环境介绍
公司使用的是pppoe的adsl连接,没有固定ip。 现在要求做一台linux网关服务器。实现以下几点要求:
1.dhcp自动分配ip
2.外网可以访问公司网站
3.内网可以和外网互相收发邮件
4.内网可以上网,做SNAT转换
我选择的是rhel5.5的操作系统完成
安装dhcp
[root@xieping ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
HWADDR=00:0C:29:28:04:C2
ONBOOT=yes
IPADDR=192.168.1.254
NETMASK=255.255.255.0
GATEWAY=192.168.1.254
vim /etc/yum.repos.d/rhel-debuginfo.repo
[rhel-debuginfo]
name=Red Hat Enterprise Linux $releasever - $basearch - Debug
baseurl=file:///media/Server
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
yum clean all
[root@xieping ~]# yum clean all
[root@xieping ~]# yum install -y dhcp
[root@xieping ~]# cp -p /usr/share/doc/dhcp-3.0.5/dhcpd.conf.sample /etc/dhcpd.conf
[root@xieping ~]# vim /etc/dhcpd.conf
ddns-update-style none;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.200;
option routers 192.168.1.254;
option subnet-mask 255.255.255.0;
option domain-name "quantanetwork.com";
option domain-name-servers 202.106.0.20,121.12.174.212;
default-lease-time 21600;
max-lease-time 43200;
}
[root@xieping ~]# /etc/init.d/dhcpd restart
[root@xieping ~]# chkconfig dhcpd on
[root@xieping httpd-2.2.9]# tar zxf httpd-2.2.9.tar.gz -C /usr/src/
[root@xieping httpd-2.2.9]# cd /usr/src/
[root@xieping httpd-2.2.9]# ./configure --prefix=/usr/local/apache2
--enable-so --enable-rewrite
报错信息:
configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details.
configure failed for srclib/apr
解决办法:
[root@xieping ~]# yum install -y gcc
[root@xieping ~]# make && make install
[root@xieping apache2]# /usr/local/apache2/bin/apachectl start
[root@xieping apache2]# echo /usr/local/apache2/bin/apachectl restart >> /etc/rc.d/rc.local
mysql
[root@quantanetwork mysql-5.0.56]# tar zxf mysql-5.0.56.tar.gz -C /usr/src/
[root@quantanetwork mysql-5.0.56]# cd /usr/src/mysql-5.0.56/
[root@quantanetwork mysql-5.0.56]# useradd -M -s /sbin/nologin mysql
[root@quantanetwork mysql-5.0.56]# ./configure --prefix=/usr/local/mysql
报错信息
checking for termcap functions library... configure: error: No curses/termcap library found
解决办法:
[root@quantanetwork mysql-5.0.56]# yum install -y ncurses-devel
[root@quantanetwork mysql-5.0.56]# yum install -y gcc*
[root@quantanetwork mysql-5.0.56]# ./configure --prefix=/usr/local/mysql
[root@quantanetwork mysql-5.0.56]#make && make install
[root@quantanetwork mysql-5.0.56]# cp support-files/my-medium.cnf /etc/my.cnf
[root@quantanetwork mysql-5.0.56]# chown -R mysql /usr/local/mysql/var
[root@quantanetwork mysql-5.0.56]# chown -R root:mysql /usr/local/mysql
[root@quantanetwork mysql-5.0.56]# /usr/local/mysql/bin/mysql_install_db --user=mysql
[root@quantanetwork mysql-5.0.56]# /usr/local/mysql/bin/mysqld_safe --user=mysql &
[root@quantanetwork mysql-5.0.56]# netstat -nutlp | grep :3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 21660/mysqld
[root@quantanetwork mysql-5.0.56]# echo "/usr/local/mysql/bin/mysqld_safe --user=mysql &" >> /etc/rc.d/rc.local
[root@quantanetwork ~]# export PATH=$PATH:/usr/local/mysql/bin/
[root@quantanetwork ~]# echo "PATH=$PATH:/usr/local/mysql/bin/" >> /etc/profile
[root@quantanetwork ~]# mysqladmin -u root password "system"
PHP的安装
[root@quantanetwork php-5.2.6]# tar xjf php-5.2.6.tar.bz2 -C /usr/src/
[root@quantanetwork php-5.2.6]# cd /usr/src/php-5.2.6/
[root@quantanetwork php-5.2.6]# ./configure --prefix=/usr/local/php5 --enable-mbstring --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/local/mysql --with-config-file-path=/usr/local/php5
报错信息:
configure: error: xml2-config not found. Please check your libxml2 installation.
