The iptables settings will be stored in the /etc/iptables.conf fileecho "1"> / proc / sys / net / ipv4 / ip_dynaddr echo "1"> / proc / sys / net / ipv4 / ip_forward iptables-restore /etc/iptables.conf
To apply all these parameters, you can run the /etc/rc.local script and give the commandsip_conntrack ip_gre ip_nat_pptp ip_conntrack_ftp ip_nat_ftp
After that, to raise the NAT is enough to register the commandmodprobe ip_conntrack modprobe ip_gre modprobe ip_nat_pptp modprobe ip_conntrack_ftp modprobe ip_nat_ftp
Interface eth1 - looking to LANiptables -t nat -A POSTROUTING -o! eth1 -j MASQUERADE
Configuring VPN (pptp) client for server access to the Internet.iptables-save> /etc/iptables.conf
if there is no possibility of automatic installation, then you need to download the package to the folder and start the installation manually.apt-get install pptp-linux
Now let's start setting up the VPN, for this we go to the / etc / ppp / peers folder and create a file for example aist theredpkg -i pptp-linux_1.7.0-2ubuntu2_i386.deb
and we are already writing in itvim / etc / ppp / peers / aist
Now, before raising the VPN, it is necessary to prescribe the routing for the provider's internal network, since through VPN there is no access to it.mtu 1400 mru 1500 persist maxfail 0 lcp-echo-interval 60 lcp-echo-failure 4 pty "pptp address of the provider's vpn server --nolaunchpppd" name login password password remotename PPTP require-mppe-128 defaultroute replacedefaultroute
To check, you can use the commandauto lo eth1 eth0 iface lo inet loopback iface eth1 inet static address 192.168.110.1 netmask 255.255.255.0 iface eth0 inet dhcp up route add-net 172.16.0.0 netmask 255.240.0.0 dev eth0 up route add -net 10.0.0.0 netmask 255.0.0.0 dev eth0 up route add -net 192.168.0.0 netmask 255.255.255.0 dev eth0 up pon aist pre-down poff aist
after that, all interfaces will be restarted. VPN will connect automatically./etc/init.d/networking restart
Editing / etc / freeradius / users leaving only the following linesapt-get install freeradius
The rest is commented out or deleted.DEFAULT Auth-Type = Accept Exec-Program-Wait = "/usr/abills/libexec/rauth.pl"
Edit /etc/freeradius/clients.conf, comment everything, add to the endDEFAULT Acct-Status-Type == Start Exec-Program = "/usr/abills/libexec/racct.pl" DEFAULT Acct-Status-Type == Alive Exec-Program = "/usr/abills/libexec/racct.pl" DEFAULT Acct-Status-Type == Stop Exec-Program = "/usr/abills/libexec/racct.pl"
And also I don `t know why, but when I set up I had such a glitch and I had to add this line with the address to eth0client localhost { secret = radsecret shortname = shortname }
In /etc/freeradius/radiusd.conf, we comment on the mschap and eap lines in the authorize sectionclient 172.16.102.72 { secret = radsecret shortname = shortname }
Moving on to editing the / etc / freeradius / dictionary file is added to the end.authorize { preprocess #chap #counter #attr_filter #eap suffix files #etc_smbpasswd #sql #mschap }
After this restart the radius# Limit session traffic ATTRIBUTE Session-Octets-Limit 227 integer # What to assume as limit - 0 in + out, 1 in, 2 out, 3 max (in, out) ATTRIBUTE Octets-Direction 228 integer # Connection Speed ​​Limit ATTRIBUTE PPPD-Upstream-Speed-Limit 230 integer ATTRIBUTE PPPD-Downstream-Speed-Limit 231 integer ATTRIBUTE PPPD-Upstream-Speed-Limit-1 232 integer ATTRIBUTE PPPD-Downstream-Speed-Limit-1 233 integer ATTRIBUTE PPPD-Upstream-Speed-Limit-2 234 integer ATTRIBUTE PPPD-Downstream-Speed-Limit-2 235 integer ATTRIBUTE PPPD-Upstream-Speed-Limit-3 236 integer ATTRIBUTE PPPD-Downstream-Speed-Limit-3 237 integer ATTRIBUTE Acct-Interim-Interval 85 integer
Edit the /etc/radiusclient/radiusclient.conf file:apt-get install radiusclient1
Editing / etc / radiusclient / serversauthserver 127.0.0.1 acctserver 127.0.0.1
Add to / etc / radiusclient / dictionary127.0.0.1 radsecret
Download the billing system AbillS unpack itATTRIBUTE Acct-Interim-Interval 85 integer ATTRIBUTE Session-Octets-Limit 227 integer ATTRIBUTE Octets-Direction 228 integer ATTRIBUTE PPPD-Upstream-Speed-Limit 230 integer ATTRIBUTE PPPD-Downstream-Speed-Limit 231 integer ATTRIBUTE PPPD-Upstream-Speed-Limit-1 232 integer ATTRIBUTE PPPD-Downstream-Speed-Limit-1 233 integer ATTRIBUTE PPPD-Upstream-Speed-Limit-2 234 integer ATTRIBUTE PPPD-Downstream-Speed-Limit-2 235 integer ATTRIBUTE PPPD-Upstream-Speed-Limit-3 236 integer ATTRIBUTE PPPD-Downstream-Speed-Limit-3 237 integer
