以下資料大部分來自網絡,感謝原博主的分享,本人只做部分適配修改,如有侵權請聯繫博主,謝謝
1.需要安裝rp-pppoe,撥號所需
2.創建撥號配置文件,以/etc/sysconfig/network-scripts/ifcfg-ppp0爲例,根據實際情況不必照抄
[root@***** ~]# cat /etc/sysconfig/network-scripts/ifcfg-ppp0
USERCTL=yes
BOOTPROTO=dialup
NAME=DSLppp0
DEVICE=ppp0
TYPE=xDSL
ONBOOT=no
PIDFILE=/var/run/pppoe-adsl0.pid
FIREWALL=NONE
PING=.
PPPOE_TIMEOUT=80
LCP_FAILURE=3
LCP_INTERVAL=20
CLAMPMSS=1412
CONNECT_POLL=6
CONNECT_TIMEOUT=60
DEFROUTE=yes
SYNCHRONOUS=no
ETH=eth4 #這裏我使用物理網卡ETH4,記得把貓的網線插在這個網卡上,這樣才能撥號
PROVIDER=DSLppp0
USER=XXXXX #ADSL帳號
PEERDNS=no
DEMAND=no
3.創建撥號的密碼文件
vim /etc/ppp/pppoe-server-options.rpmsave
auth #連接必須驗證
require-chap # 選擇驗證方式,分爲PAP和CHAP 我建議用CHAP,因爲PAP不***全,容易被人把密碼抓走
login #據說加了這個就能後再使用PAP 方式就能允許使用本地帳號登錄了,不過我一直沒成功
lcp-echo-interval 10 #每十秒檢測一次鏈路狀態,查看是否正常
lcp-echo-failure 2 #如果10秒後狀態依然不正常 再等兩秒後 確認斷開連接
ms-dns x.x.x.x#給客戶端的DNS
[root@**** ~]# cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
####### redhat-config-network willoverwrite this part!!! (begin) ##########
####### redhat-config-network willoverwrite this part!!! (end) ############
"ADSL帳號" * "密碼"
4.把所有的貓都插在不同的物理網卡上。按照2,3步驟一次添加配置文件和密碼。#此處也可以採用單卡多播的方式處理
5.現在測試撥號(然後一次測試不同配置文件,等同於測試不同的帳號是否都可以撥號成功,注意貓是否都加載電源,網線是否插好)
/sbin/adsl-start/etc/sysconfig/network-scripts/ifcfg-ppp309
若撥號成功,ifconfig後顯示ppp0的相關信息
斷開撥號連接
[root@**** ~]#ifconfig ppp0
ppp0 Link encap:Point-to-Point Protocol
inet addr:121.34.103.105 P-t-P:121.34.100.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:54809 errors:0 dropped:0 overruns:0 frame:0
TX packets:57439 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:47257780 (45.0 MiB) TXbytes:4184643 (3.9 MiB)
6.所有撥號成功後,現在創建iptables規則,讓服務器提供NAT功能(這裏有4條ADSL,ppp0~ppp3)
iptables -t nat -F
iptables -t nat -X
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P INPUT ACCEPT
iptables -t mangle -P FORWARD ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
iptables -t mangle -P POSTROUTING ACCEPT
iptables -F
iptables -X
iptables -P FORWARD ACCEPT
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t raw -F
iptables -t raw -X
iptables -t raw -P PREROUTING ACCEPT
iptables -t raw -P OUTPUT ACCEPT
####
modprobe ip_conntrack hashsize=30000 #根據流量大小調整
iptables -t nat -A POSTROUTING -s10.0.0.0/255.255.0.0 -o ppp0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s10.0.0.0/255.255.0.0 -o ppp1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s10.0.0.0/255.255.0.0 -o ppp2 -j MASQUERADE
iptables -t nat -A POSTROUTING -s10.0.0.0/255.255.0.0 -o ppp3 -j MASQUERADE
iptables -t nat -A POSTROUTING -s10.0.0.0/255.255.0.0 -o eth0 -j MASQUERADE #若ADSL都失效的話,讓起走默認的ETH0,備用策略;這條規則根據實際情況添加
iptables -A FORWARD -s 10.0.0.0/16 -jACCEPT
iptables -A FORWARD -d 10.0.0.0/16 -jACCEPT
###
iptables -A INPUT -s 10.0.0.0/16 -p icmp -jACCEPT
iptables -A INPUT -m state --stateRELATED,ESTABLISHED -j ACCEPT #啓用連接追蹤
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -d 127.0.0.1 -j ACCEPT
ip route
7.到目前位置,還有一個問題沒有解決,如何帶寬的負載均衡?
ip route replace default equalize nexthopdev ppp0 weight 1 nexthop dev ppp1 weight 1 nexthop dev ppp2 weight 1 nexthopdev ppp3 weight 1
但還是有問題啊,萬一那條ADSL DOWN掉了腫麼辦呢?
