2002$BG/(B12$B7n(B1$BF|(B $B99?7(B

ADSL$B%k!<%?!J(BPPPoE$B!K$N9=C[(B

$B:G6a$O(BADSL$B$d(BB$B%U%l%C%D$H$$$C$?$h$&$JDj3[@)$G$"$j$J$,$i9bB.$J2s@~$,0B2A$G6!5k$5$l$k$h$&$K$J$j!"2HDm$G$b%V%m!<%I%P%s%I$rMF0W$K ADSL$B$d(BB$B%U%l%C%D$G$O!"2s@~$H%^%7%s!J%k!<%?$J$I!K$N4V$K$O(BADSL$B%b%G%`$d(BONU$B!J%*%W%A%+%k!&%M%C%H%o!<%/!&%f%K%C%H!J%a%G%#%"%3%s%P!<%?$H$$$&>l9g$b$"$k!K!K$rCV$-!"$3$3$+$i%^%7%s$^$G$O%$!<%5%M%C%H%1!<%V%k$r;H$C$F!"$3$3$r(BPPPoE$B$H$$$&%W%m%H%3%k$r;H$C$F%W%m%Q%$%@$H$N4V$rDL?.$7$^$9!#!!(B
$B@\B37ABV$H$7$F$O!"%b%G%`$K(BPC$B$rD>IU$1$9$k%1!<%9$H!"%k!<%?$r;H$&%1!<%9$KJ,$1$i$l$^$9!#(B

$B@\B37ABV#1!'!!(BPC$B$rD>@\%b%G%`!J(BONU)$B$K@\B3$9$k!#(B
$B!!!!(B
$B!!!!(BInternet ----- ADSL$B%b%G%`(B/ONU ----(PPPoE)----- PC

$B@\B37ABV#2!'!!%k!<%?$rMxMQ(B

$B!!!!(BInternet ----- ADSL$B%b%G%`(B/ONU ----(PPPoE)----- $B%k!<%?(B ------ PC

$B7ABV#2(B.$B$N$h$&$K%k!<%?$r;H$C$?>l9g$K$O!"%k!<%?0J2<$K(BPC$B$rJ#?tBf@\B3$7$FJ#?t$N(BPC$B$+$i(BADSL$B!J(BB$B%U%l%C%D!K2s@~$rF1;~$KMxMQ$G$-$k$h$&$K$J$j$^$9!#(B

$B8=:_!"%V%m!<%I%P%s%IMQ%k!<%?$H$7$FB?$/$N@=IJ$,Hf3SE*0B2A$KF~-Mh!"$h$j9bB.$J2s@~$K@Z$jBX$($k:]$K$b!"Dc%3%9%H$G%k!<%?$r9=C[$9$k$3$H$,2DG=$G$9!#0J2<$G$O(BLinux$B$r;H$C$?(BADSL$B%k!<%?$N9=C[$K$D$$$F@bL@$7$^$9!#$J$*!":#2s:n@.$9$k%k!<%?$K$O(BLAN$B%+!<%I$,#2Kg;I$5$C$F$*$j!"$=$l$i$N%O!<%I%&%'%"$NG'<1$,$G$-$F$*$j!"#1KgL\(B(eth0$B!K$K4X$7$F$O(BLAN$BB&!JFbB&!K$H$7$F(BIP$B%"%I%l%9$,@_Dj$5$l$F$$$k$b$N$H$7$^$9!#(B

PPPoE(rp-pppoe)$B%b%8%e!<%k$NAH$_9~$_(B

Linux$BMQ$N(BPPPoE$B%b%8%e!<%k$K$O4v$D$+ rp-pppoe$B$O(B http://www.roaringpenguin.com/pppoe/ $B$N%5%$%H$+$i:G?7HG$,F~l9g!"(BRPMS$B7A<0$G%Q%C%1!<%8$r:n@.$9$k$N$,NI$$$G$7$g$&!#(B2002$BG/(B9$B7n(B23$BF|8=:_!":G?7$N(BRPMS$B7A<0$N%U%!%$%k(B rp-pppoe-3.5-1.src.rpm $B$rNc$K0J2<$G$O@bL@$7$^$9!#(B
$BF~

# rpm --rebuild rp-pppoe-3.5-1.src.rpm [Enter]

$B%j%S%k%I$,40N;$9$k$H!"(B/usr/src/redhat/RPMS/i386$B%G%#%l%/%H%j$K(B"rp-pppoe-3.5-1.i386.rpm"$B$H(B"rp-pppoe-gui-3.5-1.i386.rpm"$B$N#2$D$N%Q%C%1!<%8$,:n@.$5$l$kH&$G$9!#$3$l$r0J2<$N$h$&$K%$%s%9%H!<%k$7$^$9!#(B

