| Ubuntu 20.04 LTS Server搭建软路由 | 您所在的位置:网站首页 › ubuntu路由配置错误 › Ubuntu 20.04 LTS Server搭建软路由 |
|
首先是安装Ubuntu 20.04 LTS Server,这个步骤网上都可以找到 注意的是,安装的时候开启openssh-server 下述步骤是是指定安装好Ubuntu 20.04 LTS Server后 推荐先修改源为aliyun源 sudo mv /etc/apt/sources.list /etc/apt/sources.list.bak sudo vi /etc/apt/sources.list写入以下内容 deb https://mirrors.aliyun.com/ubuntu focal main restricted deb https://mirrors.aliyun.com/ubuntu focal-updates main restricted deb https://mirrors.aliyun.com/ubuntu focal universe deb https://mirrors.aliyun.com/ubuntu focal-updates universe deb https://mirrors.aliyun.com/ubuntu focal multiverse deb https://mirrors.aliyun.com/ubuntu focal-updates multiverse deb https://mirrors.aliyun.com/ubuntu focal-backports main restricted universe multiverse deb https://mirrors.aliyun.com/ubuntu focal-security main restricted deb https://mirrors.aliyun.com/ubuntu focal-security universe deb https://mirrors.aliyun.com/ubuntu focal-security multiverse并保存后,执行 sudo apt update 1.安装net-tools( ifconfig命令可用) sudo apt install net-tools安装后就可以查看网卡信息, ifconfig -a 2.修改网卡名enp2s0,enp3s0(每个人可能不一样)为eth0,eth1等注:本步骤非必须。不执行步骤2,则需要修改后续步骤中的eth0,eth1为具体的网卡名 sudo vi /etc/default/grub 修改GRUB_CMDLINE_LINUX=""为GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0" sudo grub-mkconfig -o /boot/grub/grub.cfg 修改这里面的/etc/netplan/00-installer-config.yaml, 没有修改会导致下次开机后无法上网。 将enp2s0修改为eth0, 修改enp3s0修改为eth1 后续把eth0作为wan,把eth1作lan 重启, sudo reboot now 3.配置网卡地址,lan设置为静态ip修改/etc/netplan/00-installer-config.yaml, 参考以下内容修改 network: ethernets: eth0: dhcp4: true eth1: dhcp4: false addresses: - 192.168.99.1/24 version: 2 sudo netplan apply使配置生效 4.配置dhcp sudo apt install isc-dhcp-server aa.修改配置文件/etc/default/isc-dhcp-serverINTERFACESv4="" INTERFACESv6="" 修改成 INTERFACESv4="eth1" INTERFACESv6="eth1" bb.修改/etc/dhcp/dhcpd.confoption domain-name-servers ns1.example.org, ns2.example.org; 修改成 option domain-name-servers 8.8.8.8,114.114.114.114; 并末尾增加以下内容 subnet 192.168.99.0 netmask 255.255.255.0 { range 192.168.99.100 192.168.99.254; option domain-name-servers 192.168.99.1; option subnet-mask 255.255.255.0; option broadcast-address 192.168.99.255; option routers 192.168.99.1; } cc.修改/etc/dhcp/dhcpd6.conf末尾增加以下内容 subnet6 2001:db8:0:1::/64 { # Range for clients range6 2001:db8:0:1::129 2001:db8:0:1::254; # Range for clients requesting a temporary address range6 2001:db8:0:1::/64 temporary; # Additional options option dhcp6.name-servers fec0:0:0:1::1; option dhcp6.domain-search "domain.example"; # Prefix range for delegation to sub-routers prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56; # Example for a fixed host address host specialclient { host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01:23:45; fixed-address6 2001:db8:0:1::127; } } 重启dhcp server sudo systemctl start isc-dhcp-server #启动dhcp server sudo systemctl status isc-dhcp-server #查看启动状态 5.配置防火墙sudo ufw allow 22 #允许ssh访问 sudo ufw logging on 修改/etc/default/ufwDEFAULT_FORWARD_POLICY="DROP" 修改为 DEFAULT_FORWARD_POLICY="ACCEPT" 修改/etc/sysctl.conf#net.ipv4.ip_forward=1 修改为 net.ipv4.ip_forward=1 sudo sysctl -p生效 修改/etc/ufw/before.rules文件,在loopback之后,增加eth1(红色那部分内容) # allow all on loopback -A ufw-before-input -i lo -j ACCEPT -A ufw-before-output -o lo -j ACCEPT # allow all on lan, eth1 -A ufw-before-input -i eth1 -j ACCEPT -A ufw-before-output -o eth1 -j ACCEPT 同时 在“# Don't delete these required lines, otherwise there will be errors *filter :ufw-before-input - [0:0]”之前增加以下内容 *nat :POSTROUTING ACCEPT [0:0] # Forward traffic through eth0 - Change to match you out-interface -A POSTROUTING -s 192.168.99.0/24 -o eth0 -j MASQUERADE # don't delete the 'COMMIT' line or these nat table rules won't # be processed COMMIT 修改后,重启ufw sudo ufw disable sudo ufw enable 6.配置dns停用系统自带dns sudo systemctl disable systemd-resolved sudo systemctl stop systemd-resolved 删除符号链接的resolv.conf文件 sudo rm /etc/resolv.conf echo "nameserver 8.8.8.8" > /etc/resolv.conf 安装dnsmasq sudo apt-get install dnsmasq sudo service isc-dhcp-server restart 正常情况下,客户机电脑可以通过eth1自动获取ip和dns 7.pppoe拨号上网 sudo apt install pppoeconf 猫网线连接到eth0, 执行 pppoeconf开始自动配置拨号相关参数,需要知道拨号账号和密码 拨号成功后,软路由可以上网。 可能遇到客户机上不了网 修改/etc/ufw/before.rules文件中的网卡,因为拨号后网卡是ppp0, 如果是自动上网方式则使用eth0 将-A POSTROUTING -s 192.168.99.0/24 -o eth0 -j MASQUERADE修改为-A POSTROUTING -s 192.168.99.0/24 -o ppp0 -j MASQUERADE 8.miniupnpd配置 upnp是p2p一类软件需要的,需要穿透firewall sudo apt install miniupnpd 配置是外网是拨号则ppp0,外网是静态或是dhcp的则eth0 内网是eth1
|
| CopyRight 2018-2019 实验室设备网 版权所有 |