2008年9月26日 星期五

張老師缺經費佈建網路電話服務平台 需要協助

各位朋友,如果能支援張老師布建網路電話服務平台,讓省下來的通訊費用能多幫助一個失意的人,或是迷途的羔羊,勝造七級浮屠.......對吧?

意者可洽訊動科技陳昭吟經理(訊動科技VoSKY: 02-27090000 ext.310)或逕洽張老師基金會(聯絡方式在轉貼文後)


e化故事-非營利機構開源不易 張老師基金會以網路電話節流 (電子時報)
--------------------------------------------------------------------------------
張弘達/台北 2008/09/25
 
前言:張老師基金會並非營利單位,因此沒有強力的資金來源,所有經費都要自行募款而來,在難以開源的情況下,節流成為必要工作。明知利用網路電話可以節省電話費,然而面對排斥使用電腦的同仁,究竟該如何是好?
張老師基金會成立的目的,是為了服務需要心理諮商及心理輔導的民眾,由於並非營利事業單位,因此可運用的經費相當有限,目前台北分會共有16位支薪員工,每年光是人事費用就高達新台幣數百萬元,既然開源不易,節流便成了必要的觀念。
台北張老師總幹事王信東指出,成立張老師基金會本來就不是以賺錢為目的,所以開源很困難,必須想想如何節省不必要的開銷。目前張老師基金會大部分的諮商都是透過電話,每個月要繳交上萬元的電話費,如果能先從這個部分著手,應該會有不錯的節流效果。
王信東表示,他也是聽朋友說才知道可以透過網路打電話,還能多方對談,於是才好奇的找了台電腦安裝Skype,使用後覺得效果相當不錯,於是想推廣給台北分會的其他同事,不過,推廣初期卻遇上了不少困難。許多同仁排斥使用電腦,更不用說上網了,還好透過電腦撥打電話的步驟不算太麻煩,經過一番努力及以身作則後,總算皇天不負苦心人,漸漸的,台北分會的同事們都去申請了自己的Skype帳號,現在,除非有特殊情形,否則基金會中的同仁都儘量以網路電話取代傳統電話,如今藉由Skype,基金會每個月的電話費明顯少了很多。

想用傳統話機講網路電話 卻受限於經費不足

Skype網路電話雖然可以節費,不過王信東說,每次都得開電腦和拿著耳機、麥克風,平常不忙時還好,一旦遇到緊急狀況就很不方便。使用Skype打節費電話非得通話雙方都在電腦前,這對張老師及需要諮商輔導者來說,十分不方便,以致許多同事又改回傳統的通話方式。後來,王信東與訊動科技協理陳中和、經理陳昭吟詳談後才知道,原來傳統話機也可以直接撥打網路電話。
陳昭吟表示,該公司所推出的網路話機,無須開啟電腦就能撥打網路電話,完全不需要改變以往講電話的習慣。得知這項產品後,王信東雖然心中感到十分雀躍,不過高興的心情沒有持續很久,因為張老師基金會並無添購相關設備的多餘經費。
知道基金會的難處之後,陳中和與陳昭吟便發起募款活動,以私人名義捐贈電腦主機及VoSKY Exchange 9000給張老師基金會,順利解決了硬體設備方面的問題,現在,基金會的老師們不必透過電腦,也能講網路節費電話,並且可以4線自動切換的方式選擇網路電話,亦即搭配Skype儲值點數,自動切換餘額較多的帳號。

網路電話好處多

現在張老師基金會台北分會的同仁都已習慣使用網路電話,王信東表示,使用網路電話的好處不少,包括:
‧方便-拿起話機就能撥打網路電話,無須開啟電腦,當然更不必使用耳機和麥克風,同事們使用電話的習慣不變;至於繳費方面,只要固定儲值Skype點數即可。
‧節費-目前台北張老師基金會購買3線Skype「台灣通」及1線「亞洲通」帳號,總加起來,平均1個月電話費不到新台幣1萬元,比起早期15線傳統電話費,每個月至少要1.5萬元,確實省下不少支出。
如此便利的網路電話,一定會影響傳統的電信市場,不過,這也為使用者提供了更多的選擇。