# rpm -Uvh rp-pppoe-3.5-1.i386.rpm [Enter]

PPPoE$B$N@_Dj(B

RP-PPPoE$B$N%$%s%9%H!<%k$,40N;$7$?$i$3$l$r@_Dj$7$^$9!#!!@_Dj$K$O!V(Badsl-setup$B!W$H$$$&%3%^%s%I$rMxMQ$7$^$9!#(Badsl-setup$B$OBPOC7A<0$G(BADSL$B$N@_Dj%U%!%$%k$r@_Dj$9$k%D!<%k$G5/F0$9$k$H0J2<$N$h$&$J

# adsl-setup [Enter] $B!!!!!!!'!'(B $B!!!!!!!'!'(B >>> Enter your PPPoE user name (default [email protected]) : [email protected] [Enter] ---- [email protected]$B$O%W%m%Q%$%@$+$i;X<($5$l$?(BPPPoE$B@\B3L>(B $B!!!!!!!'!'(B INTERFACE $B!!!!!!!'!'(B >>> Enter the Ethernet interface connected to the ADSL modem For Solaris, this is likely to be something like /dev/hme0. For Linux, it will be ethn, where 'n' is a number. (default eth0): eth1 [Enter] --- PPPoE$B$G@\B3$9$k%$!<%5%M%C%H%$%s%?!<%U%'!<%9(B $B!!!!!!!'!'(B >>> Enter the demand value (default no): [Enter] ---- $B<+F0@ZCG$N;~4V!#DL>o$O(Bno $B!!!!!!!'!'(B >>> Enter the DNS information here: [Enter] --- $B%M!<%`%5!<%P$r;XDj!#(B/etc/resolv.conf$B$G;XDj$7$F$"$k>l9g$O$3$3$G$N;XDj$OITMW(B $B!!!!!!!'!'(B >>> Please enter your PPPoE password: xxxxx [Enter] --- PPPoE$B$N@\B3$N%Q%9%o!<%I(B $B!!!!!!!'!'(B >>> Choose a type of firewall (0-2): 2 [Enter] --- $B%U%!%$%d!<%&%)!<%k$H$7$F@_Dj$9$k$J$i#2!"%U%!%$%d!<%&%)!<%k$N@_Dj$,ITMW$J$i#0!"C1FH$G$3$N%^%7%s$@$1$r(BPPPoE$B$G@\B3$9$k$J$i#1(B$B!%(B ** Summary of what you entered ** $B!!!!!!!'!'(B Ethernet Interface: eth1 User name: $B#x#x#x#x#x([email protected] Activate-on-demand: No DNS: Do not adjust Firewalling: MASQUERADE >>> Accept these settings and adjust configuration files (y/n)? y [Enter] --$B:#$^$G@_Dj$h$1$l$P(By$B!#(B $B!!!!!!!'!'(B #

$B$J$*(Badsl-setup$B$G$N7k2L$,(B/etc/sysconfig/network-scripts/ifcfg-$B$H$$$&%U%!%$%k$K=q$-9~$^$l$?>l9g$K$O(B

# ln -s /etc/sysconfig/network-scripts/ifcfg- /etc/ppp/pppoe.conf [Enter] #

$B$r

/etc/ppp/options$B$N@_Dj(B

/etc/ppp/options$B$K0J2<$N9T$rDI2C$7$^$9!#(B

persist maxfail 0

$B!V(Bpersist$B!W$r;XDj$9$k$3$H$G!"2s@~$N0[>o;~$K@ZCG$5$l$?$H$-$K<+F0E*$K@\B3$r9T$&$h$&$K$J$j$^$9!#(B
$B!V(Bmaxfail 0$B!W$H$9$k$3$H$G@\B3$,@.8y$9$k$^$G2?EY$b%j%H%i%$$r7+$jJV$7$^$9!#(B

IP4-Forward$B$N;XDj(B

/etc/sysctl.conf$B$N0J2<$N5-=R$rJT=8$7$^$9!#(B

$B!!!!!'!'(B # Controls IP packet forwarding net.ipv4.ip_forward = 1 ---- 0$B$+$i#1$KJQ99(B $B!!!!!'!'(B

/etc/sysconfig/network$B$K0J2<$N5-=R$rDI2C$7$^$9!#(B

$B!!!!!!!'!'(B GATEWAY= GATEWAYDEV= FORWARD_IPV4=yes $B!!!!!!!'!'(B

/etc/rc.d/init.d/adsl$B:n@.(B

$B5/F0MQ%9%/%j%W%H$r:n@.$7$^$9!#$J$*!"(BRPM$B$d(BSRPM$B$+$i%Q%C%1!<%8$r:n@.$7$?>l9g$K$O5/F0%9%/%j%W%H$O<+F0E*$K:n@.$5$l$F$$$^$9!#(B

