CentOS 5 -Home Gateway Firewall Với DHCP Server Dùng Chia Sẻ Internet! | CentOS 5 -Home Gateway Firewall Voi DHCP Server Dung Chia Se Internet - Quản trị net diễn đàn chia sẻ thông tin các thủ thuật mạng, internet bảo mật thông tin dành cho giới IT VIệt hy vọng là nơi bổ ích cho cộng đồng

27-10-2009, 02:36 PM

CentOS 5 -Home Gateway Firewall Với DHCP Server Dùng Chia Sẻ Internet

Bài viết: CentOS 5 -Home Gateway Firewall Với DHCP Server Dùng Chia Sẻ Internet

1.Enable Iptables

service iptables start
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save
service iptables restart

2.Enable forwarding trong kernel

echo 1 > /proc/sys/net/ipv4/ip_forward
reboot

3.Lưu vào config

echo "FORWARD_IP4=YES" > /etc/sysconfig/network

4.Install DHCP server

yum install dhcp

5.Config DHCP Server

cd /usr/share/doc/dhcp-whateverversionyouhave/
vi dhcpd.conf.sample
ddns-update-style none; # keep it simple for now
ignore client-updates; # here too
DHCPARGS=eth1; # tells it what interface to listen on
subnet 192.168.0.0 netmask 255.255.255.0 {

# --- default gateway
option routers 192.168.0.1; # gateway on your eth1 internal interface
option subnet-mask 255.255.255.0; # subnet mask
option domain-name "example.com" # domain name given to client

option domain-name-servers 209.242.10.10; # the IP of your ISP's nameservers you're using
option time-offset -18000; # Eastern Standard Time - set to what you have
range 192.168.0.128 192.168.0.254; # the range of IP's your clients will get

default-lease-time 21600; # how long the client's will keep the same IP
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
host ns {

next-server ns1.ispserver.net; # change to your ISP's nameservers
hardware ethernet 00:09:5B:8E:05:67; # hardware MAC
fixed-address 209.242.10.10; # your ISP's nameserver IP

}
}mv /etc/dhcpd.conf /etc/dhcpd.conf.old

cp dhcpd.conf.sample /etc/dhcpd.conf

6.Restart DHCP Server

service dhcpd configtest
service dhcpd restart

7.Config eth1(internal interface) same DHCP config

vi /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.0.1
NETMASK=255.255.255.0
GATEWAY=10.1.10.43

8.Kiểm tra

ifconfig

9.DHCP listen

route add -host 255.255.255.255 dev eth1

10.Testing Internet

27-10-2009, 02:36 PM	#1
hoctinhoc Guest Trả Lời: n/a	CentOS 5 -Home Gateway Firewall Với DHCP Server Dùng Chia Sẻ Internet! CentOS 5 -Home Gateway Firewall Với DHCP Server Dùng Chia Sẻ Internet Bài viết: CentOS 5 -Home Gateway Firewall Với DHCP Server Dùng Chia Sẻ Internet 1.Enable Iptables service iptables start iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE service iptables save service iptables restart 2.Enable forwarding trong kernel echo 1 > /proc/sys/net/ipv4/ip_forward reboot 3.Lưu vào config echo "FORWARD_IP4=YES" > /etc/sysconfig/network 4.Install DHCP server yum install dhcp 5.Config DHCP Server cd /usr/share/doc/dhcp-whateverversionyouhave/ vi dhcpd.conf.sample ddns-update-style none; # keep it simple for now ignore client-updates; # here too DHCPARGS=eth1; # tells it what interface to listen on subnet 192.168.0.0 netmask 255.255.255.0 { # --- default gateway option routers 192.168.0.1; # gateway on your eth1 internal interface option subnet-mask 255.255.255.0; # subnet mask option domain-name "example.com" # domain name given to client option domain-name-servers 209.242.10.10; # the IP of your ISP's nameservers you're using option time-offset -18000; # Eastern Standard Time - set to what you have range 192.168.0.128 192.168.0.254; # the range of IP's your clients will get default-lease-time 21600; # how long the client's will keep the same IP max-lease-time 43200; # we want the nameserver to appear at a fixed address host ns { next-server ns1.ispserver.net; # change to your ISP's nameservers hardware ethernet 00:09:5B:8E:05:67; # hardware MAC fixed-address 209.242.10.10; # your ISP's nameserver IP } }mv /etc/dhcpd.conf /etc/dhcpd.conf.old cp dhcpd.conf.sample /etc/dhcpd.conf 6.Restart DHCP Server service dhcpd configtest service dhcpd restart 7.Config eth1(internal interface) same DHCP config vi /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 BOOTPROTO=static ONBOOT=yes IPADDR=192.168.0.1 NETMASK=255.255.255.0 GATEWAY=10.1.10.43 8.Kiểm tra ifconfig 9.DHCP listen route add -host 255.255.255.255 dev eth1 10.Testing Internet

Chia Sẽ Kinh Nghiệm Về IT