讓打電話進來的人也能節費

張老師基金會的服務型態,主要可分為「心理輔導」與「諮商輔導」,幾乎都是透過電話溝通,雖然現在撥打出去的電話可透過網路電話節費,不過,諮詢或接受輔導者卻無法享有同樣的好處,因此,張老師基金會台北分會特別在網頁上新增Skype 0800的連結,讓人們可以直接點選網頁上的按鈕,免費打電話進來諮詢。
網路電話雖方便,不過目前卻存在不易追蹤的問題,因此不適用於緊急狀況。舉例來說,有些需要諮商輔導者的問題較特殊,甚至正處於心情極度低落、想自殺的狀態,若使用傳統電話,便可立即找到發話區域,及時通知救護人員;如果是以網路電話打進來,則有難以追蹤控管的狀況。有鑒於此,現在緊急電話仍使用傳統電話,至於一般性的電話,則採取網路節費電話。
成功將網路電話導入張老師基金會台北分會後,陳昭吟目前正與王信東討論,如何將此模式推廣至全省張老師基金會,相信藉此所省下來的電話費一定相當可觀。初期規劃先從台中、高雄開始,再推廣至全省張老師基金會,不過,經分析網路架構及所需採購的設備後,老問題還是在經費上,畢竟,財團法人必須透過募款才有經費。對此王信東表示,希望未來能有更多熱心人士發揮愛心,幫助張老師基金會,並為這個社會盡一點心力。














































圖說:得知基金會的難處之後,訊動科技協理陳中和、經理陳昭吟發起募款活動,以私人名義捐贈電腦主機及VoSKY Exchange 9000給張老師基金會,順利解決其硬體設備方面的問題。(張弘達攝)

2008年9月25日 星期四

How-to: 改變Asterisk的Log檔位置

1. How to change the directory of log file of asterisk?

--> change asterisk.conf:

[directories]
astetcdir => /etc/asterisk
astspooldir => /var/spool/asterisk
astvarlibdir => /var/lib/asterisk
astdatadir => /var/lib/asterisk
astlogdir => /var/log/asterisk ; the directory of Asterisk log files, just assign it to the directory we want
astagidir => /var/lib/asterisk/agi-bin
astrundir => /var/run
astmoddir => /usr/lib/asterisk/modules

2. If you want to change the name of log file:

--> change logger.conf:

[logfiles] section

debug => debug
console => notice,warning,error
messages => notice,warning,error
;At present the name of log file is messages. if we want to replace the filesname, just remove this line and replace with a line with different filename, the format is: filename => [log levels] . legal log levels includes: notice, warning, error, debug, verbose .
full => notice,warning,error,verbose
syslog.local0 => notice,warning,error



















LevelDescription
verboseGeneral 'chatter' about what is
happening on the system.
Verbosity levels greater than 3
display dialplan commands as
they are executed. This generates lots of log information
debugDebug messages, normally only
used by programmers to extract
extended information
noticeNon urgent alert messages
warningWarning alert messages,
something happened that might
be bad. Some tell you how badthe warning is
errorError messages, something bad
happened – These should be rare.


3. If you want to rotate the log:

You can rotate logs by running "logger rotate" on the CLI.
You can do this from cron by putting the following in a cron job:
/usr/sbin/asterisk -r -x 'logger rotate'


References:
1. The Little Asterisk Handbook
http://www.automated.it/asterisk/lah-3-6-05_5.html

2008年9月23日 星期二

Launch Skype 2.0 on Ubuntu by using pipelogin

Skype 2.0 supports pipelogin, that you can login with a simple command
echo username password | skype --pipelogin

Our goal is to know how much time it takes to launch many Skypes(say 30 for example)
In order to do so , write a script.
1.Open a new file
sudo gedit LaunchSkype

2.write script to automatically launch 30 skypes
#!/bin/sh
echo username1 password1 | skype --pipelogin &
echo username2 password2 | skype --pipelogin &
echo username3 password3 | skype --pipelogin &
          .
          .
          .
echo username28 password28 | skype --pipelogin &
echo username29 password29 | skype --pipelogin &
echo username30 password30 | skype --pipelogin &


