{"id":85685,"date":"2020-05-15T19:25:29","date_gmt":"2020-05-15T11:25:29","guid":{"rendered":"http:\/\/4563.org\/?p=85685"},"modified":"2020-05-15T19:25:29","modified_gmt":"2020-05-15T11:25:29","slug":"%e8%af%b7%e6%95%99%e4%b8%80%e4%b8%aa%e9%85%8d%e7%bd%ae-iptables-%e5%85%81%e8%ae%b8%e8%bd%ac%e5%8f%91-l2tp-over-ipsec-%e9%97%ae%e9%a2%98","status":"publish","type":"post","link":"http:\/\/4563.org\/?p=85685","title":{"rendered":"\u8bf7\u6559\u4e00\u4e2a\u914d\u7f6e iptables \u5141\u8bb8\u8f6c\u53d1 L2tp over ipsec \u95ee\u9898"},"content":{"rendered":"
\n
\n
\n

\u8bf7\u6559\u4e00\u4e2a\u914d\u7f6e iptables \u5141\u8bb8\u8f6c\u53d1 L2tp over ipsec \u95ee\u9898 <\/h1>\n

<\/p>\n

\n
\u8cc7\u6df1\u5927\u4f6c : kaminic <\/span> <\/i> 8<\/span> <\/div>\n
<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n
<\/p>\n

\u5bb6\u91cc\u4e00\u53f0 nas \u505a\u65c1\u8def\u7531\u7528<\/p>\n

nas: 192.168.1.66<\/p>\n

\u4e3b\u8def\u7531: 192.168.1.1<\/p>\n

nas \u7684 iptables \u914d\u7f6e\u4e3a:<\/p>\n

iptables -t nat -N TP iptables -t nat -A TP -d 192.168.1.0\/16 -j RETURN iptables -t nat -A TP -d 172.16.0.0\/20 -j RETURN iptables -t nat -A TP -d 10.0.0.0\/24 -j RETURN iptables -t nat -A TP -p tcp -j REDIRECT --to-ports 7892 iptables -t nat -A PREROUTING -p tcp -j TP <\/code><\/pre>\n
PC \u4e0a\u8bbe\u7f6e\u7f51\u5173\u4e3a nas \u7684\u5730\u5740\uff0c\u6b64\u65f6\u53ef\u4ee5\u6b63\u5e38\u4e0a\u7f51\uff0c \u4f46\u662f PC \u4e0a\u539f\u6765\u6b63\u5e38\u7684 VPN \u4e0d\u80fd\u6b63\u5e38\u8fde\u63a5\u4e86\uff0c\u628a\u7f51\u5173\u6539\u4f1a\u4e3b\u8def\u7531\u7684\u5730\u5740\u5c31\u6ca1\u95ee\u9898<\/p>\n
\u662f\u9700\u8981\u5728 nas \u91cc\u914d\u7f6e iptables \u8f6c\u53d1 l2tp \u76f8\u5173\u534f\u8bae\u6570\u636e\u5417\uff1f\u5982\u4f55\u914d\u7f6e?<\/p>\n<\/p><\/div>\n
 \u5927\u4f6c\u6709\u8a71\u8aaa<\/b> (1<\/span>)        <\/div>\n
 <\/div>\n<\/p><\/div>\n<\/p><\/div>\n
    \n
  • \n
    \n
    \n
     \u8cc7\u6df1\u5927\u4f6c : pubby <\/span>  <\/div>\n
     <\/i>            <\/span> <\/div>\n<\/p><\/div>\n
                                                                 \u6211\u4eec\u4e00\u53f0 VPN \u7f51\u5173\u7528\u6765\u5c4f\u853d\u4e00\u4e9b\u4e0d\u8d70 ipsec \u7684 l2tp \u5ba2\u6237\u7aef\uff0c\u4ec5\u4f9b\u53c2\u8003\uff1a<\/p>\n
    # drop unencrypted L2TP connection
    \/sbin\/iptables -A INPUT -i eth0 -p udp –dport 1701 -m policy –dir in –pol ipsec -j ACCEPT >>\/dev\/null 2>&1
    \/sbin\/iptables -A INPUT -i eth0 -p udp –dport 1701 -j DROP >>\/dev\/null 2>&1                                                            <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n","protected":false},"excerpt":{"rendered":"
    \u8bf7\u6559\u4e00\u4e2a\u914d\u7f6e iptables \u5141…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[],"_links":{"self":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/85685"}],"collection":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=85685"}],"version-history":[{"count":0,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/85685\/revisions"}],"wp:attachment":[{"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=85685"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=85685"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=85685"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}