解决办法:
[root@quantanetwork php-5.2.6]#yum install libxml2-devel -y
[root@quantanetwork php-5.2.6]# ./configure --prefix=/usr/local/php5 --enable-mbstring --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/local/mysql --with-config-file-path=/usr/local/php5
[root@quantanetwork php-5.2.6]#make && make install
[root@quantanetwork php-5.2.6]# cp php.ini-dist /usr/local/php5/php.ini
[root@quantanetwork php-5.2.6]# vim /usr/local/apache2/conf/httpd.conf
在LoadModule php5_module modules/libphp5.so下面新加入一条
Addtype application/x-httpd-php .php
<IfModule dir_module> 在默认首页直接加入index.php
DirectoryIndex index.php index.html
</IfModule>
[root@quantanetwork php-5.2.6]# /usr/local/apache2/bin/apachectl restart
网站数据和数据库数据的导入导出
[root@quantanetwork php-5.2.6]# rsync -avz root@192.168.1.5:/opt/lampp/htdocs/* /usr/local/apache2/htdocs/
[root@quantanetwork htdocs]# /usr/local/apache2/bin/apachectl stop
[root@quantanetwork htdocs]# /usr/local/apache2/bin/apachectl start
数据库的导出:进入192.168.1.5 执行
root@kunte:~#mysqldump -u root -p --all-databases > /root/mysql_2012_7_20.sql
回到192,168.1.254
[root@quantanetwork htdocs]#
rsync -avz root@192.168.1.5:/root/mysql_2012_7_20.sql /root/
[root@quantanetwork htdocs]# mysql -u root -p < /root/mysql_2012_7_20.sql
postfix的搭建(外网收发)
[root@quantanetwork postfix]# /etc/init.d/sendmail stop
[root@quantanetwork postfix]# chkconfig sendmail off
[root@quantanetwork postfix]# tar zxf postfix-2.4.6.tar.gz -C /usr/src/
[root@quantanetwork postfix]# cp postfix-2.4.6-vda-ng.patch.gz /usr/src/
[root@quantanetwork postfix]# cd /usr/src/
[root@quantanetwork src]# gunzip postfix-2.4.6-vda-ng.patch.gz
[root@quantanetwork src]# cd /usr/src/postfix-2.4.6
[root@quantanetwork postfix-2.4.6]# patch -p1 < ../postfix-2.4.6-vda-ng.patch
[root@quantanetwork postfix-2.4.6]# groupadd -g 1200 postdrop
[root@quantanetwork postfix-2.4.6]# groupadd -g 1000 postfix
[root@quantanetwork postfix-2.4.6]# useradd -u 1000 -g postfix -G postdrop postfix
[root@quantanetwork postfix-2.4.6]# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl' 'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2'
报错信息
make -f Makefile.in MAKELEVEL= Makefiles
(echo "# Do not edit -- this file documents how Postfix was built for your machine."; /bin/sh makedefs) >makedefs.tmp
No <db.h> include file found.
Install the appropriate db*-devel package first.
See the RELEASE_NOTES file for more information.
