|
楼主 |
发表于 2007-11-9 14:45
|
显示全部楼层
上传一个附件,内容就是上面讲的差不多。
《DD-WRT - Detached Networks by Ethernet Ports》 通过网口分离网络。
DD-WRT - Detached Networks by Ethernet Ports:
This will separate the ports on the back of your router and allow you to create individual networks that can’t see each other but that can still browse the internet.
Note: Anything with < > around it needs supplemental information…
Note: Anything with “ “ around it needs to be typed exactly as stated, except items in < >…
Assumptions:
1. You have DD-WRT v23 SP2 installed and working to your liking.
2. You know the Login & Password for web administration.
3. Your running a Microsoft based operating system.
How will this work?
1. First it separates the ports from each other.
2. It activates a DHCP server for each.
3. We tell the DD-WRT that we have changed the VLANs.
Procedure:
1. Open the “Command Prompt” and type “telnet <ip address of router>”
a. Login = “root” / Password = “<web admin password>”
2. Copy the following script and paste on the command line
a. Note: To paste in the command prompt… Right click on the Command Prompt background and go to “Paste”.
b. Note: You don’t have to separate all of the ports, remove the sections that don’t apply to your needs and make sure to add that port in to the very first line of text to copy. Example: if you don’t want port 2 to be on its own network and would like to share that port with port 1 then the first line would read: “nvram set vlan0ports=”1 2 5*”, and just delete the sections that apply to vlan2.
c. Text to copy:
nvram set vlan0ports="1 5*"
nvram set vlan2ports="2 5*"
nvram set vlan3ports="3 5*"
nvram set vlan4ports="4 5*"
nvram set rc_startup='
#!/bin/ash
PATH="/sbin:/usr/sbin:/bin:/usr/bin{PATH}"
ifconfig vlan2 <router address on vlan> netmask 255.255.255.0
ifconfig vlan3 <router address on vlan> netmask 255.255.255.0
ifconfig vlan4 <router address on vlan> netmask 255.255.255.0
ifconfig vlan2 up
ifconfig vlan3 up
ifconfig vlan4 up
'
nvram set rc_firewall='
iptables -I INPUT -i vlan2 -j ACCEPT
iptables -I FORWARD -i vlan2 -o vlan1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan2 -o ppp0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j logdrop
iptables -I INPUT -i vlan3 -j ACCEPT
iptables -I FORWARD -i vlan3 -o vlan1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan3 -o ppp0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br0 -o vlan3 -j logdrop
iptables -I INPUT -i vlan4 -j ACCEPT
iptables -I FORWARD -i vlan4 -o vlan1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan4 -o ppp0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br0 -o vlan4 -j logdrop
'
nvram commit
3. Open the Web Administration of the router by going to its IP address then:
a. Administration Tab  Services Tab  Under DNSMasq paste the following:
interface=vlan2
dhcp-range=<start ip>,<end ip>,<net mask>,<lease time>
interface=vlan3
dhcp-range=<start ip>,<end ip>,<net mask>,<lease time>
interface=vlan4
dhcp-range=<start ip>,<end ip>,<net mask>,<lease time>
b. Click on “Save Settings”
c. Setup Tab  VLANs
i. Set “Port 2” to “VLAN 2”
ii. Set “Port 3” to “VLAN 3”
iii. Set “Port 4” to “VLAN 4”
d. Click on “Save Settings”
4. Go Back to the “Command Prompt”
(Note: it may have lost connection, if so just log back in as described above)
a. Type “reboot”
5. Now test your networks…
Here is an example setup:
Telneting:
nvram set vlan0ports="1 5*"
nvram set vlan2ports="2 5*"
nvram set vlan3ports="3 5*"
nvram set vlan4ports="4 5*"
nvram set rc_startup='
#!/bin/ash
PATH="/sbin:/usr/sbin:/bin:/usr/bin{PATH}"
ifconfig vlan2 10.0.2.1 netmask 255.255.255.0
ifconfig vlan3 10.0.3.1 netmask 255.255.255.0
ifconfig vlan4 10.0.4.1 netmask 255.255.255.0
ifconfig vlan2 up
ifconfig vlan3 up
ifconfig vlan4 up
'
nvram set rc_firewall='
iptables -I INPUT -i vlan2 -j ACCEPT
iptables -I FORWARD -i vlan2 -o vlan1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan2 -o ppp0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j logdrop
iptables -I INPUT -i vlan3 -j ACCEPT
iptables -I FORWARD -i vlan3 -o vlan1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan3 -o ppp0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br0 -o vlan3 -j logdrop
iptables -I INPUT -i vlan4 -j ACCEPT
iptables -I FORWARD -i vlan4 -o vlan1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan4 -o ppp0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br0 -o vlan4 -j logdrop
'
nvram commit
DNSMasq Box:
interface=vlan2
dhcp-range=10.0.2.51,10.0.2.254,255.255.255.0,1440m
interface=vlan3
dhcp-range=10.0.3.51,10.0.3.254,255.255.255.0,1440m
interface=vlan4
dhcp-range=10.0.4.51,10.0.4.254,255.255.255.0,1440m |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?立即注册
×
|