#!/bin/sh # # adsl This script starts or stops an ADSL connection # # chkconfig: 2345 99 01 # description: Connects to ADSL provider # # LIC: GPL # # Copyright (C) 2000 Roaring Penguin Software Inc. This software may # be distributed under the terms of the GNU General Public License, version # 2 or any later version. # Source function library if it exists test -r /etc/rc.d/init.d/functions && . /etc/rc.d/init.d/functions # From AUTOCONF prefix=/usr exec_prefix=${prefix} # Paths to programs START=${exec_prefix}/sbin/adsl-start STOP=${exec_prefix}/sbin/adsl-stop STATUS=${exec_prefix}/sbin/adsl-status case "$1" in start) echo -n "Bringing up ADSL link" $START if [ $? = 0 ] ; then touch /var/lock/subsys/adsl echo_success else echo_failure fi echo "" ;; stop) echo -n "Shutting down ADSL link" $STOP > /dev/null 2>&1 if [ $? = 0 ] ; then rm -f /var/lock/subsys/adsl echo_success else echo_failure fi echo "" ;; restart) $0 stop $0 start ;; status) status) $STATUS ;; *) echo "Usage: adsl {start|stop|restart|status}" exit 1 ;; esac exit $RETVAL

$B5/F0%9%/%j%W%H$r:n@.$7$?$i!"0J2<$N%3%^%s%I$G5/F0;~$K$3$N%9%/%j%W%H$,

# chkconfig --add adsl [Enter] #

$B%U%!%$%d!<%&%)!<%k$N@_Dj(B

$B%U%!%$%d!<%&%)!<%k!J(Biptables$B!K$r4pK\E*$JFbMF$G@_Dj$7$^$9!#>0!"0J2<$N@_Dj$G(BWAN$BB&$O(Bppp0$B!"(BLAN$BB&$r(Beth1$B$H$7$F@bL@$7$^$9!#3F%$%s%?!<%U%'!<%9$,$I$N$h$&$K$J$C$F$$$k$+$O!"!V(Bifconfig$B!W$r $B$^$?$3$N:]!"30It$+$iMxMQ$G$-$k%5!<%S%9$H$7$F(BDNS($B%]!<%H#5#3!K$H(Bssh$B!J%]!<%H#2#2!K$@$1$H$7$^$9!#(B

# iptables -F # iptables -t nat -F # iptables -X # iptables -Z # iptables -P INPUT DROP # iptables -P OUTPUT ACCEPT # iptables -P FORWARD ACCEPT # iptables -P INPUT -j LOG --log-prefix "Bad Packet: " # iptables -A POSTROUTING -t nat -o ppp0 -j MASQUERADE # iptables -A INPUT -i eth1 -j ACCEPT # iptables -A INPUT -i lo -j ACCEPT # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A INPUT -i ppp0 -p TCP --dport 53 -j ACCEPT # iptables -A INPUT -i ppp0 -p UDP --dport 53 -j ACCEPT # iptables -A INPUT -i ppp0 -p TCP --sport 53 -j ACCEPT # iptables -A INPUT -i ppp0 -p UDP --sport 53 -j ACCEPT # iptables -A INPUT -i ppp0 -p TCP --dport 22 -j ACCEPT # iptables -A OUTPUT -o ppp0 -p UDP --dport 135:139 -j DROP # iptables -A OUTPUT -o ppp0 -p TCP --dport 135:139 -j DROP # iptables -A OUTPUT -o ppp0 -p UDP --dport 445 -j DROP # iptables -A OUTPUT -o ppp0 -p TCP --dport 445 -j DROP #

$B:n@.$7$?%k!<%k$r5/F0;~$K<+F0l9g!K(B

# iptables-save > /etc/sysconfig/iptables [Enter] #

$B$^$?!"(BADSL$B$N@\B3;~$K$O(B/etc/ppp/firewall-masq$B!J(Badsl-setup$B$G(BFirewall$B$r;H$&@_Dj$K$7$?>l9g!K%U%!%$%k$,

#!/bin/sh iptables -F iptables -t nat -F iptables -X iptables -Z iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P INPUT -j LOG --log-prefix "Bad Packet: " iptables -A POSTROUTING -t nat -o ppp0 -j MASQUERADE iptables -A INPUT -i eth1 -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i ppp0 -p TCP --dport 53 -j ACCEPT iptables -A INPUT -i ppp0 -p UDP --dport 53 -j ACCEPT iptables -A INPUT -i ppp0 -p TCP --sport 53 -j ACCEPT iptables -A INPUT -i ppp0 -p UDP --sport 53 -j ACCEPT iptables -A INPUT -i ppp0 -p TCP --dport 22 -j ACCEPT iptables -A OUTPUT -o ppp0 -p UDP --dport 135:139 -j DROP iptables -A OUTPUT -o ppp0 -p TCP --dport 135:139 -j DROP iptables -A OUTPUT -o ppp0 -p UDP --dport 445 -j DROP iptables -A OUTPUT -o ppp0 -p TCP --dport 445 -j DROP