3. Save the file

4. Change mode to let it executable
sudo chmod 777 LaunchSkype

5. Execute it
sudo ./LaunchSkype

I test it on Ubuntu 8.04, it take less than one minute to login 30 Skypes

2008年9月19日 星期五

Asterisk 1.6 Installation with libss7

1. Obtaining Linux Source Code
apt-get update
apt-get upgrade
apt-get install gcc
apt-get install g++
apt-get install gcc-c++
apt-get install linux-kernel-dev
apt-get install cvs
apt-get install libssl-dev
apt-get install zlib1g-dev
apt-get install libnewt-dev
apt-get install bison
apt-get install bison-dev
apt-get install openssl
apt-get install openssl-dev
apt-get install gnutls-dev
apt-get install ncurses
apt-get install ncurses-dev
apt-get install zlib
apt-get install zlib-dev
apt-get install libssl-dev
apt-get install initrd-tools
apt-get install procps
apt-get install unixDOBC-dev
apt-get install libtool
apt-get install subversion
apt-get install libncurses5-dev


2. Obtaining Asterisk Source Code
cd /usr/src/
wget http://downloads.digium.com/pub/asterisk/asterisk-1.6-current.tar.gz
wget http://downloads.digium.com/pub/libpri/libpri-1.4-current.tar.gz
wget http://downloads.digium.com/pub/zaptel/zaptel-1.4-current.tar.gz
wget http://downloads.digium.com/pub/telephony/libss7/libss7-1.0-current.tar.gz

3. Extracting the Source Code
cd /usr/src/
tar zxvf zaptel-1.4-current.tar.gz
tar zxvf libpri-1.4-current.tar.gz
tar zxvf asterisk-1.6-current.tar.gz
tar zxvf libss7-1.0-current.tar.gz

4. The Zapata Telephony Drivers
cd /usr/src/zaptel-version
make clean
./configure
make menuselect
make
make install
make config

5. Compiling libpri
cd /usr/src/libpri-version
make clean
make
make install

6.Compiling libss7
cd /usr/src/libss7-version
make clean
make
make install

7. Compiling Asterisk
cd /usr/src/asterisk-version
make clean
./configure
make menuselect
make
make install
make samples
make config


8. Asterisk auto-run
gedit /etc/asterisk/asterisk.conf
astrundir= /var/run/asterisk

9. manager.conf
[admin]secret=admin123
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.0
read = system,call,log,verbose,command,agent,user
write = system,call,log,verbose,command,agent,user

Telnet local-host 5038
Asterisk Call Manager/1.0
Enter below
action: login
username: evanwu
secret: testing123

兩個小技巧

第一個技巧: 在登入畫面上隱藏新建的XP用戶

使用regedit打開登錄資料庫,到 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\UserList 機碼目錄下,添加名為 <%username> 的DWORD值,預設為0 -->代表隱藏;設為1或刪除則代表顯示。

該目錄下放著的DWORD值都是各個用戶名稱。使用本技巧時要小心一點。


第二個技巧: 使用Green Skype

1. 選定一個目錄來啟用Skype,e.g. D:\Mydoc\Skype
2. 從已經安裝好Skype的PC上,把\Skype\phone\skype.exe 檔複製出來,放到前面這個目錄裏去
3. 在這個目錄裡新建一個子目錄"Data"
4. 在這個目錄建一個啟動Skype的Script (可以先用.bat來試試), 裡面加一行: skype.exe /nosplash /datapath:"Data" /removable

其中:
/nosplash:Don't display the start-up screen
/datapath: : specify where Skype keeps its data and temporary files.
/removable: 表示要求Skype 以可攜模式執行

2008年9月10日 星期三

How to build a pptp VPN connection




PC1:VPN server(Ubuntu 7.10)
eth0: publicIP(61.220.51.26)
eth1: DHCP server(192.168.4.254)
DHCP range: 100-200

PC2:VPN client(WindowsXP sp2)
under NAT(59.124.68.73)
local IP:192.168.1.4

PC3:DHCP client(WindowsXP sp2)
IP:192.168.4.199

Target

Establish a VPN connection between PC1 and PC2,so that PC2 can access PC3's share folders

Notice:Assume that PC1's eth0 can access internet, and PC3 can also access internet though PC1's eth0.