make: *** [Makefiles] 错误 1
make: *** [makefiles] 错误 2
解决办法:
[root@quantanetwork postfix-2.4.6]# yum install -y db*-devel
[root@quantanetwork postfix-2.4.6]# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl' 'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2'
[root@quantanetwork postfix-2.4.6]#make && make install
报错信息:
xsasl_cyrus_server.c:597: 错误:‘XSASL_CYRUS_SERVER’ 没有名为 ‘username’ 的成员
xsasl_cyrus_server.c:598: 错误:‘XSASL_CYRUS_SERVER’ 没有名为 ‘username’ 的成员
make: *** [xsasl_cyrus_server.o] 错误 1
make: *** [update] 错误 1
解决办法:
[root@quantanetwork postfix-2.4.6]# yum install -y cyrus-sasl-devel
[root@quantanetwork postfix]# yum install -y cyrus-sasl-md5
[root@quantanetwork postfix]# make && make install
报错信息:
error while loading shared libraries: libmysqlclient.so.15: cannot open shared object file: No such file or directory
解决办法:
[root@quantanetwork postfix-2.4.6]# echo "/usr/local/mysql/lib/mysql/">> /etc/ld.so.conf
[root@quantanetwork postfix-2.4.6]#ldconfig /etc/ld.so.conf
[root@quantanetwork postfix-2.4.6]#make && make install
install_root: [/] 回车
tempdir: [/usr/src/postfix-2.4.6] 回车
config_directory: [] /etc/postfix
daemon_directory: [] /usr/libexec/postfix
command_directory: [] /usr/sbin
queue_directory: [] /var/spool/postfix
sendmail_path: [] /usr/sbin/sendmail
newaliases_path: [] /usr/bin/newaliases
mailq_path: [] /usr/bin/mailq
mail_owner: [] postfix
setgid_group: [] postdrop
html_directory: [] no
manpage_directory: [] /usr/local/man
readme_directory: [] no
[root@quantanetwork postfix]# postconf -n >> main.cf
[root@quantanetwork postfix]# cd /etc/postfix/
[root@quantanetwork postfix]# vim main.cf
最后面加入:
inet_interfaces = all
myhostname = mail.quantanetwork.com
mydomain = quantanetwork.com
myorigin = $mydomain
mydestination = $mydomain, $myhostname
home_mailbox = Maildir/
[root@quantanetwork postfix]# postfix start
[root@quantanetwork postfix]# echo "/usr/sbin/postfix start" >> /etc/rc.d/rc.local
[root@quantanetwork postfix]# tar zxf dovecot-1.1.4.tar.gz -C /usr/src/
[root@quantanetwork postfix]# useradd -M -s /sbin/nologin dovecot
[root@quantanetwork postfix]# cd /usr/src/dovecot-1.1.4/
[root@quantanetwork dovecot-1.1.4]# yum install -y pam-devel
[root@quantanetwork dovecot-1.1.4]# ./configure --sysconfdir=/etc --with-mysql
[root@quantanetwork dovecot-1.1.4]#make && make install
[root@quantanetwork dovecot-1.1.4]# cp /etc/dovecot-example.conf /etc/dovecot.conf
[root@quantanetwork dovecot-1.1.4]# vim /etc/dovecot.conf
vim /etc/dovecot.conf
23 protocols = pop3 imap
47 disable_plaintext_auth = no
87 ssl_disable = yes
208 mail_location = maildir:~/Maildir
[root@quantanetwork dovecot-1.1.4]#vim /etc/pam.d/dovecot
auth required pam_nologin.so
auth include system-auth
account include system-auth
session include system-auth
[root@quantanetwork dovecot-1.1.4]# /usr/local/sbin/dovecot -c /etc/dovecot.conf
[root@quantanetwork dovecot-1.1.4]# echo "/usr/local/sbin/dovecot -c /etc/dovecot.conf" >> /etc/rc.d/rc.local
[root@quantanetwork dovecot-1.1.4]# netstat -anpt | grep dovecot
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 12642/dovecot
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 12642/dovecot
[root@quantanetwork dovecot-1.1.4]#cp /usr/lib/sasl2/Sendmail.conf /usr/lib/sasl2/smtpd.conf
[root@quantanetwork dovecot-1.1.4]#/etc/init.d/saslauthd restart
[root@quantanetwork dovecot-1.1.4]#chkconfig saslauthd on
[root@quantanetwork dovecot-1.1.4]#vim /etc/postfix/main.cf
mailbox_size_limit = 524288000 //限制用户邮箱大小500M
message_size_limit = 50889600 //限制可发送邮件大小50M
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated, reject_unauth_destination
[root@quantanetwork dovecot-1.1.4]#postfix reload
PPPOE搭建
[root@quantanetwork dovecot-1.1.4]#yum install rp-pppoe -y
[root@quantanetwork dovecot-1.1.4]#adsl-setup ← 建立ADSL连接
Welcome to the ADSL client setup. First, I will run some checks on
your system to make sure the PPPoE client is installed properly...
