    
12. post-up iptables-restore < /etc/iptables.conf
    
13. post-up ip route add 192.168.0.0/24 dev eth0
    
14. 
    
15. auto eth1
    
16. iface eth1 inet static
    
17. address 192.168.1.1
    
18. broadcast 192.168.1.255
    
19. post-up ip route add 192.168.1.0/24 dev eth0
    
20. 
    
21. auto eth2
    
22. iface eth2 inet static
    
23. address 192.168.2.1
    
24. broadcast 192.168.2.255
    
25. post-up ip route add 192.168.2.0/24 dev eth2
    
26. post-down iptables-restore < /etc/iptablesdown.conf
    
27. 
    

複製代碼

Internet Connectivity (PPP):

點都要有Internet Connectivity
首先要Bridge左Modem先(因為要Router做PPP)
Ubuntu 11.04/11.10

1. 
   
2. 1. sudo pppoeconf
   

複製代碼

Debian(要root)

1. 
   
2. 2. pppoeconf
   

複製代碼

NAT:
Ubuntu 11.04/11.10 :

1. 
   
2. 1.sudo iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
   
3. 2.sudo iptables-save > /etc/iptables.conf

複製代碼

Debian(要root) :

1. 
   
2. 1.iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
   
3. 2.iptables-save > /etc/iptables.conf
   

複製代碼

DHCP Server:
Ubuntu 11.04/11.10 :

1. 
   
2. sudo apt-get install isc-dhcp-server
   
3. Y
   
4. nano /etc/dhcp/dhcpd.conf
   

複製代碼

Debian(要root) :

1. 
   
2. apt-get install isc-dhcp-server
   
3. Y
   
4. nano /etc/dhcp/dhcpd.conf

複製代碼

共通

1. 
   
2. [u]將 /etc/dhcp/dhcpd.conf變成:[/u]
   
3. option domain-name-servers 192.231.203.3;
   
4. option domain-name-servers 192.231.203.132;
   
5. 
   
6. default-lease-time 600;
   
7. max-lease-time 7200;
   
8. 
   
9. subnet 192.168.0.0 netmask 255.255.255.0 {
   
10.   range 192.168.0.2 192.168.0.254;
    
11.   option broadcast-address 192.168.0.255;
    
12.   option routers 192.168.0.1;
    
13. }
    
14. 
    
15. subnet 192.168.1.0 netmask 255.255.255.0 {
    
16.   range 192.168.1.2 192.168.1.254;
    
17.   option broadcast-address 192.168.1.255;
    
18.   option routers 192.168.1.1;
    
19. }
    

複製代碼

(唔使係eth2到行DHCP Server,因為要Set Modem IP: 192.168.2.2)

hixyz111

Setup SSH(Secure Shell) Server
如果你係一個sysadmin,你可以利用SSH進行Remote Management(係第二部電腦度打Command)

1. 
   
2. (sudo) apt-get install openssh-server
   

複製代碼

再係第二部(Linux)電腦度打

1. 
   
2. ssh user@(IP of ppp0)
   

複製代碼

跟住打USER 密碼就可以

---

不過,打USER 密碼個方法係好唔安全
因為可以俾HACKER Brute Force破門而入
所以可以用Public Key infrastructure

係第二部(Linux)電腦度打

1. 
   
2. ssh-keygen -t rsa -b 4096

複製代碼

俾佢一個名
Passphrase可以唔打(直接ENTER)
再打

1. ssh-copy-id -i name.pub user@(ip of router)

複製代碼

再改/etc/ssh/sshd_config
而uncomment "Password Auth no"個行
再打 (sudo) /etc/init.d/ssh restart就可以

9298

只用windows

hixyz111

只用windows
9298 發表於 24-1-2012 15:00

TP-Link/Dlink嘅Router Firmware係Linux-based