Pppoe kiire
Sissejuhatus
PPP versioon, mis töötab Ethernet-i peal ehk Point-to-Point Protocol over Ethernet lyhendina PPPoE. Seda kasutatakse peamiselt kaabel- ja DSL-modemitel. Selle protokolliga luuakse virtuaalne ühenduskanal üle arvutivõrgu, samal ajal olles üldisest võrgust eraldatud.
Juhend annab ülevaate kuidas seadistada FreeBSD'l tööle PPPoE server võrgu turvalisuse tõstmiseks.
Server
/etc/rc.conf fail
pppoed_enable="YES" pppoed_flags="-d -P /var/run/pppoed.pid -a "server" -l "default" " pppoed_interface="fxp1"
/etc/ppp/ppp.conf fail
default: set log Chat Command Phase #turn on some logging. See man ppp.conf enable pap #turn on chap and pap accounting enable chap allow mode direct #turn on ppp bridging enable proxy #turn on ppp proxyarping (redundant of a disable ipv6cp #we don't use ipv6, don't want the errors set mru 1492 #set mru below 1500 (PPPoE MTU issue) set mtu 1492 #set mtu below 1500 (PPPoE MTU issue) set ifaddr 10.0.0.1 10.0.1.1-10.0.5.254 set speed sync set timeout 0 enable lqr accept dns
/etc/ppp/ppp.secret fail
kasutajanimi parool
Nat/firewall
# sysctl net.link.ether.inet.proxyall=1 net.link.ether.inet.proxyall: 1 -> 1 # sysctl net.inet.ip.forwarding=1 net.inet.ip.forwarding: 0 -> 1
fxp0 on meie väline võrgukaart
/etc/pf.conf
nat on fxp0 inet from 192.168.0.0/24 to any -> (fxp0)
Ning ,et startides koheselt asi toimiks siis lubame apr proxy ja ip forwardi failis /etc/rc.conf
arpproxy_all="YES" gateway_enable="YES"
Kliendid
Window XP kliendi seadistus
Avage Loo Interneti-ühendus, klõpsates nuppu Start, klõpsates nuppu Juhtpaneel, klõpsates nuppu Võrk ja Internet, klõpsates nuppu Võrgu- ja ühiskasutuskeskus, klõpsates nuppu Seadista ühendus või võrk ja seejärel klõpsates nuppu Loo Interneti-ühendus. Klõpsake lehel Kuidas soovite ühendust luua? valikut Lairiba (PPPoE). Jätkake juhiseid järgides.
Jamadega jamamine
Valuable Advices:
- - If you use different versions of windows boxes (not only xp) let enable pap and chap too
- - If you want a user to be connected only once (so users cannot give username and passowords to others to use the same account) you must setup a radius server (freeradius or radius-cistron, from ports collection).
- - If you have problems login in from windows box than set speed sync from /etc/ppp/ppp.conf might help you
- - pppoed daemon consumes some cpu so a faster cpu is better, also for many users is better to have more ram (512 or 1024 MB)
- - If you have problems stop your pppoed process (/etc/rc.d/pppoed stop) then launch pppoed with -Fd option instead -d, from command line to have pppoed in foreground to see errors.
- - On a lan with many users I had a problem, i guess some of the clients had a misconfigured pppoed server so it keeps asking for connection to pppoed server, flooding, forking the pppoed daemon continously. It is a patch that might solve this problem, I've read about it here: http://lists.freebsd.org/pipermail/freebsd-hackers/2005-February/010136.html , but could not find that patch.
Lingid
http://lists.freebsd.org/pipermail/freebsd-isp/2007-February/004587.html
http://en.wikipedia.org/wiki/Point-to-Point_Protocol_over_Ethernet
