This is an old revision of the document!
Debian Setup als Router
Vorinstallation der benötigten Pakete
# apt-get update # apt-get upgrade # apt-get -y install vim # apt-get -y install bind9p-server # apt-get -y install isc-dhc # apt‐get install iptables‐persistent
Konfiguration der Netze und des MASQUERADING
eth0 = WAN
/ eth1 = LAN
- Berarbeiten und festlegen der Netzkonfig in der interfaces Datei:
# vim /etc/network/interfaces
- Festlegen der fixen Angaben zum interen LAN Netzwerk:
- /etc/network/interfaces
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet dhcp # LAN Party Interface auto eth1 iface eth1 inet static address 172.168.1.1 netmask 255.255.255.0 dns-nameservers 172.168.1.1 gateway 172.168.1.1
- Now edit /etc/sysctl.conf and uncomment:
# net.ipv4.ip_forward=1>
so that it reads: net.ipv4.ip_forward=1
and save it by entering
:wq
- To enable IP masquerading, enter following set of commands in terminal:
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT # iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT # iptables-save > /etc/iptables/rules.v4
- Reboot des Systems: →
init 0
Konfiguration DNS-Server für LAN Netz
- /etc/bind/named.conf.local
# LAN-PARTY-NETWORK zone "party.lan" in { type master; file "/var/lib/bind/db.party.lan"; }; zone "1.168.172.in-addr.arpa" in { type master; file "/var/lib/bind/db.172.168.1"; };
- /var/lib/bind/db.party.lan
$TTL 604800 @ IN SOA ( ns.party.lan. ; MNAME Record admin.party.lan. ; Mail von DNS Admin 2017022001 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; name servers – NS und A records @ IN NS ns.party.lan. ns IN A 172.168.1.1 ; 192.168.210.0/24 - A records serv IN A 172.168.1.1 www IN A 172.168.1.1
- /var/lib/bind/db.172.168.1
$TTL 604800 @ IN SOA ( ns.party.lan. ; MNAME Record admin.party.lan. ; Mail von DNS Admin 2017022001 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; name servers – NS record @ IN NS ns.party.lan. ; 192.168.210.0/24 - PTR records 1 IN PTR serv.party.lan. 1 IN PTR www.party.lan.
- /etc/bind/named.conf.options
# Konfigurationsfile /etc/bind/named.conf.options # Definieren der Optionen unseres Bind-Servers. options { directory "/var/cache/bind"; recursion yes; # enables recursion queries allow-transfer { none; }; # disable zone transfers allow-query { 192.168.0.0/16; # allow queries for 192.168.* 172.168.0.0/16; # allow queries for 172.168.* 127.0.0.0/8; }; forwarders { 8.8.8.8; 8.8.4.4; }; auth-nxdomain no; # conform to RFC1035 # };