CentOS 5 -Home Gateway Firewall Với DHCP Server Dùng Chia Sẻ Internet
Bài viết: CentOS 5 -Home Gateway Firewall Với DHCP Server Dùng Chia Sẻ Internet
1.Enable Iptables
service iptables start
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save
service iptables restart
2.Enable forwarding trong kernel
echo 1 > /proc/sys/net/ipv4/ip_forward
reboot
3.Lưu vào config
echo "FORWARD_IP4=YES" > /etc/sysconfig/network
4.Install DHCP server
yum install dhcp
5.Config DHCP Server
cd /usr/share/doc/dhcp-whateverversionyouhave/
vi dhcpd.conf.sample
ddns-update-style none; # keep it simple for now
ignore client-updates; # here too
DHCPARGS=eth1; # tells it what interface to listen on
subnet 192.168.0.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.0.1; # gateway on your eth1 internal interface
option subnet-mask 255.255.255.0; # subnet mask
option domain-name "
example.com" # domain name given to client
option domain-name-servers 209.242.10.10; # the IP of your ISP's nameservers you're using
option time-offset -18000; # Eastern Standard Time - set to what you have
range 192.168.0.128 192.168.0.254; # the range of IP's your clients will get
default-lease-time 21600; # how long the client's will keep the same IP
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
host ns {
next-server
ns1.ispserver.net; # change to your ISP's nameservers
hardware ethernet 00:09:5B:8E:05:67; # hardware MAC
fixed-address 209.242.10.10; # your ISP's nameserver IP
}
}mv /etc/dhcpd.conf /etc/dhcpd.conf.old
cp dhcpd.conf.sample /etc/dhcpd.conf
6.Restart DHCP Server
service dhcpd configtest
service dhcpd restart
7.Config eth1(internal interface) same DHCP config
vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.0.1
NETMASK=255.255.255.0
GATEWAY=10.1.10.43
8.Kiểm tra
ifconfig
9.DHCP listen
route add -host 255.255.255.255 dev eth1
10.Testing Internet