LOGIN NAME
Enter your Login Name (default root): ← 填入ADSL连接的用户名
INTERFACE
Enter the Ethernet interface connected to the ADSL modem
For Solaris, this is likely to be something like /dev/hme0.
For Linux, it will be ethX, where 'X' is a number.
(default eth0): ← 指定网络接入设备,一块网卡的情况下,一般为默认eth0
Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds
after which the link should be dropped. If you want the link to
stay up permanently, enter 'no' (two letters, lower-case.)
NOTE: Demand-activated links do not interact well with dynamic IP
addresses. You may have some problems with demand-activated links.
Enter the demand value (default no): ← 直接按回车,接受默认设置
DNS
Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide dynamic DNS addresses',
enter 'server' (all lower-case) here.
If you just press enter, I will assume you know what you are
doing and not modify your DNS setup.
Enter the DNS information here: ← 如果知道DNS服务器的信息在此填入。不知道的情况按回车跳过
PASSWORD
Please enter your Password: ← 输入ADSL的连接密码
Please re-enter your Password: ← 再次确认输入ADSL的连接密码
USERCTRL
Please enter 'yes' (two letters, lower-case.) if you want to allow
normal user to start or stop DSL connection (default yes): no ← 填入no,不允许一般用户控制PPPoE的连接
FIREWALLING
Please choose the firewall rules to use. Note that these rules are
very basic. You are strongly encouraged to use a more sophisticated
firewall setup; however, these will provide basic security. If you
are running any servers on your machine, you must choose 'NONE' and
set up firewalling yourself. Otherwise, the firewall rules will deny
access to all standard servers like Web, e-mail, ftp, etc. If you
are using SSH, the rules will block outgoing SSH connections which
allocate a privileged source port.
The firewall choices are:
0 - NONE: This script will not set any firewall rules. You are responsible
for ensuring the security of your machine. You are STRONGLY
recommended to use some kind of firewall rules.
1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway
for a LAN
Choose a type of firewall (0-2): 0 ← 输入0,不在这里使用防火墙
Start this connection at boot time
Do you want to start this connection at boot time?
Please enter no or yes (default no): yes ← 填入yes,在系统启动时自动连接ADSL
** Summary of what you entered **
Ethernet Interface: eth0
User name: caun870293@ca.dti.ne.jp
Activate-on-demand: No
DNS: Do not adjust
Firewalling: NONE
User Control: no
Accept these settings and adjust configuration files (y/n)? y ← 配置信息确认无误后,键入y同意设置
Adjusting /etc/sysconfig/network-scripts/ifcfg-ppp0
Adjusting /etc/ppp/chap-secrets and /etc/ppp/pap-secrets
(But first backing it up to /etc/ppp/chap-secrets.bak)
(But first backing it up to /etc/ppp/pap-secrets.bak)
?
Congratulations, it should be all set up!
Type '/sbin/ifup ppp0' to bring up your xDSL link and '/sbin/ifdown ppp0'
to bring it down.
Type '/sbin/adsl-status /etc/sysconfig/network-scripts/ifcfg-ppp0'
to see the link status.
2.4) 启动PPPOE客户端软件
# adsl-start ← 启动ADSL连接
# ← 稍等片刻后若启动成功后出现提示符(无任何提示或Connected意味着连接成功)
如果不成功,请检查网线、ADSL MODEM等物理设备,并查看 /var/log/messages中的信息
/usr/sbin/adsl-stop 关闭和ISP的连接
/usr/sbin/adsl-status 查看当前连接的状态
如果想在Linux系统启动时自动启动ADSL连接,输入以下命令
#chkconfig --add adsl
将在当前的运行级下加入ADSL的自启动脚本
2.5) 测试
当连接成功后.使用命令 ifconfig -a 在输出中应该含有关于 ppp0 的一堆信息
SNAT
[root@quantanetwork dovecot-1.1.4]#iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j MASQUERADE
[root@quantanetwork dovecot-1.1.4]#/etc/init.d/iptables save
本文转自谢无赖51CTO博客,原文链接:http://blog.51cto.com/xieping/936216 ,如需转载请自行联系原作者