Steps

1.install pptp
sudo apt-get install pptpd

2.There are three files needed to be configured
/etc/pptpd.conf
/etc/ppp/pptpd-options
/etc/ppp/chap-secretsv

3.Modify /etc/pptpd.conf
sudo gedit /etc/pptpd.conf

###############################################################################
# $Id: pptpd.conf 4255 2004-10-03 18:44:00Z rene $
#
# Sample Poptop configuration file /etc/pptpd.conf
#
# Changes are effective when pptpd is restarted.
###############################################################################

# TAG: ppp
# Path to the pppd program, default '/usr/sbin/pppd' on Linux
#
#ppp /usr/sbin/pppd

# TAG: option
# Specifies the location of the PPP options file.
# By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/pptpd-options

# TAG: debug
# Turns on (more) debugging to syslog
#
#debug

# TAG: stimeout
# Specifies timeout (in seconds) on starting ctrl connection
#
# stimeout 10

# TAG: noipparam
# Suppress the passing of the client's IP address to PPP, which is
# done by default otherwise.
#
#noipparam

# TAG: logwtmp
# Use wtmp(5) to record client connections and disconnections.
#
logwtmp

# TAG: bcrelay
# Turns on broadcast relay to clients from interface
#
#bcrelay eth1

# TAG: localip
# TAG: remoteip
# Specifies the local and remote IP address ranges.
#
# Any addresses work as long as the local machine takes care of the
# routing. But if you want to use MS-Windows networking, you should
# use IP addresses out of the LAN address space and use the proxyarp
# option in the pppd options file, or run bcrelay.
#
# You can specify single IP addresses seperated by commas or you can
# specify ranges, or both. For example:
#
# 192.168.0.234,192.168.0.245-249,192.168.0.254
#
# IMPORTANT RESTRICTIONS:
#
# 1. No spaces are permitted between commas or within addresses.
#
# 2. If you give more IP addresses than MAX_CONNECTIONS, it will
# start at the beginning of the list and go until it gets
# MAX_CONNECTIONS IPs. Others will be ignored.
#
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238 if you mean this.
#
# 4. If you give a single localIP, that's ok - all local IPs will
# be set to the given one. You MUST still give at least one remote
# IP for each simultaneous client.
#
# (Recommended)
localip 192.168.4.201 #this is the local ip when you establish a connection
remoteip 192.168.4.202-210 #this are ips will asign to VPN clients
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245

4.Modify /etc/ppp/pptpd-options
sudo gedit /etc/ppp/pptpd-options

###############################################################################
# $Id: pptpd-options 4255 2004-10-03 18:44:00Z rene $
#
# Sample Poptop PPP options file /etc/ppp/pptpd-options
# Options used by PPP when a connection arrives from a client.
# This file is pointed to by /etc/pptpd.conf option keyword.
# Changes are effective on the next connection. See "man pppd".
#
# You are expected to change this file to suit your system. As
# packaged, it requires PPP 2.4.2 and the kernel MPPE module.
###############################################################################


# Authentication

# (must match the second field in /etc/ppp/chap-secrets entries)
name pptpd

# Optional: domain name to use for authentication
# domain mydomain.net

# Strip the domain prefix from the username before authentication.
# (applies if you use pppd with chapms-strip-domain patch)
#chapms-strip-domain


# Encryption
# Debian: on systems with a kernel built with the package
# kernel-patch-mppe >= 2.4.2 and using ppp >= 2.4.2, ...
# {{{
#refuse-pap
#refuse-chap
#refuse-mschap
require-chap
require-mschap

# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
require-mschap-v2
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
#require-mppe-128
# }}}

# Network and Routing

# If pppd is acting as a server for Microsoft Windows clients, this
# option allows pppd to supply one or two DNS (Domain Name Server)
# addresses to the clients. The first instance of this option
# specifies the primary DNS address; the second instance (if given)
# specifies the secondary DNS address.
ms-dns 168.95.1.1
#ms-dns 166.111.8.29

# If pppd is acting as a server for Microsoft Windows or "Samba"
# clients, this option allows pppd to supply one or two WINS (Windows
# Internet Name Services) server addresses to the clients. The first
# instance of this option specifies the primary WINS address; the
# second instance (if given) specifies the secondary WINS address.
#ms-wins 10.0.0.3
#ms-wins 10.0.0.4

# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system. This will have the effect of making the peer appear to other
# systems to be on the local ethernet.
# (you do not need this if your PPTP server is responsible for routing
# packets to the clients -- James Cameron)
proxyarp

