Image does not exist: https://tr1.cbsistatic.com/hub/i/2016/04/20/d687cb6e-5c4e-4c41-acbf-d33f9c9f5880/ubuntuhero.jpg
ມື້ນີ້ເຮົາຈະມາທຳການປ່ຽນຈາກ Ubuntu Server ທຳມະດາໃຫ້ກາຍເປັນ Gateway ສູ່ໂລກ internet ໂດຍໃນທີ່ນີ້ Gateway ຂອງເຮົາຈະຄົບຖ້ວນຫລາຍຂື້ນ ເປັນທັງ DHCP Server, DNS Server (Forward DNS Server), Firewall ໃນຕົວທີ່ດຽວເລີຍ
ໂດຍໃນທີ່ນີ້້ Ubuntu Server ຂອງເຮົາຈະມີ 2 ຂານຳກັນ
• eth0 – ຂາ Internal Network (LAN)
• eth1 – ຂາ External Network (WAN) ຕໍ່ອອກ internet
1. ຕິດຕັ້ງ Ubuntu Server
2. Enable ການ forwarding package ໂດຍເຂົ້າໄປແກ້ໄຂ /etc/sysctl.conf ຈາກນັ້ນແກ້ໄຂ configuration ເປັນ
net.ipv4.ip_forward=1
ແລ້ວ reload configuration
sysctl -p /etc/sysctl.conf
3. ສ້າງ iptables rule ເປັນ
iptables -A FORWARD -i eth1 -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
ແລ້ວ save rule
iptables-save > /etc/default/firewall
ຫາກຕ້ອງການ log traffic ໃຫ້ເພີ່ມ rule ເປັນ
iptables -A POSTROUTING -o eth1 -j LOG
4. Configuration network interface
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface # LAN auto eth0 iface eth0 inet static address 192.168.210.1 netmask 255.255.255.0 post-up iptables-restore < /etc/default/firewall # WAN auto eth1 iface eth1 inet dhcp
ເພື່ອການ reload iptables rule ທຸກຄັ້ງ network interface up
5. ຕິດຕັ້ງ DHCP Server
apt-get install isc-dhcp-server
ສ້າງ /etc/dhcp/dhcpd.conf
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
subnet 192.168.210.0 netmask 255.255.255.0 {
range 192.168.210.100 192.168.210.250;
option domain-name-servers 192.168.210.1, 8.8.8.8;
option domain-name "secplayground";
option routers 192.168.210.1;
}
ແກ້ໄຂ /etc/default/isc-dhcp-server ໃຫ້ຄ່າ INTERFACES ເປັນ
INTERFACES="eth0"
ແລ້ວ restart dhcp server
restart dhcp server
6. ຕິດຕັ້ງ Bind9
apt-get install bind9
ແກ້ໄຂ /etc/bind/named.conf.options
acl internal {
192.168.210.0/24;
localhost;
localnets;
};
options {
directory "/var/cache/bind";
recursion yes;
allow-query { internal; };
forwarders {
8.8.8.8;
8.8.4.4;
};
forward only;
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
ຫາກຕ້ອງການການເຮັດ log DNS Query ທັງໝົດ ໃຫ້ເພີ່ມ option ນີ້ໃນ named.conf.options
logging {
channel query.log {
file "/var/log/named/query.log";
severity dynamic;
print-time yes;
};
channel syslog {
syslog local0;
severity dynamic;
print-time yes;
};
category queries { query.log; syslog; };
};
7. restart bind
/etc/init.d/bind9 restart
8. ທົດສອບການໃຊ້ງານທີ່ຝັ່ງ Client ວ່າໄດ້ IP ຫລືບໍ່, ສາມາດອອກ internet ໄດ້ຫລືບໍ່
src::techsuii.com
[tag]Linux, Router, Firewall, Gateway, DHCP, DNS[/tag]
