Ubuntu 20.04 LTS Server搭建软路由

最新推荐文章于 2024-07-19 14:41:10 发布

w267us8

最新推荐文章于 2024-07-19 14:41:10 发布

阅读量1.1w

点赞数 2

分类专栏： Ubuntu 软路由文章标签： ubuntu

本文链接：https://blog.csdn.net/w267us8/article/details/110626133

版权

Ubuntu 同时被 2 个专栏收录

2 篇文章 0 订阅

订阅专栏

软路由

2 篇文章 0 订阅

订阅专栏

首先是安装Ubuntu 20.04 LTS Server,这个步骤网上都可以找到

注意的是，安装的时候开启openssh-server

下述步骤是是指定安装好Ubuntu 20.04 LTS Server后

推荐先修改源为aliyun源

sudo mv /etc/apt/sources.list /etc/apt/sources.list.bak
sudo vi /etc/apt/sources.list

写入以下内容

deb https://mirrors.aliyun.com/ubuntu focal main restricted
deb https://mirrors.aliyun.com/ubuntu focal-updates main restricted
deb https://mirrors.aliyun.com/ubuntu focal universe
deb https://mirrors.aliyun.com/ubuntu focal-updates universe
deb https://mirrors.aliyun.com/ubuntu focal multiverse
deb https://mirrors.aliyun.com/ubuntu focal-updates multiverse
deb https://mirrors.aliyun.com/ubuntu focal-backports main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu focal-security main restricted
deb https://mirrors.aliyun.com/ubuntu focal-security universe
deb https://mirrors.aliyun.com/ubuntu focal-security multiverse

并保存后，执行

sudo apt update

1.安装net-tools( ifconfig命令可用）

sudo apt install net-tools

安装后就可以查看网卡信息，

ifconfig -a

2.修改网卡名enp2s0,enp3s0（每个人可能不一样）为eth0,eth1等

注：本步骤非必须。不执行步骤2，则需要修改后续步骤中的eth0，eth1为具体的网卡名

sudo vi /etc/default/grub

修改GRUB_CMDLINE_LINUX=""为GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"

sudo grub-mkconfig -o /boot/grub/grub.cfg

修改这里面的/etc/netplan/00-installer-config.yaml，没有修改会导致下次开机后无法上网。

将enp2s0修改为eth0, 修改enp3s0修改为eth1

后续把eth0作为wan，把eth1作lan

重启， sudo reboot now

3.配置网卡地址，lan设置为静态ip

修改/etc/netplan/00-installer-config.yaml, 参考以下内容修改

network:
ethernets:
eth0:
dhcp4: true
eth1:
dhcp4: false
addresses:
- 192.168.99.1/24
version: 2

sudo netplan apply

使配置生效

4.配置dhcp

sudo apt  install isc-dhcp-server

aa.修改配置文件/etc/default/isc-dhcp-server

INTERFACESv4=""
INTERFACESv6=""

修改成

INTERFACESv4="eth1"
INTERFACESv6="eth1"

bb.修改/etc/dhcp/dhcpd.conf

option domain-name-servers ns1.example.org, ns2.example.org;

修改成

option domain-name-servers 8.8.8.8,114.114.114.114;

并末尾增加以下内容

subnet 192.168.99.0 netmask 255.255.255.0 {
range 192.168.99.100 192.168.99.254;
option domain-name-servers 192.168.99.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.99.255;
option routers 192.168.99.1;
}

cc.修改/etc/dhcp/dhcpd6.conf

末尾增加以下内容

subnet6 2001:db8:0:1::/64 {
# Range for clients
range6 2001:db8:0:1::129 2001:db8:0:1::254;

# Range for clients requesting a temporary address
range6 2001:db8:0:1::/64 temporary;

# Additional options
option dhcp6.name-servers fec0:0:0:1::1;
option dhcp6.domain-search "domain.example";

# Prefix range for delegation to sub-routers
prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56;

# Example for a fixed host address
host specialclient {
host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01:23:45;
fixed-address6 2001:db8:0:1::127;
}
}

重启dhcp server

sudo systemctl start isc-dhcp-server #启动dhcp server

sudo systemctl status isc-dhcp-server #查看启动状态

5.配置防火墙

sudo ufw allow 22 #允许ssh访问

sudo ufw logging on

修改/etc/default/ufw

DEFAULT_FORWARD_POLICY="DROP"

修改为

DEFAULT_FORWARD_POLICY="ACCEPT"

修改/etc/sysctl.conf

#net.ipv4.ip_forward=1
修改为
net.ipv4.ip_forward=1

sudo sysctl -p生效

修改/etc/ufw/before.rules文件，

在loopback之后，增加eth1（红色那部分内容）

# allow all on loopback
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-output -o lo -j ACCEPT

# allow all on lan, eth1
-A ufw-before-input -i eth1 -j ACCEPT
-A ufw-before-output -o eth1 -j ACCEPT

同时

在“# Don't delete these required lines, otherwise there will be errors
*filter
:ufw-before-input - [0:0]”之前增加以下内容

*nat
:POSTROUTING ACCEPT [0:0]

# Forward traffic through eth0 - Change to match you out-interface
-A POSTROUTING -s 192.168.99.0/24 -o eth0 -j MASQUERADE

# don't delete the 'COMMIT' line or these nat table rules won't
# be processed
COMMIT

修改后,重启ufw

sudo ufw disable

sudo ufw enable