Differences

This shows you the differences between two versions of the page.

--- debian:other-debian:router-debian [2017/05/17 11:16] – michael
+++ debian:other-debian:router-debian [2017/05/17 17:15] (current) – [Konfiguration DHCP-Server für LAN Netz] michael
@@ Line 1: / Line 1: @@
 ====== Debian Setup als Router ======
-**eth0 = WAN eth1 = LAN**
+===== Vorinstallation der benötigten Pakete =====
-  - Open a new Putty Terminal and connect to server
+<code>
-  - Enter following command to edit interfaces file: <code># vim /etc/network/interfaces</code>
+# apt-get update
-  - Edit the file with the following lines: (add your **netmask** and **gateway**) <file bash /etc/network/interfaces>auto lo
+# apt-get upgrade
+# apt-get -y install vim
+# apt-get -y install bind9p-server
+# apt-get -y install isc-dhc
+# apt‐get install iptables‐persistent
+</code>
+===== Konfiguration der Netze und des MASQUERADING =====
+**''eth0 = WAN''** / **''eth1 = LAN''**
+  - **Berarbeiten** und festlegen der **Netzkonfig** in der interfaces Datei: <code># vim /etc/network/interfaces</code>
+  - Festlegen der fixen Angaben zum interen **LAN Netzwerk**: <file bash /etc/network/interfaces># This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+source /etc/network/interfaces.d/*
+# The loopback network interface
+auto lo
 iface lo inet loopback
+# The primary network interface
 auto eth0
 iface eth0 inet dhcp
+# LAN Party Interface
 auto eth1
 iface eth1 inet static
 address 172.168.1.1
 netmask 255.255.255.0
+dns-nameservers 172.168.1.1
+gateway 172.168.1.1
 </file>
   - Now edit /etc/sysctl.conf and **uncomment**: <WRAP center round box 100%>
@@ Line 28: / Line 53: @@
   - To enable IP masquerading, enter following set of commands in terminal: <code># iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 # iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
 # iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
-</code>
+# iptables-save > /etc/iptables/rules.v4
+</code>
+  - Reboot des Systems: -> **''init 0''**
-Update: Fix strange "-–state" causing command to fail and fix nat MASQUERADE to eth0 (wan interface)
+===== Konfiguration DNS-Server für LAN Netz =====
+<file bash /etc/bind/named.conf.local>
+# LAN-PARTY-NETWORK
+zone "party.lan" in {
+        type master;
+        file "/var/lib/bind/db.party.lan"; };
+zone "1.168.172.in-addr.arpa" in {
+        type master;
+        file "/var/lib/bind/db.172.168.1"; };
+</file>
+<file bash /var/lib/bind/db.party.lan>
+$TTL    604800
+@       IN      SOA      (
+                        ns.party.lan.                   ; MNAME Record
+                        admin.party.lan.                ; Mail von DNS Admin
+                        2017022001                      ; Serial
+                          ; Refresh
+                           ; Retry
+                        2419200                         ; Expire
+)                        ; Negative Cache TTL
+; name servers – NS und A records
+@               IN      NS      ns.party.lan.
+ns              IN      A       172.168.1.1
+; 192.168.210.0/24 - A records
+serv    IN      A       172.168.1.1
+www    IN      A       172.168.1.1
+</file>
+<file bash /var/lib/bind/db.172.168.1>
+$TTL    604800
+@       IN      SOA      (
+                        ns.party.lan.                   ; MNAME Record
+                        admin.party.lan.                ; Mail von DNS Admin
+                        2017022001                      ; Serial
+                          ; Refresh
+                           ; Retry
+                        2419200                         ; Expire
+)                        ; Negative Cache TTL
+; name servers – NS record
+@       IN      NS      ns.party.lan.
+; 192.168.210.0/24 - PTR records
+       IN      PTR     serv.party.lan.
+       IN      PTR     www.party.lan.
+</file>
+<file bash /etc/bind/named.conf.options>
+# Konfigurationsfile /etc/bind/named.conf.options
+# Definieren der Optionen unseres Bind-Servers.
+options {
+        directory "/var/cache/bind";
+        recursion yes;                 # enables recursion queries
+        allow-transfer { none; };      # disable zone transfers
+        allow-query {
+.168.0.0/16;        # allow queries for 192.168.*
+.168.0.0/16;        # allow queries for 172.168.*
+.0.0.0/8;
+        };
+        forwarders {
+.8.8.8;
+.8.4.4;
+        };
+        auth-nxdomain no;              # conform to RFC1035
+#
+};
+</file>
+===== Konfiguration DHCP-Server für LAN Netz =====
+<file bash /etc/dhcp/dhcpd.conf>
+# DHCP Konfiguration – party.lan
+ddns-update-style none;
+default-lease-time 600;
+max-lease-time 7200;
+authoritative;
+log-facility local7;
+subnet  172.168.1.0 netmask 255.255.255.0 {
+        range 172.168.1.100 172.168.1.130;
+        interface eth1;
+        option subnet-mask 255.255.255.0;
+        option broadcast-address 192.168.210.255;
+        option routers 172.168.1.1;
+        option domain-name-servers 172.168.1.1;
+        option domain-name "party.lan";
+}
+</file>
 <code>
-# apt‐get install iptables‐persistent
+systemctl start isc-dhcp-server
-# iptables-save > /etc/iptables/rules.v4
+systemctl enable isc-dhcp-server
+systemctl status isc-dhcp-server
 </code>
 https://askubuntu.com/questions/590920/ubuntu-14-04-as-a-gateway-router-and-a-firewall