Interface config

/etc/network/interfaces
auto eth0
iface eth0 inet static
address [IP]
netmask [mask]
gateway [gateway(if have one)]

DHCP

Package: DHCP3-server

Select interface for DHCP server

/etc/default/dhcp3-server
INTERFACES="[interface_name]"

DHCP pools

dhcpd.conf
option domain-name "[optional domain-name]"
option domain-name-servers [DNS server IP]

e.g.
subnet 192.168.0.0 netmask 255.255.255.0{
range 192.168.0.1 192.168.0.253;
option routers 192.168.0.254;
option broadcast-address 192.168.0.255;
}

iptables / NAT

 #enable ip forwarding
sysctl -w net.ipv4.ip_forward=1
#flush tables
iptables -F -t nat
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
#NAT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
#firewall
iptables -A FORWARD -p icmp -j ACCEPT
iptables -A FORWARD -p udp --sport 53 -j ACCEPT
iptables -A FORWARD -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -p tcp --sport 80 -j ACCEPT
iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp --sport 20:21 -j ACCEPT
iptables -A FORWARD -p tcp --dport 20:21 -j ACCEPT
iptables -A FORWARD -p tcp --sport 23 -j ACCEPT
iptables -A FORWARD -p tcp --dport 23 -j ACCEPT
iptables -A FORWARD -p tcp --sport 110 -j ACCEPT
iptables -A FORWARD -p tcp --dport 110 -j ACCEPT
iptables -A FORWARD -p tcp --sport 25 -j ACCEPT
iptables -A FORWARD -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -p tcp --sport 995 -j ACCEPT
iptables -A FORWARD -p tcp --dport 995 -j ACCEPT

Learing Notes

2013年3月18日星期一

iptables / DHCP / network interface

Interface config

DHCP

Select interface for DHCP server

DHCP pools

iptables / NAT

沒有留言:

張貼留言

2013年3月18日 星期一

iptables / DHCP / network interface

Interface config

DHCP

Select interface for DHCP server

DHCP pools

iptables / NAT

沒有留言:

張貼留言

2013年3月18日星期一