At present, through a VPN for remote office is the more common methods.
This method of primarily two things: first, to guarantee the VPN users ready access to intranet, intranet computer must be turned on for extended periods, resulting in significant waste of resources; second, users connect to VPN, only the remote computer as network neighbor one to pass information to each other. Use Linux Remote Office can make up more than two points of VPN is not enough: you can achieve on-demand power on; you can directly control and monitoring of remote computer and the remote computer's desktop. Linux server in this method must be a connection in the public Internet machine, it has "played" gateway and firewall role and is responsible for wake-up intranet computers. 1. install the environment configuration wakelan software wakelan is Linux a remote wake-up program, can wakeup and Linux server connected to the computer and the network card MAC address for the specified address. The command format is "wakelanMAC address". Wakelan method of installation is as follows: # tarwakelan-1.1.tar.gz # cdwakelan-1.1 #./configure # make # makeinstall 2. Add broadcast routing in the actual work environment, the LAN machines via a switch even in Linux server eth1 network card. Linux server to broadcast an entire LAN, you need to add the following a route: # routeadd-host255.255.255.255-devet above this route to/etc/rc.local, even Linux server restart, or you can automatically add the routing. 3. configure DP in the DHCP configuration file/etc/dhcpd.conf Specify intranet Windows machine's IP address, domain server address, domain name, gateway, DNS server, and other information, so that it starts automatically gets specified IP. Of course, if every computer has a fixed IP address, configure the DHCP service can be ignored. /Etc/dhcpd.conf is configured as follows: ddns-update-stylead-oc; max-lease-time-1; default-lease-time-1; optionsubnet-mask255.255.255.0; optionbroadcast-address255.255.255.255; optionrouters192.168.0.1; optiondomain-name-servers192.168.0.1; optiondomain-name"home.net.cn"; subnet192.168.0.0netmask255.255.255.0{ range192.168.0.11192.168.0.100; hostplatinum{ hardwareethernet00:0a:e6:a9:64:a2; fixed-address192.168.0.2; }} Above configuration, named "platinum" PC did specify MAC IP allocation, fixed IP address for the platinum 192.168.0.2, any other machine, you can also do similar settings. Use the command "/etc/rc.d/init.dhcpdstart" start the DHCP service so that DHCP will run properly. 4. configure iptables, set the DNAT function DNAT function can access Linux Gateway specific port of all connection requests to the internal network to the appropriate ports on the specified machine (intranet user connection request excepted). Examples: # iptables-APREROUTING-tnat-ptcp-s! 192.168.0.0/24--dport4899-jDNAT--to192.168.0.2: 4899 example command, visit the Linux Gateway 4899 port for all connections requests go to the IP of the machine to 192.168.0.2 4899 port. 4899 is Radmin remote control program's default service port. This command can be added to the file/etc/rc.local, make Linux start to bring this feature. Users can write a class that implements the same features of the Firewall script, execute the/etc/rc.local. 5. network installed on Windows, remote control software commonly used remote control software, such as pcAnywhere, Radmin, the user can according to their own preferences to install one, I use Radmin. Used for remote office computer and controlled computer must install that software, except that in addition to being kongduan installation of this software, you need to start the service-side program. 6. the remote wake-up intranet machine remote starting premise is a Windows machine to support the network adapter to wake up, and the BIOS settings to conform to the network adapter to wake up to the standard. In any place with Internet access can use SSH to log on to a Linux machine, perform remote wakeup command: # wakelan00: 0a: e6: a9: 64: a2 if the computer starts up, the proven success of the previous configuration. To remote login, users must remember that a lot of difficult to remember the MAC addressThis is very troublesome, and it is not secure. We can use Web services to improve this feature. Safe and convenient Web startup if Linux already installed Apache and PHP, you can configure Apache and PHP scripts to achieve more secure remote start. 1. write a PHP script on Apache's DocumentRoot directory following a wakeup, established in this catalog, index.php file as follows: passthru("/usr/local/bin/wakelan00:0a:e6:a9:64:a2"); Echo "computer platinum starting ..."; ? > Now, as long as the browser entering a Web site (prior to Apache set up), for example, http://platinum.3322.org/wakup, can realize remote boot. This is convenient, but anyone can access, or unsafe, you need to add Apache authentication to solve the problem. 2. Add Apache authentication configuration document modified Apache/usr/local/apache2/conf/httpd.conf, add the following code: AllowOverrideAuthConig establishment at wakeup directory and edit the .htaccess file: # vi/usr/local/apache2/htdocs/wakeup/.htaccess AuthName "computer platinum Launcher AuthTypeBasic AuthUserFile/usr/local/apache2/apache.users requireuserplatinum 3. create a password file next, is to create a dedicated to storing passwords apache.users: A HREF =" mailto: root @ server # "> root @ server # htpasswd-c/usr/local/apache2/apache.usersplatinum Newpassword: Re-typenewpassword: Addingpasswordforuserplatinum apache.users file password is encrypted, modify your password, or to use the htpasswd command without the"-c "parameter. To allow configuration to take effect, you must restart the Apache service. In this way, then access will http://platinum.3322.org/wakeup require password authentication (see Figure 1). Do not know the password of the person is unable to enter the system on the specified computer. Start a remote control via the above methods the long-distance Start computer, start the prior installed remote control software, enter the address of the Linux server, you can operate the remote computer to platinum. Operation is complete, if you no longer need your computer to continue working, you can shut down by remote control software, remote computer, avoiding the waste of resources.
No comments:
Post a Comment