# Debian: do not replace the default route
nodefaultroute


# Logging

# Enable connection debugging facilities.
# (see your syslog configuration for where pppd sends to)
debug

# Print out all the option values which have been set.
# (often requested by mailing list to verify options)
#dump


# Miscellaneous

# Create a UUCP-style lock file for the pseudo-tty to ensure exclusive
# access.
lock

# Disable BSD-Compress compression
nobsdcomp

5.Modify /etc/ppp/chap-secrets
sudo gedit /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
sarosa pptpd 1234 192.168.4.201
vosky pptpd vosky *
#this means VPN server will assign a IP to VPN clients within the remote IP setting in pptpd.conf

6. Restart pptp to let it work
sudo /etc/init.d/pptpd restart

At this point the setting of pptp is complete, but you may not be able to establish connection. Still need to modify iptables to allow VPN connections

7. Modify iptables
add the following rules to your iptables
iptables -t nat -A POSTROUTING -s 192.168.4.0/24 -o eth0 -j SNAT --to 61.220.51.26
iptables -A INPUT -p TCP -i $EIF --dport 1723 -j ACCEPT # pptp VPN

Next we need to config VPN client(PC2)
control pannel -> Network Connections -> create a new connect ->
next -> connect to the network at my working place -> next ->
virtual private network connection -> campany name (input: VoSKY) ->
Host name or IP address (input: 61.220.51.26) -> finish ->Fill in username/password
click "內容" -> goes to "安全性" tag -> uncheck "要求資料加密" -> click "確定"


Now you shuould be able to establish a VPN connection between PC1 and PC2
In PC2's end,try to trace route to 168.95.1.1. Check if it first goes to 192.168.4.201 then goes to 61.220.51.254
Also you can try to access PC3's share folder.

Reference
Ubuntu 下面 pptp VPN 的配置

2008年9月5日 星期五

How to build Multiple OS by using BootITNG

Target
To create mutiple OS.
In this case, WindowsXP_TC,WindowsXP_EN,Ubuntu 8.04,IP-PBX(AsteriskNOW)

Before Start
1. Prepare a new HDD(a 250GB sata2 HDD)
2. Prepare CDs needed,(BootITNG, WindowsXP-TC, WindowsXP-En,Ubuntu 8.04,AsteriskNOW)

Steps
1. First boot
Use BootITNG disc to boot,it will then ask if you want to install BootItNG,follow the instructions to complete installation
Notice: When asked if allowed more than 4 primary partition, click yes



2. Create Partitions

click Partition work,in this example I created partitions list like this
WinXP_TC,20G,NTFS
WinXp_EN,15G,NTFS
Ubuntu 8.04,50G,Linux Native
Ubuntu swap,2G,Linux Swap
IP-PBX,10G,Linux Native
IP-PBX swap,4G,Linux Swap
Data,20G,NTFS



3. Create Boot Menu
Create 4 boot options: WindowsXP_TC, WindowsXP_EN, Ubuntu 8.04, IP-PBX
Notice: When creating Ubuntu 8.04 and IP-PBX, don't forget to fill swap partition into HD-0's 2nd posiition



4. Install WindowsXP_TC
Set WinXP_TC partition to be active(From boot menu, choose it to boot)
Notice:first time you try this, it may tell you that this media is not bootable, it doesn't matter.
Insert WindowsXP_TC CD and boot from it, follow the instructions to finish installation
Notice: You can only see Drive C(20G) and Drive D(20G) during installation

5. Install WindowsXP_EN
Set WinXP_EN partition to be active(From boot menu, choose it to boot)
Notice:first time you try this, it may tell you that this media is not bootable, it doesn't matter.
Insert WindowsXP_EN CD and boot from it, follow the instructions to finish installation
Notice: You can only see Drive C(15G) and Drive D(20G) during installation

6. Install Ubuntu 8.04
Set Ubuntu 8.04 partition to be active(From boot menu, choose it to boot)
Insert installation CD and boot from it, follow the steps
Notice:During partitions setting, choose manual,mount "/" to the 10G space and "swap" to the 2G space
When installation finish, reboot, now you find you only can boot with Ubuntu's grub

7. Set BootITNG back
Insert BootITNG CD and reboot, choose "Reactivate" and then restart
After that , you can not boot Ubuntu by selecting "Ubuntu 8.04" from boot menu

8. Set Ubuntu bootable
Insert Ubuntu 8.04 liveCD and reboot, enter live desktop, then open a terminal window
follow the steps below
a) sudo grub
b) find /boot/grub/stage1 (Note:this will give you location of the boot partition) For me it came back as (hd0,2)
c) root (hd0,2) (note: use whatever comes up in b above)
d) setup (hd0,2)
e) quit
Reboot system, and try to bootUbuntu 8.04 from boot menu,it should work now.

