1.
#yum -y install ppp iptables
#rpm -ivh http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.el6.x86_64.rpm
2.vi /etc/ppp/options.pptpd
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
ms-dns 8.8.8.8
ms-dns 8.8.4.4
3.vi /etc/ppp/chap-secrets
#(帳號) pptpd (密碼) *
ok1234 pptpd pwss1234 *
4.vi /etc/pptpd.conf
option /etc/ppp/options.pptpd
localip 192.168.1.254 (伺服器IP)
remoteip 192.168.1.10-20 (要配發給client端的IP)
設定檔中的 logwtmp 這行要註解掉、否則無法連線
5.vi ipt.sh 簡單的防火牆規則
#!/bin/bash
EXTIF="eth0"
INIF=""
INNET="192.168.1.0/24"
export EXTIF INIF INNET
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
for i in /proc/sys/net/ipv4/conf/*/{rp_filter,log_martians}; do
echo "1" > $i
done
for i in /proc/sys/net/ipv4/conf/*/{accept_source_route,accept_redirects,\
send_redirects}; do
echo "0" > $i
done
#清除各個 chain 的規則、並且設定初始值
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin; export PATH
iptables -F
iptables -X
iptables -Z
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT
# 2. clean NAT table's rule
iptables -F -t nat
iptables -X -t nat
iptables -Z -t nat
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
# 3. NAT server's settings
echo "1" > /proc/sys/net/ipv4/ip_forward
#增加 iptables 轉發規則
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
6.執行 ip.sh
7.啟動 pptp
#service pptpd start
0 意見:
張貼留言