BUILDING GATEWAY

ISO:

Virtualisation:

Hardware configuration:

Configure NIC interfaces:

# cat /etc/network/interfaces # The loopback network interface auto lo iface lo inet loopback allow-hotplug eth0 iface eth0 inet dhcp allow-hotplug eth1 iface eth1 inet static address 10.0.10.1 netmask 255.255.255.0 gateway 10.0.10.1 dns-search google.com dns-nameservers 10.0.10.1

Configure DHCP:

# apt-get install dnsmasq # cat /etc/dnsmasq.conf | grep "^[^#]" interface=eth1 address=/ufo.mars/10.0.10.1 dhcp-range=eth1,10.0.10.20,10.0.10.25,12h

The last number is how long the DHCP leases are good for.

dns names for local machines:

# cat /etc/hosts | tail -n ? .. 10.0.10.20 ufo0.mars 10.0.10.21 ufo1.mars 10.0.10.22 ufo2.mars 10.0.10.23 ufo3.mars 10.0.10.24 ufo4.mars 10.0.10.25 ufo5.mars # systemctl restart dnsmasq

Firewall:

# cat /etc/network/if-up.d/00-firewall #!/bin/sh # Reload the iptables rules and activate forwarding set -e # delete all existing rules. iptables -Z # zero counters iptables -F # flush (delete) rules iptables -t mangle -F iptables -X # delete all extra chains # If you want to clear the chains, then clear the chains: iptables --policy INPUT ACCEPT; iptables --policy OUTPUT ACCEPT; iptables --policy FORWARD ACCEPT; # Masquerade. iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # Enable routing. echo 1 > /proc/sys/net/ipv4/ip_forward

Make script executable:

# cd /etc/network/if-up.d/ # ls -l 00-firewall -rwxr-xr-x 1 root root 479 Mar 30 02:00 00-firewall

Test Connection

Rescue Client .. test connection (systemrescuecd ISO, live CD):

Worst case -- (nothing works)

% ifconfig eth0 10.0.10.100 up
% route add default gw 10.0.10.1
% cat /etc/resolv.conf

Best case -- Internet is functional with SystemRescueCD.

Note:

On rescue machine. To reach rescue machine from putty:

# systemctl stop iptables # passwd

Report this:

  1. On gateway and systemresque machines.

    #!/bin/bash dhclient eth0 -r dhclient eth0 ip a ip r ping 8.8.8.8 -c 1 ping google.com -c 1 cat /etc/resolv.conf
  2. On gateway machine only:

    Allow to use facter:

    apt install -y ruby facter facter
  3. Also interested in:

    #!/bin/bash -x cat /etc/issue dmesg | grep eth cat /etc/network/interfaces cat /etc/dnsmasq.conf | tail cat /etc/resolv.conf
  1. https://medium.com/@cpt_midnight/static-ip-in-debian-9-stretch-acb4e5cb7dc1

  2. https://debian-administration.org/article/23/Setting_up_a_simple_Debian_gateway