PDC -NAT med vpn hva linux distrb og programvare bør jeg bru

[Dr_Eamy]

Hei... trenger tips og tricks til følgende.

 

Jeg har en ISP som bruker NAT på alle brukere, vi identifiserer oss på NAT/gtw med en VPN kobling... kun en local ip pr bruker. samlet på 1 public IP.

 

IP range : 192.168.157.*** for brukere hos ISP

 

 

Jeg vil.....

 

Sette opp en maskin med linux som lar meg koble til ISP's GTW (med VPN), og fordele denne til mine 3 maskiner.

 

Itilleg vil jeg at linux box'n skal fungere som en FIL/PRINT Prim Domene kontroller for mine XP maskiner (SAMBA eller no anna som kan virke)

 

Hadde oxo vert fint om andre ISP brukere i min IP range kunne ha logga på min Linux box og accessert filer som ligger på den via Samba.

 

 

oppset som jeg ønsker ..

 

UT

XP1 ,XP2 XP3, ---> linuxBox ----intranet til isp---> gtw (autentisering via VPN) ---> INTERNET

 

INN

XP/W2k Bruker på ISP's intranet ---> minLinuxbox (logger seg på som en FilServer)

 

Lokalt på mitt net

 

XP1,XP2,XP3 ---> linuxbox (påloging som det var en Domene Controller)

 

Be safe lean down stream

Dr_Eamy

[Yamato47]

UiB bruker denne løsningen mot privat-"kunder".

 

http://www.wlan.uib.no/vpn-linux.html

 

Den engelske howtoen er dårlig. Det hele kan gjøres 40 ganger lettere. Les 'man pptp' for riktigere oppsett.

 

Men det aller beste mot vpn er nok FreeBSD med mpd. Mpd for FreeBSD er mye kraftigere enn pptp for linux. Gå for FreeBSD-4.8 og sjekk

 

http://www.uib.no/mailman/public/uib.wlan/...3q2/001317.html

 

for oppsett-filer til mpd. Les hele tråden om du vil. Serveren du kobler deg mot bruker sannsynligvis FreeBSD.

 

For nat-oppsett, sjekk ut FreeBSD-håndboka. Kom tilbake her på forumet med spørsmål hvis du velger denne løsningen.

[Dr_Eamy]

TAkk.... :-)

 

 

Nå har jeg lasta på FreeBSD i 1 time... og lest om det like lenge...

 

Så i mårra instalerer jeg :-)

 

Håper det er mere hjelp og få :-)

 

Blue Skies

Dr_Eamy

[Yamato47]

Ok, her er en howto-som jeg har begynt på. Den er ikke ferdig og kansje full av feil.

 

Last ned mpd-pakka (.tar.gz eller .tgz) til versjon 4 og putt den på en floppy sammen med de tre mpd-filene i uib.wlan-posten.

 

Du må rute inn lokalnettet og fjerne defaultruta før du starter mpd. Linjene under kan legges i /etc/rc.conf:

route add 10.0.0.0/8 <gateway>

route delete default

 

Sett opp nettverkskortet med dhcp under installasjon.

 

Lykke til!

 

 

 

 

How to get online with FreeBSD from Fantoft.

This should work very similarly from any computer connected to UiB's 'privnett'.

 

I assume you already have a fresh untouched FreeBSD installation.

 

If you read this and have not installed FreeBSD before, let me tell you it is far more easier than you get the

impression of from reading the handbook.

just get the mini-cd from any mirror site (ftp.uio.no, for example), and boot up.

Check the handbook at www.freebsd.no or search at groups.google.com if you run into problems.

 

You do not need to change the kernel to get online, GENERIC will do.

 

This HOW-TO should at least cover later 4.X-releases and 5.X-releases.

 

 

Take a DOS-formatted empty floppy and put the following files on it:

mpd-3.13.tgz

mpd.links

mpd.secrets

mpd.conf

rc.local

make.conf

 

You should find those files the same place you found this describtion.

 

 

 

During install, set console and timezone settings. Do not configure or activate any network services or interfaces.

 

When you reboot and see the "login:", enter 'root' and then the root password you set during install.

 

If running 5.X, type this command:

'ls /dev/net'

 

On my machine, this brings up

lo0 rl0 xl0

 

lo0 is called the loopback network device. The other two, rl0 and xl0, represents the two network interface cards (NIC) in the machine.

If your machine only has one NIC, you will only see that one in addition to lo0. Write it down.

 

If your machine has two NICs, you need to find out which one is connected to the UiB network. Type the following command:

'more /var/run/dmesg.boot'

You can now scroll through a list of the different hardware FreeBSD recognise when it boots. In my dmesg.boot the following lines show up:

 

rl0: <RealTek 8139 10/100BaseTX> port 0x6c00-0x6cff mem 0xe2000000-0xe20000ff irq 12 at device 10.0 on pci0

rl0: Realtek 8139B detected. Warning, this may be unstable in autoselect mode

rl0: Ethernet address: 00:50:bf:e7:69:f1

 

xl0: <3Com 3c905-TX Fast Etherlink XL> port 0x6800-0x683f irq 10 at device 9.0 on pci0

xl0: Ethernet address: 00:60:08:92:a5:68

 

From this I can see that that xl0 represent the 3com NIC and rl0 represents the NIC with the realtek chip. If you have two NICs that use the same chip, they will show up as, say, rl0 and rl1. You must then guess which is the one connected to the UiB-net, and try with the other if you guess wrong the first time. If do not find the right device node (lo0, xl0, rl1 and all other things that pop up under /dev/net are called device nodes) for your NIC, the machine will pause for a couple of minutes at bootup when it attempts to set the hostname.

 

You can also browse through the FreeBSD hardware list at http://www.freebsd.no/releases/5.0R/hardware-i386.html

Or, if you installed the kernel sources, type

'more /sys/i386/conf/GENERIC'

browse down to the network card section where you might see your network card type mentioned after a device driver.

 

 

 

Next, you need to change the file rc.conf. One way of doing this, is to type the command

 

'ee /etc/rc.conf'

 

This starts a text editor which lets you edit the file. Insert the following two lines at the bottom of the file:

 

hostname=""

ifconfig_XY0="DHCP"

 

Replace XY with the correct device node or driver name, which you found above. Remember the zero!

Remove all other lines starting with 'hostname' or 'ifconfig'. Press exit and then enter to exit.

 

 

 

 

Insert the floppy you prepared and type the commands:

 

'mount -t msdos /dev/fd0 /mnt'

'cd /mnt'

 

...

 

'ee /usr/local/etc/mpd/mpd.secret'

 

and fill in your username and password. Leave your password within brackets. As usual, esc+enter when you are finised.

 

Then

 

'ee /usr/local/etc/mpd/mpd.conf'

 

and replace 'username' with your username on the three lines that looks like this:

set bundle authname username

 

Do not remove the tabulation!

Press escape and enter when finished.

 

type

'reboot'

 

and wait.