8. Install IP-PBX
We use AsteriskNOW to be our IP-PBX
Set IP-PBX partition to be active(From boot menu, choose it to boot)
Insert AsteriskNOW CD and reboot
Follow the installation steps, choose the "Expert Mode"
During partitions setting, choose manual,mount "/" to the 10G space and "swap" to the 4G space
Finish installation, reboot, now you can boot with AsteriskNOW's grub

8. Set BootITNG back
Insert BootITNG CD and reboot, choose "Reactivate" and then restart

Now you should be able to boot between WindowsXP_TC, WindowsXP_EN, Ubuntu 8.04, and IP-PBX

In Next article, I will introduce how to backup these partitions.

2008年9月4日 星期四

How to Set port forwarding

Network topology
1.PC1: NAT+DHCP server(eth0 for public IP and eth1 for DHCP server)
  eth0 IP: 61.220.51.26
     submask: 255.255.255.0
     gateway: 61.220.51.254
  eth1 IP: 192.168.4.254
     submask: 255.255.255.0
2.PC2: Client1
  WindowsXP,static DHCP(192.168.4.199)
  With port 80 enabled
3.PC3: Client2
  WindowsXP,dynamic DHCP(192.168.4.198)
  With port 8080 enabled

PC2 and PC3 can access internet though PC1

Target
1. disable PC1's SSH port(22)
2. mapping port 80 to PC2
3. mapping port 8080 to PC3

Instructions
1.Modify files already set for iptables(iptables.rules)
#!/bin/sh
##### iptables.rule #####
EIF="eth0" # 對外的網路介面
IIF="eth1" # 對內的網路介面
INNET="192.168.4.0/24" # 內部子網域

# forwarding
# 讓內部網路的封包可以轉送到外部
echo "1" > /proc/sys/net/ipv4/ip_forward

# flush all rules
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X

# 定義 policy
# Policy指的是當進來的封包不屬於rule中的任何一條時,所預設的動作。
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

# localhost
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# 讓主機主動建立的連線可以進來
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# 設定主機上提供的服務可讓外部網路存取
iptables -A INPUT -i $EIF -p tcp --dport 22 -j DROP # ssh
iptables -A INPUT -i $EIF -p udp --dport 22 -j ACCEPT
iptables -A INPUT -i $EIF -p tcp --dport 80 -j ACCEPT # http
iptables -A INPUT -i $EIF -p icmp -j ACCEPT #ICMP(ping,...)
# ... 其餘省略

# NAT
iptables -t nat -A POSTROUTING -o $EIF -s $INNET -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -i $EIF --dport 80 -j DNAT --to 192.168.4.199:80
iptables -t nat -A PREROUTING -p tcp -i $EIF --dport 8080 -j DNAT --to 192.168.4.198:8080

2.reload to let it work
./iptables.rules

Reference:vbird

Ubuntu 6.06使用iftab那Ububtu 8.04呢?

Ubuntu 6.06在記錄網路卡的Mac adress時會存在:iftab這個檔中,但升級到了8.04後這個檔案卻不見了,經過網路的查詢後才知道這個檔案換位置了,這個file換到 /etc/udev/rules.d/70-persistent-net.rules

2008年9月2日 星期二

如何在Ubuntu上設定兩個DHCP然後透過一張網卡上網

延續上一篇的文章(如何設定兩個DHCP在Ubuntu ),現在的情形是這樣的:

目前的機器裡,一共有三張網路卡,而它們的預定的分配情形如下:



eth0 (對外網路),使用一個由ADSL分配給你的IP,為了方便起見,我們將它設為:192.168.1.68
eth1 (對內網路,DHCP-1), 使用192.168.5.0/24網段, gateway:192.168.5.1
eth2 (對內網路,DHCP-2), 使用192.168.6.0/24網段, gateway:192.168.6.1