Transfer it to the / usr / abills foldertar -xf abills-0.37.tgz
MySQL setupmv abills / usr /
Next, you need to create a database for AbillSapt-get install mysql-server
Now the dump of the database from the directory with abills must be entered into the databasemysql -u root -p CREATE DATABASE abills;
mysql -u root -p abills <abills.sql
apt-get install apache2
ln -s /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled/rewrite.load
<VirtualHost *> DocumentRoot / usr / abills / cgi-bin / Alias ​​/ abills "/ usr / abills / cgi-bin /" <Directory "/ usr / abills / cgi-bin"> <IfModule mod_rewrite.c> RewriteEngine on RewriteCond% {HTTP: Authorization} ^ (. *) RewriteRule ^ (. *) - [E = HTTP_CGI_AUTHORIZATION:% 1] Options Indexes ExecCGI SymLinksIfOwnerMatch </ IfModule> AddHandler cgi-script .cgi Options Indexes ExecCGI FollowSymLinks AllowOverride none DirectoryIndex index.cgi #Options ExecCGI <Files ~ "\. (Db | log) $"> Order allow, deny Deny from all </ Files> </ Directory> #Admin interface <Directory "/ usr / abills / cgi-bin / admin"> AddHandler cgi-script .cgi Options Indexes ExecCGI FollowSymLinks AllowOverride none DirectoryIndex index.cgi order deny, allow allow from all </ Directory> </ Virtualhost>
Restart apacheapt-get install libdbi-perl libdbd-mysql-perl libdigest-md4-perl libdigest-sha1-perl libcrypt-des-perl
Next, edit / etc / sudoers add the line$ conf {MAX_SESSION_TRAFFIC} = 2047; $ conf {periodic_check} = 'yes'; $ conf {ERROR_ALIVE_COUNT} = 10;
In / etc / crontab we bringwww-data ALL = NOPASSWD: / usr / abills / misc / pppd_kill
Set read and write permissions by webserver for web interface files* / 5 * * * * root / usr / abills / libexec / billd -all 1 0 * * * root / usr / abills / libexec / periodic daily 1 0 1 * * root / usr / abills / libexec / periodic monthly
Create the missing directories:chown -Rf www-data / usr / abills / cgi-bin
mkdir / usr / abills / backup chown www-data / usr / abills / backup
2.9 Installing pptpd$ SNMPWALK = '/ usr / bin / snmpwalk'; $ Gzip = '/ bin / gzip'; $ MYSQLDUMP = '/ usr / bin / mysqldump';
apt-get install pptpd
+ chap
# require-mppe-128 # require-mschap-v2 plugin radius.so plugin radattr.so debug ms-dns 192.168.160.1
ppp / usr / sbin / pppd option / etc / ppp / pptpd-options debug localip 192.168.160.1
if [-f /var/run/radattr.$1] then DOWNSPEED = `/ usr / bin / awk '/ PPPD-Downstream-Speed-Limit / {print $ 2}' / var / run / radattr. $ 1` UPSPEED = `/ usr / bin / awk '/ PPPD-Upstream-Speed-Limit / {print $ 2}' / var / run / radattr. $ 1` FILTERS = `/ usr / bin / awk '/ Filter-Id / {print $ 2}' / var / run / radattr. $ 1` #echo $ DOWNSPEED #echo $ UPSPEED #echo $ FILTERS / sbin / tc qdisc del dev $ 1 root> / dev / null / sbin / tc qdisc del dev $ 1 ingress> / dev / null ##### speed server-> client if ["$ UPSPEED"! = "0"]; then / sbin / tc qdisc add dev $ 1 root handle 1: htb default 20 r2q 1 / sbin / tc class add dev $ 1 parent 1: classid 1: 1 htb rate $ {UPSPEED} kbit burst 4k / sbin / tc class add dev $ 1 parent 1: 1 classid 1:10 htb rate $ {UPSPEED} kbit burst 4k prio 1 / sbin / tc class add dev $ 1 parent 1: 1 classid 1:20 htb rate $ {UPSPEED} kbit burst 4k prio 2 / sbin / tc qdisc add dev $ 1 parent 1:10 handle 10: sfq perturb 10 quantum 1500 / sbin / tc qdisc add dev $ 1 parent 1:20 handle 20: sfq perturb 10 quantum 1500 / sbin / tc filter add dev $ 1 parent 1: 0 protocol ip prio 10 u32 match ip tos 0x10 0xff flowid 1:10 / sbin / tc filter add dev $ 1 parent 1: 0 protocol ip prio 10 u32 match ip protocol 1 0xff flowid 1:10 / sbin / tc filter add dev $ 1 parent 1: protocol ip prio 10 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u160x0000 0xffc0 at 2 match u8 0x10 0xff at 33 flowid 1:10 fi ##### speed client-> server if ["$ DOWNSPEED"! = "0"]; then / sbin / tc qdisc add dev $ 1 handle ffff: ingress / sbin / tc filter add dev $ 1 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate $ {DOWNSPEED} kbit burst 12k drop flowid: 1 fi fi
Source: https://habr.com/ru/post/23650/
All Articles