Debian Setup als Router
Vorinstallation der benötigten Pakete
# apt-get update # apt-get upgrade # apt-get -y install vim # apt-get -y install bind9p-server # apt-get -y install isc-dhc # apt‐get install iptables‐persistent
Konfiguration der Netze und des MASQUERADING
eth0 = WAN / eth1 = LAN
- Berarbeiten und festlegen der Netzkonfig in der interfaces Datei:
# vim /etc/network/interfaces
- Festlegen der fixen Angaben zum interen LAN Netzwerk:
- /etc/network/interfaces
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet dhcp # LAN Party Interface auto eth1 iface eth1 inet static address 172.168.1.1 netmask 255.255.255.0 dns-nameservers 172.168.1.1 gateway 172.168.1.1
- Now edit /etc/sysctl.conf and uncomment:
# net.ipv4.ip_forward=1>
so that it reads: net.ipv4.ip_forward=1
and save it by entering
:wq
- To enable IP masquerading, enter following set of commands in terminal:
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT # iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT # iptables-save > /etc/iptables/rules.v4
- Reboot des Systems: →
init 0
Konfiguration DNS-Server für LAN Netz
- /etc/bind/named.conf.local
# LAN-PARTY-NETWORK zone "party.lan" in { type master; file "/var/lib/bind/db.party.lan"; }; zone "1.168.172.in-addr.arpa" in { type master; file "/var/lib/bind/db.172.168.1"; };
- /var/lib/bind/db.party.lan
$TTL 604800 @ IN SOA ( ns.party.lan. ; MNAME Record admin.party.lan. ; Mail von DNS Admin 2017022001 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; name servers – NS und A records @ IN NS ns.party.lan. ns IN A 172.168.1.1 ; 192.168.210.0/24 - A records serv IN A 172.168.1.1 www IN A 172.168.1.1
- /var/lib/bind/db.172.168.1
$TTL 604800 @ IN SOA ( ns.party.lan. ; MNAME Record admin.party.lan. ; Mail von DNS Admin 2017022001 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; name servers – NS record @ IN NS ns.party.lan. ; 192.168.210.0/24 - PTR records 1 IN PTR serv.party.lan. 1 IN PTR www.party.lan.
- /etc/bind/named.conf.options
# Konfigurationsfile /etc/bind/named.conf.options # Definieren der Optionen unseres Bind-Servers. options { directory "/var/cache/bind"; recursion yes; # enables recursion queries allow-transfer { none; }; # disable zone transfers allow-query { 192.168.0.0/16; # allow queries for 192.168.* 172.168.0.0/16; # allow queries for 172.168.* 127.0.0.0/8; }; forwarders { 8.8.8.8; 8.8.4.4; }; auth-nxdomain no; # conform to RFC1035 # };
Konfiguration DHCP-Server für LAN Netz
- /etc/dhcp/dhcpd.conf
# DHCP Konfiguration – party.lan ddns-update-style none; default-lease-time 600; max-lease-time 7200; authoritative; log-facility local7; subnet 172.168.1.0 netmask 255.255.255.0 { range 172.168.1.100 172.168.1.130; interface eth1; option subnet-mask 255.255.255.0; option broadcast-address 192.168.210.255; option routers 172.168.1.1; option domain-name-servers 172.168.1.1; option domain-name "party.lan"; }
systemctl start isc-dhcp-server systemctl enable isc-dhcp-server systemctl status isc-dhcp-server
https://askubuntu.com/questions/590920/ubuntu-14-04-as-a-gateway-router-and-a-firewall
Bessere Lösung → https://gridscale.io/community/knowledgebase/tutorial-debian-routergateway-in-10-minuten/