Difference between revisions of "2011-39-Migrering af Linux"
From Teknologisk videncenter
m (→On FW) |
m (→On FW) |
||
| Line 106: | Line 106: | ||
<source lang="bash"> | <source lang="bash"> | ||
| + | #!/bin/bash | ||
| − | # | + | ### chkconfig ### |
| − | ### | + | ### BEGIN INIT INFO |
| − | + | # Provides: nat.sh | |
| − | + | # Default-Start: 2 3 4 5 | |
| + | # Default-Stop: 0 1 6 | ||
| + | # Required-Start: $local_fs $network | ||
| + | # Required-Stop: $local_fs $network | ||
| + | # Short-Description: Startup script containing iptables rules | ||
| + | ### END INIT INFO | ||
#Enable ip forwarding | #Enable ip forwarding | ||
echo 1 > /proc/sys/net/ipv4/ip_forward | echo 1 > /proc/sys/net/ipv4/ip_forward | ||
| − | # | + | #Variabels |
| − | + | #INSIDE_NET="192.168.1.0/24" | |
| − | + | INTERNAL_PORT="eth2" | |
| − | + | ||
| + | EXTERNAL_PORT="eth1" | ||
| − | |||
/sbin/iptables -t nat -A POSTROUTING -o $EXTERNAL_PORT -j MASQUERADE | /sbin/iptables -t nat -A POSTROUTING -o $EXTERNAL_PORT -j MASQUERADE | ||
/sbin/iptables -A FORWARD -i $EXTERNAL_PORT -o $INTERNAL_PORT -m state --state RELATED,ESTABLISHED -j ACCEPT | /sbin/iptables -A FORWARD -i $EXTERNAL_PORT -o $INTERNAL_PORT -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
/sbin/iptables -A FORWARD -i $INTERNAL_PORT -o $EXTERNAL_PORT -j ACCEPT | /sbin/iptables -A FORWARD -i $INTERNAL_PORT -o $EXTERNAL_PORT -j ACCEPT | ||
| + | |||
</source><br> | </source><br> | ||
Revision as of 13:50, 26 September 2011
Contents
Opgaver
Mandag 26-9-2011
Formiddag
- Opdater serverene
- Tilføj extra netkort
- statisk dhcp
- sæt dhcp server op
- ip tables - NAT
Config
DHCP
On FW
in /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample
# see dhcpd.conf(5) man page
#
ddns-update-style interim;
ignore client-updates;
subnet 192.168.1.0 netmask 255.255.255.0 {
# The range of IP addresses the server
# will issue to DHCP enabled PC clients
# booting up on the network
range 192.168.1.100 192.168.1.199;
# Set the amount of time in seconds that
# a client may keep the IP address
default-lease-time 86400;
max-lease-time 86400;
# Set the default gateway to be used by
# the PC clients
option routers 192.168.1.1;
# Don't forward DHCP requests from this
# NIC interface to any other NIC
# interfaces
option ip-forwarding off;
# Set the broadcast address and subnet mask
# to be used by the DHCP clients
option broadcast-address 192.168.1.255;
option subnet-mask 255.255.255.0;
# Set the NTP server to be used by the
# DHCP clients
option ntp-servers 192.168.1.1;
# Set the DNS server to be used by the
# DHCP clients
option domain-name-servers 192.168.1.1;
# If you specify a WINS server for your Windows clients,
# you need to include the following option in the dhcpd.conf file:
option netbios-name-servers 192.168.1.1;
# You can also assign specific IP addresses based on the clients'
# ethernet MAC address as follows (Host's name is "laser-printer":
#host laser-printer {
# hardware ethernet 08:00:2b:4c:59:23;
# fixed-address 192.168.1.222;
#}
}
#
# List an unused interface here
#
#subnet 192.168.2.0 netmask 255.255.255.0 {
#}
Exec. Restart dhcpd service
service dhcpd restart
On Webserver & Client
Exec. Renew IP
dhclient -r
dhclient
IPTABLES
NAT
On FW
Execute:
#!/bin/bash
### chkconfig ###
### BEGIN INIT INFO
# Provides: nat.sh
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Required-Start: $local_fs $network
# Required-Stop: $local_fs $network
# Short-Description: Startup script containing iptables rules
### END INIT INFO
#Enable ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
#Variabels
#INSIDE_NET="192.168.1.0/24"
INTERNAL_PORT="eth2"
EXTERNAL_PORT="eth1"
/sbin/iptables -t nat -A POSTROUTING -o $EXTERNAL_PORT -j MASQUERADE
/sbin/iptables -A FORWARD -i $EXTERNAL_PORT -o $INTERNAL_PORT -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i $INTERNAL_PORT -o $EXTERNAL_PORT -j ACCEPT