系统bsd6.2,加PAN分时段限制p2p下载，4张网卡，

 

结构：

 

AD猫>>eth1--(eth2-pan桥-eth3)--eth4>>交换机>>住户

 

 

1，编译内核,加nat模块,ipfw

 

CP /usr/src/sys/i386/conf/GENERIC NAT

 

VI NAT

 

options IPFIREWALL
options IPDIVERT
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPSTEALTH
options ACCEPT_FILTER_DATA
options ACCEPT_FILTER_HTTP
options ICMP_BANDLIM
options DUMMYNET
options IPFIREWALL_DEFAULT_TO_ACCETP
#IPFIREWALL_FORWARD

 

#make depend
#make
#make install

#reboot

 

2,配置rc.conf  拨号ppp.conf

 

NatRouter# cat /etc/rc.conf

# -- sysinstall generated deltas -- # Tue May 19 13:25:38 2009
# Created: Tue May 19 13:25:38 2009
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
usbd_enable="YES"
hostname="NatRouter"
sshd_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
ifconfig_rl0="inet 192.168.1.1/25"
ifconfig_rl3="inet 192.168.1.129/25"
gateway_enable="YES"
inetd_enable="YES"
pf_enable="YES"
sendmail_enable="NO"

dhcpd_enable="YES"
dhcpd_ifaces="rl0"

#ppp
ppp_enable="YES"
ppp_mode="ddial"
ppp_nat="YES"
ppp_profile="ad"

 

NatRouter# cat /etc/ppp/ppp.conf
#################################################################
# PPP  Sample Configuration File
# Originally written by Toshiharu OHNO
# Simplified 5/14/1999 by
#
# See /usr/share/examples/ppp/ for some examples
#
# $FreeBSD: src/etc/ppp/ppp.conf,v 1.10 2004/11/19 17:12:56 obrien Exp $
#################################################################

default:
  set log Phase Chat LCP IPCP CCP tun command
  ident user-ppp VERSION (built COMPILATIONDATE)
  set log Phase tun command
#  set ctsrts off
#  set speed sync
#  set ifaddr 10.0.0.1/0 10.0.0.2/0
#  enable dns
#  set device PPPoE:re0
ad:
  set device PPPoE:rl3
  set authname 你的AD帐号

  set authkey  ad密码

  set dial
  set login
  add default HISADDR

 

3，安装pan...

 

4，安装dhcp-sever 放地址

 

cd  /usr/ports/net/isc-dhcp31-server

 

make install

rehash

 

vi /usr/local/etc/dhcpd.conf 编辑你要放的地址段

 

只放半个C够用

 This is a very basic subnet declaration.

subnet 192.168.1.0 netmask 255.255.255.128 {
  range 192.168.1.2 192.168.1.125;
  option routers 192.168.1.126;
}

 

/usr/local/etc/rc.d/isc-dhcpd  start

 

5,查看进程情况

 

ps ax |grep dhcp

ps ax |grep pan

 

6，查看拨号情况

 

/etc/rc.d/ppp restart

tail  -f /var/log/ppp.log

 

ifconfig

pfsync0: flags=0<> mtu 2020
        syncpeer: 224.0.0.240 maxupd: 128
tun0: flags=8051 mtu 1492
        inet 221.221.163.125 --> 221.221.160.1 netmask 0xffffffff
        Opened by PID 2138