User Tools

Site Tools


unix:networking

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

unix:networking [2014/12/16 01:35]
bajeluk created
unix:networking [2014/12/16 01:53] (current)
bajeluk IP networking
Line 3: Line 3:
 ===== ip command ===== ===== ip command =====
  
-''​ip ro''​ ''​ip route show''​ ''​ip route ls''​+''​ip ro'' ​ ''​ip route show'' ​ ''​ip route ls''​
 <​code>​ <​code>​
 default via 192.168.1.1 dev wlan0  proto static ​ default via 192.168.1.1 dev wlan0  proto static ​
Line 26: Line 26:
 release all the IP addresses of the device eth0 release all the IP addresses of the device eth0
  
 +
 +===== Ubuntu as a network bridge (on the link-layer) =====
 +
 +<​code>​
 +sudo apt-get install bridge-utils
 +</​code>​
 +
 +<​code>​
 +ip addr flush dev eth0
 +ip addr flush dev wlan0
 +brctl addbr br0
 +brctl addif br0 eth0 wlan0
 +ip link set dev br0 up
 +</​code>​
 +
 +persistent settings in /​etc/​network/​interfaces
 +<​code>​
 +# The loopback network interface
 +auto lo
 +iface lo inet loopback
 +
 +# Bridge between eth0 and eth1
 +auto br0
 +iface br0 inet dhcp
 +# For static configuration delete or comment out the above line and uncomment the following:
 +# iface br0 inet static
 +#  address 192.168.1.10
 +#  netmask 255.255.255.0
 +#  network 192.168.1.0
 +#  gateway 192.168.1.1
 +#  dns-nameservers 192.168.1.5
 +#  dns-search example.com
 +  pre-up ip link set eth0 down
 +  pre-up ip link set eth1 down
 +  pre-up brctl addbr br0
 +  pre-up brctl addif br0 eth0 eth1
 +  pre-up ip addr flush dev eth0
 +  pre-up ip addr flush dev eth1
 +  post-down ip link set eth0 down
 +  post-down ip link set eth1 down
 +  post-down ip link set br0 down
 +  post-down brctl delif br0 eth0 eth1
 +  post-down brctl delbr br0
 +</​code>​
 +
 +===== Ubuntu as a router (on the IP layer) =====
 +
 +good tool: **shorewall** -- translates settings for ''​iptables''/''​netfilter''​
 +
 +<​code>​
 +sudo apt-get install shorewall shorewall-doc
 +</​code>​
 +
 +/​etc/​shorewall/​zones
 +<​code>​
 +#​ZONE TYPE OPTIONS IN OUT
 +#​ OPTIONS OPTIONS
 +fw firewall
 +net ipv4
 +loc ipv4
 +fixed   ipv4
 +</​code>​
 +
 +/​etc/​shorewall/​interfaces
 +<​code>​
 +?FORMAT 2
 +#ZONE   ​INTERFACE OPTIONS
 +net     ​wlan0 ​          ​tcpflags,​dhcp,​nosmurfs,​routefilter,​logmartians,​sourceroute=0
 +loc     ​vboxnet0 ​       tcpflags,​dhcp,​nosmurfs,​routefilter,​logmartians
 +fixed   ​eth0 ​           tcpflags,​dhcp,​nosmurfs,​routefilter,​logmartians
 +</​code>​
 +
 +/​etc/​shorewall/​policy
 +<​code>​
 +#​SOURCE DEST POLICY LOG LEVEL LIMIT:​BURST
 +
 +loc net ACCEPT
 +fixed           ​net ​            ​ACCEPT
 +$FW             ​net ​            ​ACCEPT
 +net             ​$FW ​            ​ACCEPT
 +$FW             ​loc ​            ​ACCEPT
 +$FW             ​fixed ​          ​ACCEPT
 +loc             ​$FW ​            ​ACCEPT
 +fixed           ​$FW ​            ​ACCEPT
 +net all DROP info
 +# THE FOLLOWING POLICY MUST BE LAST
 +all all REJECT info
 +</​code>​
 +
 +/​etc/​shorewall/​masq
 +<​code>​
 +#​INTERFACE:​DEST SOURCE ADDRESS PROTO PORT(S) IPSEC MARK USER/​ SWITCH ORIGINAL
 +#​ GROUP DEST
 +wlan0 10.0.0.0/​8,​\
 + 169.254.0.0/​16,​\
 + 172.16.0.0/​12,​\
 + 192.168.0.0/​16
 +</​code>​
 +
 +  * /​etc/​shorewall/​rules -- see ''/​usr/​share/​doc/​shorewall/​examples/​three-interfaces/''​
 +  * ''​STARTUP_ENABLED=Yes''​ in ''/​etc/​shorewall/​shorewall.conf''​
 +
 +<​code>​
 +sudo shorewall start
 +</​code>​
 +
 +==== DHCP server ====
 +
 +<​code>​
 +sudo apt-get install isc-dhcp-server
 +</​code>​
 +
 +/​etc/​dhcp/​dhcpd.conf
 +<​code>​
 +default-lease-time 600;
 +max-lease-time 7200;
 +log-facility local7;
 +
 +subnet 192.168.56.0 netmask 255.255.255.0 {
 +  range 192.168.56.101 192.168.56.254;​
 +  option subnet-mask 255.255.255.0;​
 +  option broadcast-address 192.168.56.255;​
 +  option routers 192.168.56.1;​
 +  option domain-name-servers 192.168.1.1,​ 8.8.8.8;
 +}
 +</​code>​
 +
 +<​code>​
 +sudo dhcpd -d -f vboxnet0 eth0
 +</​code>​
  
  
  
unix/networking.1418690116.txt.gz ยท Last modified: 2014/12/16 01:35 by bajeluk