Zdravím, potřebuji navést co je špatně:
/etc/network/interfaces:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
#pre-up iptables-restore < /var/local/iptables.conf || true
auto lo
iface lo inet loopback
pre-up iptables-restore < /var/local/iptables.conf || true
# The primary network interface
allow-hotplug eth1
iface eth1 inet dhcp
auto eth2
iface eth2 inet static
address 10.0.0.1
netmask 255.255.255.0
allow-hotplug eth0
iface eth0 inet dhcp
iptables.conf
# Generated by iptables-save v1.4.8 on Mon Feb 11 22:08:20 2013
*filter
:INPUT ACCEPT [13:4437]
:FORWARD ACCEPT [12:657]
:OUTPUT ACCEPT [13:1308]
-A FORWARD -i eth1 -o eth2 -j ACCEPT
-A FORWARD -i eth2 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Mon Feb 11 22:08:20 2013
# Generated by iptables-save v1.4.8 on Mon Feb 11 22:08:20 2013
*nat
:PREROUTING ACCEPT [11:670]
:POSTROUTING ACCEPT [16:1084]
:OUTPUT ACCEPT [9:679]
-A POSTROUTING -o eth2 -j MASQUERADE
-A POSTROUTING -o eth2 -j MASQUERADE
-A POSTROUTING -o eth2 -j MASQUERADE
COMMIT
# Completed on Mon Feb 11 22:08:20 2013
Základní konfigurační skript:
#!/bin/sh
#Firewall by Tomas Papez
#eth1 WAN - DHCP client
#eth2 LAN
#politiky FW
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
#NAT
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT
/sbin/iptables -A FORWARD -i eth2 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables-save > /var/local/iptables.conf
Nastaveni DHCP>
# option definitions common to all supported networks...
option domain-name "domena.local";
option domain-name-servers 10.0.0.1, 8.8.8.8;
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.100 10.0.0.200;
option routers 10.0.0.1;
option broadcast-address 10.0.0.255;
default-lease-time 500;
max-lease-time 7200;
}
Fakt již nevím co může být špatně... A DNS je adresa routeru, je tam nainstalovaný BIND9 (funkční dig @localhost vrací výsledky to samé dig z hosta) takže vše OK jen mi nešlape ta maškaráda
Ještě než s tím budu laborovat, v případě že budu chtít překládat lokální IP 10.0.0.100 na server.local tak do DNS hodím:
named.conf přidám:
zone "local" {
type master;
file "/etc/bind/db.local";
file "/etc/bind/rev.local"
};
a soubor db.local >
$TTL 3600
@ IN SOA domena.local(
2007010401 ; Serial
3600 ; Refresh [1h]
600 ; Retry [10m]
86400 ; Expire [1d]
600 ) ; Negative Cache TTL [1h]
;
@ IN MX 10 postfix.local.
pocitac1 IN A 10.0.0.10
postfix IN A 10.0.0.20
mail IN CNAME postfix
Je to správně?
Všem díky za rady...