$B0J>e$G(BADSL$B$d(BB$B%U%l%C%D$r;H$C$?%k!<%?$,40@.$G$9!#%Q%1%C%H%U%#%k%?$K4X$7$F$OMxMQ4D6-$K9g$o$;$F@_Dj$r9T$C$F$/$@$5$$!#(B

ADSL$B%k!<%?$N9bB.2=!J

$B@h$N@_Dj$G(BADSL$B%k!<%?$H$7$F$NF0:n$,$G$-$k$h$&$K$J$j$^$7$?$,!":#2sMxMQ$7$?(BPPPoE$B%=%U%H$G$"$k(BRE-PPPoE$B$O!"%=%U%H$,(BLinux$B$N%f!<%6%b!<%I$GF0:n$9$k$N$G@-G=$O$=$l$[$I9bB.$G$O$"$j$^$;$s!#!!$7$+$7!"$3$l$r%+!<%M%k%b!<%I$GF0:n$5$;$k$h$&$K$9$k$3$H$G99$K9bB.$J#x(BDLS$B%k!<%?$X$9$k$3$H$,2DG=$G$9!#(B

PPPoE$B$r%+!<%M%k%b!<%I$GF0:n$5$;$k$K$O!"(BLinux2.4$B0J>e$N%+!<%M%k$,I,MW$G$9!#!!$7$+$b8=>u$G$O$3$N5!G=$OI>2AHG$H$7$F$N$`>l9g$K$O$3$N5!G=$r;H$o$J$$J}$,NI$$$G$7$g$&!#(B($B

$B$^$:%+!<%M%k$r:F%3%s%Q%$%k$7$^$9!#!!%3%s%Q%$%k$K$"$?$j%+!<%M%k$N%Q%i%a!<%?$r

[Network device support]$B%;%/%7%g%s(B <M> PPP (point-to-point protocol) support <M> PPP support for async serial ports <M> PPP support for sync tty ports <M> PPP Defalt compression <M> PPP over Ethernet (EXPERIMENTAL) [Character devices] $B%;%/%7%g%s(B [*] Non-standard serial port support <M> HDLC line discipline support [*] Unix98 PTY support

$B%Q%i%a!<%?$N@_DjJ}K!$d%+!<%M%k$N%3%s%Q%$%k@_Dj$7$^$;$s$,!"%$%s%?!<%M%C%H$GD4$Y$l$PD>$0$KJ}K!$OH=$k$H;W$$$^$9!#0J>e$N%Q%i%a!<%?$r@_Dj$7$F%+!<%M%k$N%3%s%Q%$%k$,L5;v=*$o$C$?$J$i

$B$^$:(Bppp$BMQ$N%G%P%$%9%U%!%$%k$r:n@.$7$^$9!#(B

# mknod --mode=644 /dev/ppp c 108 0 [Enter]

$B

# cd /usr/src [Enter] # cvs -d :pserver:[email protected]:/cvsroot login [Enter] (Loging in to [email protected]) CVS password: cvs [Enter] # cvs -z5 -d :pserver:[email protected]:/cvsroot co ppp [Enter] #

$B0J>e$G(BPPP$B$N:G?7%Q%C%1!<%8$,(B/usr/src/ppp$B$K=PMh>e$,$C$F$$$k$N$G!"(B

# cd /usr/src/ppp [Enter] # ./configure [Enter] :: # make [Enter] :: # make install [Enter] :: #

$Bhttp://www.roaringpenguin.com/pppoe/$B$+$iF~

# tar zxvf rp-pppoe-x.x.tar.zg [Enter] # cd rp-pppoe-x.x [Enter] # ./configure --enable-plugin=/usr/src/ppp [Enter] # make [Enter] # make install [Enter] #

$B$3$l$G(BRP-PPPoE$B$N%W%i%0%$%s%b%8%e!<%k$,(B/etc/ppp/plugin$B%G%#%l%/%H%j$KJ]B8$5$l$k!#!!$"$H$O!"(B/etc/ppp/pppoe.conf$B$K0J2<$N9T$rDI2C$9$k!#(B

LINUX_PLUGIN=/etc/ppp/plugins/rp-pppoe.so

$B$"$H$ODL>oDL$j5/F0$9$l$P%+!<%M%k%b!<%I$G5/F0$G$-$^$9!#(B

$B4XO"%j%s%/(B

http://www.linux.or.jp/JM/html/rp-pppoe/man5/pppoe.conf.5.html

http://www.roaringpenguin.com/pppoe/