, ! : , - , .
? IP !, . , - . NAT. , , .
NATNAT ( . Network Address Translation ) TCP/IP, IP- . IP Masquerading, Network Masquerading Native Address Translation.
NAT , , . SNAT, (. source) (. destination) . / .
, IP- . , . , . , . () IP- ( ) IP- ( , ). , , . , , n- .
, , , . - , . LogMeIn Hamach, , NAT' . , - :
? OPI Orange Pi PC, , NAT , , ( , ), KVM , CLI . , : ?. : . , .
OPI KVM VPN . KVM, VPN OPI.
KVM? VDS(Virtual Dedicated Server). KVM (Kernel-based Virtual Machine), OVZ (OpenVZ). OVZ , iptables - , .
, . VPN. , OpenVPN, , , , , . , OPI , PPTP.
PPTP :
apt install pptpd
. /etc/pptpd.conf IP IP :
localip 10.0.0.1
remoteip 10.0.0.100-200
VPN . /etc/ppp/chap-secrets
# client server secret IP addresses
orange pptpd pass123 10.0.0.100
orange pass123 IP 10.0.0.100. IP
*, IP , remoteip. . PPTPD. DNS /etc/ppp/pptpd-options
ms-dns 8.8.8.8
ms-dns 8.8.4.4
PPTPD:
service pptpd restart
IP . IP IP, PPTP. /etc/sysctl.conf :
net.ipv4.ip_forward = 1
, ipatables.
:
~$ ifconfig
ens3 Link encap:Ethernet HWaddr 52:54:00:f8:0c:4a
inet addr:31.148.99.234 Bcast:31.148.99.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fef8:c4a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8808733 errors:0 dropped:0 overruns:0 frame:0
TX packets:3300625 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3511383831 (3.5 GB) TX bytes:3245380453 (3.2 GB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:216 errors:0 dropped:0 overruns:0 frame:0
TX packets:216 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:16618 (16.6 KB) TX bytes:16618 (16.6 KB)
ens3. ,
eth0.
iptables:
iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE && iptables-save
. VPN , , VPN :
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT
iptables --append FORWARD --in-interface ens3 -j ACCEPT
ppp0 .
Orange PI. , , .
Orange PI PPTP :
apt install pptp-linux
/etc/ppp/peers/pptpserver :
pty "pptp 31.148.99.234 --nolaunchpppd"
name orange
password pass123
remotename PPTP
require-mppe-128
IP .
/etc/ppp/options
#
/etc/ppp/options.pptp :
lock
noauth
nobsdcomp
nodeflate
defaultroute
replacedefaultroute
mtu 1400
persist
maxfail 0
lcp-echo-interval 20
lcp-echo-failure 3
, , :
pon pptpserver
, :
~$ ifconfig ppp0
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.0.0.100 P-t-P:10.0.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1
RX packets:1075 errors:0 dropped:0 overruns:0 frame:0
TX packets:959 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:154176 (154.1 KB) TX bytes:194499 (194.4 KB)
Orange PI :
~$ ping 10.0.0.100
PING 10.0.0.100 (10.0.0.100) 56(84) bytes of data.
64 bytes from 10.0.0.100: icmp_seq=1 ttl=64 time=8.91 ms
64 bytes from 10.0.0.100: icmp_seq=2 ttl=64 time=8.80 ms
64 bytes from 10.0.0.100: icmp_seq=3 ttl=64 time=8.93 ms
64 bytes from 10.0.0.100: icmp_seq=4 ttl=64 time=9.00 ms
!
: Orange PI. , 80 443 , OPI
iptables -t nat -A PREROUTING -p tcp -d 31.148.99.234 --dport 80 -j DNAT --to-destination 10.0.0.100:80
iptables -A FORWARD -i ppp0 -d 10.0.0.100 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 31.148.99.234 --dport 443 -j DNAT --to-destination 10.0.0.100:443
iptables -A FORWARD -i ppp0 -d 10.0.0.100 -p tcp --dport 443 -j ACCEPT
IP . , :
! !
, Orange PI . ? Orange PI VPN . bash, , , :
#!/bin/sh
while [ 0 ]
do
if ifconfig ppp0>>/dev/null
then
sleep 7
else
pon pptpserver
if $?
then
echo $(date) Connected
else
echo $(date) Connection error
fi
fi
sleep 3
done
. /etc/rc.local . :
/root/scripts/ppp.sh
:
chmod +x /root/scripts/ppp.sh
, echo, ! , , , , . , ? , ppp0 , . , !
. , , , . , , .. IP , DDoS , , Orange PI . , , , ?
1. VPN PPTP
2. NAT
https://habrahabr.ru/post/333996/
