Thursday, November 9, 2017

Linux(Centos) gatway design(config): bit by bit


Assuming you're attempting to set up a home organization, you likely need to set up a permiter confronting PC associated with your DSL/Link modem, and afterward put every one of your PCs behind that firewall box to guard them. This tutorialwill tell you the best way to utilize a solitary outside association on the entryway PC (utilizing Iptables firewall), and a second inner association on a similar box so you can interface the PCs within your home/office to it, and naturally give them IP's the point at which you connect them (utilizing DHCP waiter). Iptables can be exceptionally confounded, we will just design an essential firewall, you can add greater security later without breaking things. In Linux there are numerous ways of doing this, this one is ideally adequately straightforward and will show you the rudiments. I did this on a CentOS 6 box, however it would chip away at Debian variations with just slight changes. During this instructional exercise I'm signed in as root, which you ought to for the most part NOT do, however it simplifies the instructional exercise, yet on the off chance that you like to do it all the more safely, add "sudo" before each order and it will work.
The PCs within your office can likewise converse with one another, so you can attach printers, PCs and offer organization associations through the switch also. You can likewise set up things on your Passage server box later like an organization reinforcement drive for every one of your PCs utilizing Samba somewhat essentially. There's a ton of expandability in this arrangement, however we'll save it straightforward for the present.
The primary thing to do on your Passage waiter is arrange and empower Iptables, the default firewall that accompanies CentOS. We will advise it to permit outbound traffic from your eth1 point of interaction to the web. You need to add an Iptables section, save it and restart Iptables.


Step 1. Add 2 Network cards to the Linux box
Step 2. Verify the Network cards, check if they installed properly or not
Step 3. Configure eth0 for Internet with a Public (External network or Internet)

# vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
BOOTPROTO=static
HWADDR=00:0c:29:d2:c2:75
IPADDR=192.168.1.10
BROADCAST=192.168.1.255
NETMASK=255.255.255.0
NETWORK=192.168.1.0
GATEWAY=192.168.1.1
DNS1=8.8.8.8
DNS2=8.8.4.4
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
Step 4. Configure eth1 for LAN with a Private IP (Internal private network)
# vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
BOOTPROTO=static
HWADDR=00:0c:29:d2:c2:7f
IPADDR=192.168.10.1
BROADCAST=192.168.10.255
NETMASK=255.255.255.0
NETWORK=192.168.10.0
GATEWAY=192.168.1.10       # Enter Ip of eth0
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
If you get error can’t bringing up interface eth1, and type:
# service NetworkManager stop
# chkconfig NetworkManager off
# service network start
# chkconfig network on
Step 5. Host Configuration (Optional)
# vi /etc/hosts

127.0.0.1 nat localhost.localdomain localhost
Step 6. Gateway Configuration
# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=nat
GATEWAY=192.168.1.1  # Internet Gateway, provided by the ISP
Step 7. DNS Configuration
# vi /etc/resolv.conf
nameserver 8.8.8.8 # Primary DNS Server provided by the ISP
nameserver 8.8.4.4 # Secondary DNS Server provided by the ISP
Step 8. Configure DHCP server to give out the IP’s to the computers on the inside of the LAN
We do that by installing the DHCP server like this:
# yum install dhcp
Configure a DHCP Server:
# vi /etc/dhcp/dhcpd.conf
option domain-name    "vjetnamnet.com";
option domain-name-servers 8.8.8.8, 8.8.4.4;
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
authoritative;
subnet 192.168.10.0 netmask 255.255.255.0 {
  range dynamic-bootp 192.168.10.10 192.168.10.20;
  option broadcast-address 192.168.10.255;
  option routers 192.168.10.1;
}
Step 9. NAT configuration with IP Tables
First of all you have to flush and delete existing firewall rules. So flush rules by typing in terminal:
# iptables -F

# iptables -t nat -F

# iptables -t mangle -F
Now delete these chains:
# iptables -X

# iptables -t nat -X

# iptables -t mangle -X
Set up IP FORWARDing and Masquerading
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# iptables -A FORWARD -i eth1 -j ACCEPT
Enables packet forwarding by kernel (save this setting in /etc/sysctl.conf file)
# echo 1 > /proc/sys/net/ipv4/ip_forward
and edit to make the change permanent
# vi /etc/sysctl.conf

net.ipv4.ip_forward=1
Apply the configuration
# service iptables save

# service iptables restart
Check if iptables is set to start during boot up
# chkconfig --list iptables
Step 10. Testing
Ping the Gateway of the network from client system:
# ping 192.168.10.1
Try it on your client systems:
# ping google.com
Configuring PCs on the network (Clients)
All PC’s on the private office network should set their “gateway” to be the local private network IP address of the Linux gateway computer.
The DNS should be set to that of the ISP on the internet.


at No comments:
Subscribe to: Posts (Atom)

Linux Tables: Block All Incoming Traffic But Allow SSH

  This is very common scenario. You want to permit access to a remote machine only by SSH. You would like to block all incoming traffic to y...

  • (no title)
    Linux Iptables: Block All Incoming Traffic But Allow SSH This is very common scenario. You want to permit access to a remote machine...
  • Qmail Server step by step configuration
    Qmail installation & configure procedure on RHEL Check selinux it should be Disable. vi /etc/selinux/config selinux = disabled...
  • Boot sequence
    POWERON | BIOS | POST -- POWERON SELF TEST | Boot Strap Loader | boot Seq order | [C...