修改PPPOE配置解决ADSL频繁掉线问题
发布时间:May 5, 2012 // 分类:OpenWrt // No Comments
使用迅雷下载的时候openwrt老是掉线,查看ppp日志:
May 5 07:02:05 OpenWrt daemon.info pppd[23813]: No response to 5 echo-requests
May 5 07:02:05 OpenWrt daemon.notice pppd[23813]: Serial link appears to be disconnected.
May 5 07:02:05 OpenWrt daemon.info pppd[23813]: Connect time 1089.9 minutes.
May 5 07:02:05 OpenWrt daemon.info pppd[23813]: Sent 335012468 bytes, received 1671352386 bytes.
May 5 07:02:06 OpenWrt user.notice root: stopping ntpclient
May 5 07:02:12 OpenWrt daemon.notice pppd[23813]: Connection terminated.
May 5 07:02:12 OpenWrt daemon.notice pppd[23813]: Modem hangup
PPPOE客户端会每隔10秒向服务器发送echo request确认在线,5次请求未回应就认为连线有问题并断开连接。
修改配置增加和ADSL服务器交互间隔:
vim /etc/ppp/options
lcp-echo-interval 30 #发送间隔秒
lcp-echo-failure 15 #15次未响应断开
Openwrt/Linux安装squid做透明代理缓存服务器
发布时间:April 21, 2012 // 分类:Squid,OpenWrt,Linux服务 // 3 Comments
安装Squid:
opkg update
opkg install squid
cd /etc/squid
mv squid.conf squid.conf.back
vim squid.conf
配置文件:
visible_hostname proxy.www.haiyun.me #主机名
cache_mgr onovps@www.haiyun.me #管理员邮箱
http_port 3128 transparent #监听端口3128,透明代理
icp_port 0 #单机模式
dns_nameservers 192.168.1.1 #DNS
#cache_effective_user squid #运行用户
#cache_effective_group squid #运行用户组
pid_filename /tmp/squid.pid #pid文件
error_directory /usr/share/squid/errors/Simplify_Chinese #错误提示文件
emulate_httpd_log on #开启httpd日记格式
#logformat log %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh #自定义日记模式
cache_access_log /mnt/log/access.log #日记路径
cache_log none #无cache日记
cache_store_log none #无store日记
cache_dir ufs /mnt/cache/ 2048 16 256 #硬盘缓存2G,一级目录16,二级目录256
cache_mem 16 MB #内存缓存16M
cache_swap_low 90
cache_swap_high 95
minimum_object_size 0 KB #最小缓存不限制
maximum_object_size 4096 KB #最大缓存4M
cache_vary on #开启vary缓存
connect_timeout 1 minute #连接超时1分
request_timeout 1 minutes #请求超时1分
acl QUERY urlpath_regex -i cgi-bin \?
cache deny QUERY #不缓存cgin-bin
acl bt url_regex -i ^http://.*\.torrent$
http_access deny bt #禁止下载torrent
acl files urlpath_regex -i "/etc/squid/files.txt" #过滤下载文件后缀
acl sites dstdom_regex "/etc/squid/sites.txt" #过滤特定网址
acl keys url_regex -i "/etc/squid/keys.txt" #过滤特定关键词
acl nocache_sites dstdom_regex "/etc/squid/nocache_sites.txt" #指定不缓存网址
acl nocache_files urlpath_regex -i "/etc/squid/nocache_files.txt" #指定不缓存文件后缀
http_access deny files
http_access deny sites
http_access deny keys
cache deny nocache_sites
cache deny nocache_files
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 192.168.1.0/255.255.255.0
acl SSL_ports port 443 563 10000
acl Safe_ports port 80 21 443 56370 210 1025-65535 280 488 591
http_access allow manager localhost
http_access deny manager
http_access allow localnet
http_access deny all
#acl apache rep_header Server ^Apache
broken_vary_encoding allow all #开启压缩
header_access X-Forwarded-For deny all #禁止 X-Forwarded头
header_access HTTP_VIA deny all #禁止HTTP_VIA
header_access Via deny all #禁止Via头
refresh_pattern -i \.css$ 1440 50% 129600 reload-into-ims
refresh_pattern -i \.xml$ 1440 50% 129600 reload-into-ims
refresh_pattern -i \.htm$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.html$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.shtml$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.png$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.jpg$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.jpeg$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.gif$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.bmp$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.js$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.mp3$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.wmv$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.rm$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.swf$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.mpeg$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.wma$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.exe$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.rar$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.zip$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.gz$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.bz2$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.7z$ 1440 50% 2880 ignore-reload
squid相关指令:
