阿里雲、騰訊雲
雲主機實現PPTP和NAT功能,Iptable配置如下:
雲主機系統Centos 6.8 64bit
不需要增加NAT網和其他雲插件
/etc/pptp.conf文件修改:
localip 172.17.0.2 #這是雲主機內網地址
remoteip 172.17.0.10-100 #這是給客戶端撥號預分配的IP地址範圍,需與雲主機內網地址在同一網段內
#logwtmp 如果報日誌錯,需註釋掉,否則可以不註釋
/etc/ppp/options.pptpd文件修改:
ms-dns 114.114.114.114
/etc/sysconfig/iptables文件修改:
*filter
:INPUT ACCEPT [394:32816]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [387:33334]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 1723 -j ACCEPT
-A INPUT -p gre -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp --syn -i ppp+ -j TCPMSS --set-mss 1356
-A FORWARD -p gre -j ACCEPT
#-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 172.16.145.0/24 -o eth0 -j MASQUERADE
COMMIT
將iptables和pptpd設置爲開機啓動:
chkconfig iptables on
chkconfig pptpd on