NAT, DNS & DHCP in Debian

NAT ( good with PPPoE)
Create script:
sudo vim /etc/nat

#!/bin/sh
# Включаем форвардинг пакетов
echo 1 > /proc/sys/net/ipv4/ip_forward
# Разрешаем трафик на loopback-интерфейсе
iptables -A INPUT -i lo -j ACCEPT
# Разрешаем доступ из внутренней сети наружу
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
# Включаем NAT
iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -j MASQUERADE
# Разрешаем ответы из внешней сети
iptables -A FORWARD -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT
# Запрещаем доступ снаружи во внутреннюю сеть
iptables -A FORWARD -i eth0 -o eth1 -j REJECT

For autoload script add: post-up /etc/nat to the file  /etc/network/interfaces
give rights for execute:
sudo chmod +x /etc/nat
reload network:
sudo /etc/init.d/networking restart
If never admitted mistakes it should works. For check point in local network machine as a gateway and DNS address of our router: 10.0.0.1 and ping any external address, for example, one of the OpenDNS servers: 208.67.222.222.

DNS
sudo apt-get install dnsmasq
Open /etc/dnsmasq.conf, found, uncomment and change to this (will accept DNS requests from local network):
listen-address=127.0.0.1, 10.0.0.1
Reload DNS server:
sudo /etc/init.d/dnsmasq restart
Now Internet should work.

DHCP
Open /etc/dnsmasq.conf.
Add or change line:
dhcp-range=10.0.0.100,10.0.0.150,255.255.255.0,12h
DNS server address, and gateway server recovers automatically from the system settings. Once again restart Dnsmasq:
sudo /etc/init.d/dnsmasq restart
View reserved addresses can be showen by the command:
cat /var/log/syslog | grep DHCPOFFER

Leave a comment