squid -k reconfigure #重置
squid -k parse #检测配置文件
squid -k shutdown #关闭
squid -k rotate #分割日记
Openwrt下安装squid后无init脚本,管理不方便,自己简单写了个。
#/bin/bash
#Create by www.haiyun.me
case $1 in
stop)
squid -k shutdown
;;
start)
squid
;;
restart)
squid -k reconfigure
;;
check)
squid -k parse
;;
*)
echo "Please use restart|start|stop|check"
;;
esac
iptables配置:
opkg install iptables-utils iptables-mod-nat-extra
iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 80 -j REDIRECT --to-ports 3128
Openwrt安装USB驱动挂载U盘
发布时间:April 21, 2012 // 分类:OpenWrt // 2 Comments
opkg update
opkg install kmod-usb-core
opkg install kmod-usb-ohci #安装usb ohci控制器驱动
#opkg install kmod-usb-uhci #UHCI USB控制器
opkg install kmod-usb2 #安装usb2.0
opkg install kmod-usb-storage #安装usb存储设备驱动
opkg install usbutils #安装了这个后可以用 lsusb
opkg install kmod-fs-ext2 #安装ext2分区支持
opkg install kmod-fs-ext3 #安装ext3分区格式支持组件
opkg install kmod-fs-ntfs #ntfs内核驱动
opkg install mount.ntfs-3g #挂载ntfs助手
opkg install mount-utils #挂载卸载工具
opkg install ntfs-3g #挂载NTFS
opkg install kmod-fs-vfat #挂载FAT
opkg install fdisk #硬盘分区管理工具
挂载分区:
mount -t ext2 /dev/sda1 /mnt/
开机自动挂载:
echo "/dev/sda1 /mnt/ ext2 rw,async,noatime,nodiratime 0 0 ">> /etc/fstab
OpenWrt路由器iptables防火墙设置
发布时间:April 18, 2012 // 分类:OpenWrt // No Comments
OpenWrt自带防火墙有点复杂,自己根据需要重新配置了下iptables,可满足一般用户需求。
#/bin/bash
#OpenWrt防火墙,适用于RG100AA
#Cretaed by www.haiyun.me
iptables -F
iptables -X
iptables -Z
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i br-lan -j ACCEPT
#iptables -A INPUT -m string --algo bm --string "sex" -j DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#iptables -A FORWARD -m string --algo bm --string "sex" -j DROP
iptables -A FORWARD -i br-lan -o pppoe-wan -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
#iptables -A FORWARD -p tcp --dport 12488 -j ACCEPT
#iptables -A FORWARD -p udp --dport 12488 -j ACCEPT
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -A POSTROUTING -i br-lan -o pppoe-wan -j MASQUERADE
#iptables -t nat -A PREROUTING -p tcp --dport 12488 -j DNAT --to-destination 192.168.1.6
#iptables -t nat -A PREROUTING -p udp --dport 12488 -j DNAT --to-destination 192.168.1.6
#iptables -t mangle -F
#iptables -t mangle -X
#iptables -t mangle -Z
#iptables -t mangle -A PREROUTING -i pppoe-wan -j TTL --ttl-inc 1
#iptables -t mangle -A POSTROUTING -o pppoe-wan -j TTL --ttl-set 128
#iptables -t mangle -A POSTROUTING -o pppoe-wan -j IPID --ipid-pace 1
#iptables -I FORWARD -p tcp --tcp-flags RST RST -j DROP
分类
- Apache (13)
- Nginx (45)
- PHP (86)
- IIS (8)
- Mail (17)
- DNS (16)
- Cacti (14)
- Squid (5)
- Nagios (4)
- Puppet (7)
- CentOS (13)
- Iptables (23)
- RADIUS (3)
- OpenWrt (41)
- DD-WRT (1)
- VMware (9)
- 网站程序 (2)
- 备份存储 (11)
- 常用软件 (20)
- 日记分析 (10)
- Linux基础 (18)
- 欧诺代理 (0)
- Linux服务 (18)
- 系统监控 (4)
- 流量监控 (7)
- 虚拟化 (28)
- 伪静态 (2)
- LVM (3)
- Shell (18)
- 高可用 (2)
- 数据库 (16)
- FreeBSD (3)
- 网络安全 (25)
- Windows (35)
- 网络工具 (22)
- 控制面板 (3)
- 系统调优 (10)
- Cisco (3)
- VPN (6)
- ROS (20)
- Vim (14)
- KMS (4)
- PXE (2)
- Mac (1)
- Git (1)
- PE (1)
- LNS (2)
- Xshell (7)
- Firefox (13)
- Cygwin (4)
- OpenSSL (9)
- Sandboxie (3)
- StrokesPlus (1)
- AutoHotKey (4)
- Total Commander (3)
- WordPress (3)
- iMacros (6)
- Typecho (2)
- Ollydbg (1)
- Photoshop (1)
- 正则 (3)
- Debian (3)
- Python (8)
- NoSQL (6)
- 消息队列 (4)
- JS (7)
- Tmux (3)
- GO (7)
- HHVM (2)
- 算法 (1)
- Docker (2)
- PT (15)
- N1 (16)
- K2P (6)
- LUKS (4)
最新文章
- 光猫拨号ImmortalWrt/OpenWRT路由获取ipv6遇到的问题
- php-fpm错误error_log日志配置
- debian-12/bookworm安装mariadb10.3和mysql5.6
- smokeping主从配置及遇到的问题
- openwrt/linux使用tcpdump/nflog ulogd记录iptables日志
- tmux bash shell自动保存history
- ImmortalWrt/OpenWRT为guest wifi网络配置ipv6 nat6
- PVE更新upgrade遇到The following packages have been kept back
- openwrt/immortalwrt修改odhcpd ipv6 preferred_lifetime和valid_lifetime
- golang版本udpxy iptv rtp多播转http单播
最近回复
- opnfense: 谢谢博主!!!解决问题了!!!我之前一直以为内置的odhcp6就是唯一管理ipv6的方式
- liyk: 这个方法获取的IPv6大概20分钟之后就会失效,默认路由先消失,然后Global IPV6再消失
- 海运: 不好意思,没有。
- zongboa: 您好,請問一下有immortalwrt設定guest Wi-Fi的GUI教學嗎?感謝您。
- 海运: 恩山有很多。
- swsend: 大佬可以分享一下固件吗,谢谢。
- Jimmy: 方法一 nghtp3步骤需要改成如下才能编译成功: git clone https://git...
- 海运: 地址格式和udpxy一样,udpxy和msd_lite能用这个就能用。
- 1: 怎么用 编译后的程序在家里路由器内任意一台设备上运行就可以吗?比如笔记本电脑 m参数是笔记本的...
- 孤狼: ups_status_set: seems that UPS [BK650M2-CH] is ...