這個問題,讓下面這個腳本來解決吧。
腳本工作原理:每隔5秒檢測當前ADSL連線的狀態,若有掉線的,將此線路踢出網關集合中(這裏4條線路,你有幾條就自己重新修改腳本啊,千萬不要照抄……)
#!/bin/bash
#check ppp status
#
#
##########################################################################################################
ip route replace default equalize nexthopdev ppp0 weight 1 nexthop dev ppp1 weight 1 nexthop dev ppp2 weight 1 nexthopdev ppp3 weight 1
ACTIVE_PPP_STATUS="15"
while (true)
do
PPP_STATUS="0"
if [ "`ifconfig | awk -F"[:]" '/ppp0/{print $1}'`" = "ppp0" ]; then
PPP_STATUS=`expr $PPP_STATUS + 1`
fi
#
if [ "`ifconfig | awk -F"[:]" '/ppp1/{print $1}'`" = "ppp1" ]; then
PPP_STATUS=`expr $PPP_STATUS + 2`
fi
#
if [ "`ifconfig | awk -F"[:]" '/ppp2/{print $1}'`" = "ppp2" ]; then
PPP_STATUS=`expr $PPP_STATUS + 4`
fi
#
if [ "`ifconfig | awk -F"[:]" '/ppp3/{print $1}'`" = "ppp3" ]; then
PPP_STATUS=`expr $PPP_STATUS + 8`
fi
###
if [ $ACTIVE_PPP_STATUS -ne $PPP_STATUS ];then
case "$PPP_STATUS" in
0) /root/check-ppp-status.sh
;;
1) ip route replace default via120.197.94.1 #該默認網關根據實際情況添加
;;
2) ip route replace default via120.197.94.1
;;
3) ip route replace default equalizenexthop dev ppp0 weight 1 nexthop dev ppp1 weight 1
;;
4) ip route replace default via120.197.94.1
;;
5) ip route replace default equalizenexthop dev ppp0 weight 1 nexthop dev ppp2 weight 1
;;
6) ip route replace default equalizenexthop dev ppp1 weight 1 nexthop dev ppp2 weight 1
;;
7) ip route replace default equalizenexthop dev ppp0 weight 1 nexthop dev ppp1 weight 1 nexthop dev ppp2 weight 1
;;
8)ip route replace default via 120.197.94.1
;;
9) ip route replace default equalizenexthop dev ppp0 weight 1 nexthop dev ppp3 weight 1
;;
10) ip route replace default equalizenexthop dev ppp1 weight 1 nexthop dev ppp3 weight 1
;;
11) ip route replace default equalizenexthop dev ppp0 weight 1 nexthop dev ppp1 weight 1 nexthop dev ppp3 weight 1
;;
12) ip route replace default equalizenexthop dev ppp2 weight 1 nexthop dev ppp3 weight 1
;;
13) ip route replace default equalizenexthop dev ppp0 weight 1 nexthop dev ppp2 weight 1 nexthop dev ppp3 weight 1
;;
14) ip route replace default equalizenexthop dev ppp1 weight 1 nexthop dev ppp2 weight 1 nexthop dev ppp3 weight 1
;;
15) ip route replace default equalizenexthop dev ppp0 weight 1 nexthop dev ppp1 weight 1 nexthop dev ppp2 weight 1 nexthop dev ppp3 weight 1
;;
esac
ip route flush cache
fi
ACTIVE_PPP_STATUS="$PPP_STATUS"
sleep 5
done
然後呢,放到後臺去處理把…… #如果PPPOE連接斷後系統沒有擦除ifconfig中相應連接項,該腳本需要修改後才能使用
nohup sh 你創建的腳本名 &
8.後續的一些交代……
察看當前路由情況和網關
ip route
察看ADSL連線情況
ip link ls
其實,可以修改上面的腳本,如果有連線異常,可以做發郵件或短信報警,主要是否有額外需求了。