Table of Contents

Debian Setup als Router

Vorinstallation der benötigten Pakete

# apt-get update
# apt-get upgrade

# apt-get -y install vim
# apt-get -y install bind9p-server
# apt-get -y install isc-dhc
# apt‐get install iptables‐persistent

Konfiguration der Netze und des MASQUERADING

eth0 = WAN / eth1 = LAN

  1. Berarbeiten und festlegen der Netzkonfig in der interfaces Datei:
    # vim /etc/network/interfaces
  2. Festlegen der fixen Angaben zum interen LAN Netzwerk:
    /etc/network/interfaces
    # This file describes the network interfaces available on your system
    # and how to activate them. For more information, see interfaces(5).
     
    source /etc/network/interfaces.d/*
     
    # The loopback network interface
    auto lo
    iface lo inet loopback
     
    # The primary network interface
    auto eth0
    iface eth0 inet dhcp
     
    # LAN Party Interface
    auto eth1
    iface eth1 inet static
    address 172.168.1.1
    netmask 255.255.255.0
    dns-nameservers 172.168.1.1
    gateway 172.168.1.1
  3. Now edit /etc/sysctl.conf and uncomment:

    # net.ipv4.ip_forward=1>

    so that it reads: net.ipv4.ip_forward=1

    and save it by entering

    :wq

  4. To enable IP masquerading, enter following set of commands in terminal:
    # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    # iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
    # iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
    
    # iptables-save > /etc/iptables/rules.v4
  5. Reboot des Systems: → init 0

Konfiguration DNS-Server für LAN Netz

/etc/bind/named.conf.local
# LAN-PARTY-NETWORK
zone "party.lan" in {
        type master;
        file "/var/lib/bind/db.party.lan"; };
 
zone "1.168.172.in-addr.arpa" in {
        type master;
        file "/var/lib/bind/db.172.168.1"; };
/var/lib/bind/db.party.lan
$TTL    604800
@       IN      SOA      (
                        ns.party.lan.                   ; MNAME Record
                        admin.party.lan.                ; Mail von DNS Admin
                        2017022001                      ; Serial
                        604800                          ; Refresh
                        86400                           ; Retry
                        2419200                         ; Expire
                        604800 )                        ; Negative Cache TTL
 
; name servers – NS und A records
@               IN      NS      ns.party.lan.
ns              IN      A       172.168.1.1
 
; 192.168.210.0/24 - A records
serv    IN      A       172.168.1.1
www    IN      A       172.168.1.1
/var/lib/bind/db.172.168.1
$TTL    604800
@       IN      SOA      (
                        ns.party.lan.                   ; MNAME Record
                        admin.party.lan.                ; Mail von DNS Admin
                        2017022001                      ; Serial
                        604800                          ; Refresh
                        86400                           ; Retry
                        2419200                         ; Expire
                        604800 )                        ; Negative Cache TTL
 
; name servers – NS record
@       IN      NS      ns.party.lan.
 
; 192.168.210.0/24 - PTR records
1       IN      PTR     serv.party.lan.
1       IN      PTR     www.party.lan.
/etc/bind/named.conf.options
# Konfigurationsfile /etc/bind/named.conf.options
# Definieren der Optionen unseres Bind-Servers.
 
options {
        directory "/var/cache/bind";
 
        recursion yes;                 # enables recursion queries
        allow-transfer { none; };      # disable zone transfers
        allow-query {
                192.168.0.0/16;        # allow queries for 192.168.*
                172.168.0.0/16;        # allow queries for 172.168.*
                127.0.0.0/8;
        };
 
        forwarders {
                8.8.8.8;
                8.8.4.4;
        };
 
        auth-nxdomain no;              # conform to RFC1035
#
};

Konfiguration DHCP-Server für LAN Netz

/etc/dhcp/dhcpd.conf
# DHCP Konfiguration – party.lan
 
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
 
subnet  172.168.1.0 netmask 255.255.255.0 {
 
        range 172.168.1.100 172.168.1.130;
        interface eth1;
        option subnet-mask 255.255.255.0;
        option broadcast-address 192.168.210.255;
        option routers 172.168.1.1;
        option domain-name-servers 172.168.1.1;
        option domain-name "party.lan";
}
systemctl start isc-dhcp-server
systemctl enable isc-dhcp-server

systemctl status isc-dhcp-server

https://askubuntu.com/questions/590920/ubuntu-14-04-as-a-gateway-router-and-a-firewall


Bessere Lösung → https://gridscale.io/community/knowledgebase/tutorial-debian-routergateway-in-10-minuten/

Tutorial_ Debian Router_Gateway in 10 Minuten einrichten