openwrt 14.07 R42625搭建pppoe-server笔记-writer15-ChinaUnix博客

抽刀断水writer15.blog.chinaunix.net

首页　| 　博文目录　| 　关于我

writer15

博客访问： 164584
博文数量： 36
博客积分： 1466
博客等级：上尉
技术积分： 380
用户组：普通用户
注册时间： 2007-04-17 17:43

文章分类

全部博文（36）

openwrt（3）
计算机网络和维护（4）
emule（1）
0DAY（4）
新闻评论（0）
bittorrent技术（9）

libtorrent（4）

libbt（4）
linux（4）
python/lua（1）
C++（1）

boost（1）
未分配的博文（9）

推荐博文

下载并安装rp-pppoe-server包

点击(此处)折叠或打开

opgk update
opkg install rp-pppoe-server
cp /usr/lib/pppd/2.4.7/rp-pppoe.so /etc/ppp/plugins/rp-pppoe.so

修改/etc/init.d/pppoe-server

点击(此处)折叠或打开

#!/bin/sh /etc/rc.common

# Copyright (C) 2006-2011 OpenWrt.org

START=50

DEFAULT=/etc/default/pppoe-server

start() {

        [ -f $DEFAULT ] && . $DEFAULT

        OPTIONS="-k -L 17.16.1.1 -R 172.16.1.100 -I eth0 -S 189"

        service_start /usr/sbin/pppoe-server $OPTIONS

}

stop() {

        service_stop /usr/sbin/pppoe-server

}

修改/etc/ppp/options

debug
dump
unit 100
ms-dns 114.114.114.114
ms-dns 10.168.10.11
defaultroute
logfile /dev/null
noipdefault
noaccomp
nopcomp
nocrtscts
lock
maxfail 0
lcp-echo-failure 5
lcp-echo-interval 1

修改/etc/ppp/pppoe-server-options

点击(此处)折叠或打开

# PPP options for the PPPoE server
# LIC: GPL
require-chap
#login
lcp-echo-interval 10
lcp-echo-failure 2

修改防火墙文件/etc/config/firewall

点击(此处)折叠或打开

config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
option disable_ipv6 1
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config zone
option name 'ppp'
option device 'ppp1+'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config forwarding
option src lan
option dest wan
config forwarding
option src ppp
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fe80::/10
option src_port 547
option dest_ip fe80::/10
option dest_port 546
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
# option src lan
# option src_ip 192.168.45.2
# option dest wan
# option proto tcp
# option target REJECT
# block a specific mac on wan
#config rule
# option dest wan
# option src_mac 00:11:22:33:44:66
# option target REJECT
# block incoming ICMP traffic on a zone
#config rule
# option src lan
# option proto ICMP
# option target DROP
# port redirect port coming in on wan to lan
#config redirect
# option src wan
# option src_dport 80
# option dest lan
# option dest_ip 192.168.16.235
# option dest_port 80
# option proto tcp
# port redirect of remapped ssh port (22001) on wan
#config redirect
# option src wan
# option src_dport 22001
# option dest lan
# option dest_port 22
# option proto tcp
# allow IPsec/ESP and ISAKMP passthrough
#config rule
# option src wan
# option dest lan
# option protocol esp
# option target ACCEPT
#config rule
# option src wan
# option dest lan
# option src_port 500
# option dest_port 500
# option proto udp
# option target ACCEPT
### FULL CONFIG SECTIONS
#config rule
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 80
# option dest wan
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
# option target REJECT
#config redirect
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 1024
# option src_dport 80
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp

阅读(2603) | 评论(0) | 转发(0) |

上一篇：openwrt fw3 命令笔记。

下一篇：scapy笔记

给主人留下些什么吧！~~

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6