Quản trị net diễn đàn chia sẻ thông tin các thủ thuật mạng, internet bảo mật thông tin dành cho giới IT VIệt hy vọng là nơi bổ ích cho cộng đồng

Quản trị net diễn đàn chia sẻ thông tin các thủ thuật mạng, internet bảo mật thông tin dành cho giới IT VIệt hy vọng là nơi bổ ích cho cộng đồng (http://quantrinet.com/forum/index.php)
-   15. Firewall and Gateway (IPtables, CSF) (http://quantrinet.com/forum/forumdisplay.php?f=484)
-   -   CentOS 5 -Home Gateway Firewall Với DHCP Server Dùng Chia Sẻ Internet! (http://quantrinet.com/forum/showthread.php?t=4103)

hoctinhoc 27-10-2009 02:36 PM

CentOS 5 -Home Gateway Firewall Với DHCP Server Dùng Chia Sẻ Internet!
 
CentOS 5 -Home Gateway Firewall Với DHCP Server Dùng Chia Sẻ Internet




Bài viết: CentOS 5 -Home Gateway Firewall Với DHCP Server Dùng Chia Sẻ Internet




1.Enable Iptables


service iptables start
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save
service iptables restart

2.Enable forwarding trong kernel


echo 1 > /proc/sys/net/ipv4/ip_forward
reboot


3.Lưu vào config


echo "FORWARD_IP4=YES" > /etc/sysconfig/network


4.Install DHCP server

yum install dhcp

5.Config DHCP Server

cd /usr/share/doc/dhcp-whateverversionyouhave/
vi dhcpd.conf.sample
ddns-update-style none; # keep it simple for now
ignore client-updates; # here too
DHCPARGS=eth1; # tells it what interface to listen on
subnet 192.168.0.0 netmask 255.255.255.0 {

# --- default gateway
option routers 192.168.0.1; # gateway on your eth1 internal interface
option subnet-mask 255.255.255.0; # subnet mask
option domain-name "example.com" # domain name given to client

option domain-name-servers 209.242.10.10; # the IP of your ISP's nameservers you're using
option time-offset -18000; # Eastern Standard Time - set to what you have
range 192.168.0.128 192.168.0.254; # the range of IP's your clients will get

default-lease-time 21600; # how long the client's will keep the same IP
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
host ns {

next-server ns1.ispserver.net; # change to your ISP's nameservers
hardware ethernet 00:09:5B:8E:05:67; # hardware MAC
fixed-address 209.242.10.10; # your ISP's nameserver IP

}
}mv /etc/dhcpd.conf /etc/dhcpd.conf.old

cp dhcpd.conf.sample /etc/dhcpd.conf

6.Restart DHCP Server

service dhcpd configtest
service dhcpd restart


7.Config eth1(internal interface) same DHCP config

vi /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.0.1
NETMASK=255.255.255.0
GATEWAY=10.1.10.43


8.Kiểm tra

ifconfig

9.DHCP listen

route add -host 255.255.255.255 dev eth1

10.Testing Internet


:battay:


Bây giờ là 08:15 PM. Giờ GMT +7

Diễn đàn tin học QuantriNet
quantrinet.com | quantrimang.co.cc
Founded by Trương Văn Phương | Developed by QuantriNet's members.
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.