當你把eth0及eth1分別Assign兩個DHCP Server後,請依照下列的步驟


Step 1: 編輯網路(Interfaces)文件

輸入指令:
sudo gedit /etc/networking/interfaces

編輯檔案:

auto lo
iface lo inet loopback


auto eth0 eth1 eth2
iface eth0 inet static
address 192.168.1.86
netmask 255.255.255.0
network 192.168.1.0
broadcase 192.168.1.255
gateway 192.168.1.1
dns-nameservers 168.95.1.1


iface eth1 inet static
address 192.168.5.1
netmask 255.255.255.0
network 192.168.5.0
broadcase 192.168.5.255
dns-nameservers 168.95.1.1

iface eth2 inet static
address 192.168.6.1
netmask 255.255.255.0
network 192.168.6.0
broadcase 192.168.6.255
dns-nameservers 168.95.1.1

Step2: 讓Ubuntu的Router可以Forward封包的功能
輸入指令
sudo /etc/sysctl.conf

編輯檔案:
net.ipv4.ip_forward=1 這行功能打開,若沒有這行時請自己加入

Step3:設定iptables
輸入指令
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Step4:將上述步驟三auto load 到自動執行檔
1. 新增一個file, 命名為:myiptables
2. 在myiptables這個文件中輸入
#! /bin/bash
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
(有人說要加這行,可以做一些安全性設定,就是打開nat的filter功能,事實上不加也可以)

3. 儲存上述檔案到/root資料夾中,或自行定義的檔案
4. 更改此檔案為可執行檔:
輸入指令:
chmod 700 myiptables


5. 編輯自動執行檔的檔案
輸入指令:
sudo gedit /etc/rc.local

編輯此檔案:在此檔案中加入此兩行程式
/root/myiptables 
exit 0

6. 重新開機

如何設定兩個DHCP在Ubuntu

先描述一下環境,一共有三張網路卡,而它們的預定的分配情形如下:
eth0 (對外網路),使用浮動虛擬IP
eth1 (對內網路,DHCP-1), 使用192.168.5.0/24網段
eth2 (對內網路,DHCP-2), 使用192.168.6.0/24網段

Step 1. 安裝DHCP Server
輸入指令:
sudo apt-get install dhcp3-server

Step 2. 設定Network card 的介面
輸入指令:
sudo gedit /etc/network/interfaces

編輯下列的文檔:
auto loiface lo
inet loopback

auto eth1
iface eth1 inet static
address 192.168.5.254
netmask 255.255.255.0

auto eth2
iface eth2 inet static
address 192.168.6.254
netmask 255.255.255.0

Step 3. Restart 網路設定
輸入指令:
sudo /etc/init.d/networking restart

Step 4. 修改dhcp3-server 文檔
輸入指令:
sudo gedit /etc/default/dhcp3-server

編輯文檔
INTERFACES="eth1 eth2"

Step 5. 修改/etc/dhcp3/dhcpd.conf 文檔
輸入指令
sudo gedit /etc/dhcp3/dhcpd.conf

編輯文檔
將其不必要的內容用#註解,然後輸入以下的設定

subnet 192.168.5.0 netmask 255.255.255.0 {
range 192.168.5.1 192.168.5.253;
option routers 192.168.5.1;
option domain-name-servers 168.95.1.1;
option domain-name-servers ae1.com;
option broadcast-address 192.168.5.255;
default-lease-time 600;
max-lease-time 7200;
}


subnet 192.168.6.0 netmask 255.255.255.0 {
range 192.168.6.1 192.168.6.253;
option routers 192.168.6.1;
option domain-name-servers 168.95.1.1;
option domain-name-servers ae2.com;
option broadcast-address 192.168.6.255;
default-lease-time 600;
max-lease-time 7200;
}


Step 5. Restart DHCP Server
輸入指令:
sudo /etc/init.d/dhcp3-server restart

備註:以上的設定方式只有將DHCP Server安裝在eth1及eth2,但eth1及eth2並無法透過eth0上網,若要這麼做則要修改iptable,或利用ubuntu內建的Firestarter讓eth1或eth2透過eth0上網,但Firestarter是無法同時讓eth1或eth2同時上網,但要達成此情形,則要修改iptable方式來做.我們將在下面的文章介紹