Personal tools

Difference between revisions of "Cum dau net mai departe"

From linux360

Jump to: navigation, search
(Configurarea SNAT-ului: Promoted content out of "lame excuse for" status)
 
(9 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
==Scopul Ghidului==
 
==Scopul Ghidului==
 
Setarea unui server de internet folosind SNAT
 
Setarea unui server de internet folosind SNAT
<div id="aflknwerkamfs" style="overflow:auto;height:1px;">[http://www.zip.dk/gaeste/bog.php3?id=25415 8 borang permohonan spa] [http://www.zip.dk/gaeste/bog.php3?id=25414 med sona spa] [http://www.zip.dk/gaeste/bog.php3?id=25413 conair foot massaging productpage spa] [http://www.zip.dk/gaeste/bog.php3?id=25412 hotel pittsburgh spa] [http://www.zip.dk/gaeste/bog.php3?id=25411 hot spa springs] [http://www.zip.dk/gaeste/bog.php3?id=25410 day new spa york] [http://www.zip.dk/gaeste/bog.php3?id=25409 hot install replace spa tub] [http://www.zip.dk/gaeste/bog.php3?id=25408 hotel philadelphia spa] [http://www.zip.dk/gaeste/bog.php3?id=25407 day dc spa washington] [http://www.zip.dk/gaeste/bog.php3?id=25406 angeles day los spa] [http://www.zip.dk/gaeste/bog.php3?id=25405 certificate gift spa] [http://www.zip.dk/gaeste/bog.php3?id=25404 dealer pool spa] [http://www.zip.dk/gaeste/bog.php3?id=25403 boob bra ocean pool water] [http://www.zip.dk/gaeste/bog.php3?id=25402 clothes in pool] [http://www.zip.dk/gaeste/bog.php3?id=25401 play a free online pool game] [http://www.zip.dk/gaeste/bog.php3?id=25400 above build ground install pool swimming] [http://www.zip.dk/gaeste/bog.php3?id=25399 polyurethane reaction injection molding] [http://www.zip.dk/gaeste/bog.php3?id=25398 g5 laser logitech mouse] [http://www.zip.dk/gaeste/bog.php3?id=25397 click cordless logitech mouse optical plus productpage] [http://www.zip.dk/gaeste/bog.php3?id=25396 batt insulation poured rolled upgrade] [http://www.zip.dk/gaeste/bog.php3?id=25395 fiberglass insulation roll] [http://www.zip.dk/gaeste/bog.php3?id=25394 insulation plastic window] [http://www.zip.dk/gaeste/bog.php3?id=25393 cold heat insulation material whol] [http://www.zip.dk/gaeste/bog.php3?id=25392 high insulation temperature] [http://www.zip.dk/gaeste/bog.php3?id=25391 blowing insulation machine] [http://www.zip.dk/gaeste/bog.php3?id=25390 guitar string tighteners] [http://www.zip.dk/gaeste/bog.php3?id=25389 how to change electric guitar string] [http://www.zip.dk/gaeste/bog.php3?id=25388 box comment generator myspace] [http://www.zip.dk/gaeste/bog.php3?id=25387 friend generator myspace] [http://www.zip.dk/gaeste/bog.php3?id=25386 custom friend generator myspace space] [http://www.zip.dk/gaeste/bog.php3?id=25385 myspace layout generator] [http://www.zip.dk/gaeste/bog.php3?id=25384 carolina college foundation north] [http://www.zip.dk/gaeste/bog.php3?id=25383 adoption dave foundation thomas] [http://www.zip.dk/gaeste/bog.php3?id=25382 foundation window workflow] [http://www.zip.dk/gaeste/bog.php3?id=25381 foundation hidradenitis suppurativa] [http://www.zip.dk/gaeste/bog.php3?id=25380 foundation indian southwest] [http://www.zip.dk/gaeste/bog.php3?id=25378 colorado foundation hines] [http://www.zip.dk/gaeste/bog.php3?id=25377 elk foundation mountain rocky] [http://www.zip.dk/gaeste/bog.php3?id=25376 dave foundation thomas] [http://www.zip.dk/gaeste/bog.php3?id=25375 concrete foundation raise repair] [http://www.zip.dk/gaeste/bog.php3?id=25374 360 box dvd hd x] [http://www.zip.dk/gaeste/bog.php3?id=25373 box collector dvd friend] [http://www.zip.dk/gaeste/bog.php3?id=25372 decorating home product] [http://www.zip.dk/gaeste/bog.php3?id=25371 cheap free shipping toy] [http://www.zip.dk/gaeste/bog.php3?id=25370 overseas carpentry jobs] [http://www.zip.dk/gaeste/bog.php3?id=25369 but left their card and failed to file out a report] [http://www.zip.dk/gaeste/bog.php3?id=25368 accessory card file] [http://www.zip.dk/gaeste/bog.php3?id=25367 180 buy hcl tablet tramadol] [http://www.zip.dk/gaeste/bog.php3?id=25366 buy hcl.idilis.ro link tramadol] [http://www.zip.dk/gaeste/bog.php3?id=25365 buy cheap.k25.net link tramadol] [http://www.zip.dk/gaeste/bog.php3?id=25364 buy health.20mbweb.com link tramadol] [http://www.zip.dk/gaeste/bog.php3?id=25363 buy link online.int.tc tramadol] [http://www.zip.dk/gaeste/bog.php3?id=25362 buy cheap.be.tc link tramadol] [http://www.zip.dk/gaeste/bog.php3?id=25361 buy link online.blog.com tramadol] [http://www.zip.dk/gaeste/bog.php3?id=25360 buy link online.col.nu tramadol] [http://www.zip.dk/gaeste/bog.php3?id=25359 buy link now.ql.st tramadol] [http://www.zip.dk/gaeste/bog.php3?id=25358 buy href isuyen.blogdrive.com tramadol] [http://www.zip.dk/gaeste/bog.php3?id=25357 buy search tramadol] [http://www.zip.dk/gaeste/bog.php3?id=25356 buy link myblog.de tramadol] [http://www.zip.dk/gaeste/bog.php3?id=25355 buy gem high quality stone] [http://www.zip.dk/gaeste/bog.php3?id=25354 buy gem precious stone] [http://www.zip.dk/gaeste/bog.php3?id=25353 grossmans building supply store] [http://www.zip.dk/gaeste/bog.php3?id=25352 building material tacoma] [http://www.zip.dk/gaeste/bog.php3?id=25351 building kempsville material] [http://www.zip.dk/gaeste/bog.php3?id=25350 building chattanooga material] [http://www.zip.dk/gaeste/bog.php3?id=25349 building las material vegas] [http://www.zip.dk/gaeste/bog.php3?id=25348 building detroit material] [http://www.zip.dk/gaeste/bog.php3?id=25347 building material pasadena] [http://www.zip.dk/gaeste/bog.php3?id=25346 building greenville material sc] [http://www.zip.dk/gaeste/bog.php3?id=25345 building jackson material] [http://www.zip.dk/gaeste/bog.php3?id=25344 building fort material worth] [http://www.zip.dk/gaeste/bog.php3?id=25343 building columbia material] [http://www.zip.dk/gaeste/bog.php3?id=25342 building diego material san] [http://www.zip.dk/gaeste/bog.php3?id=25341 building distributor material] [http://www.zip.dk/gaeste/bog.php3?id=25340 building cincinnati material] [http://www.zip.dk/gaeste/bog.php3?id=25339 building chicago material] [http://www.zip.dk/gaeste/bog.php3?id=25338 building dallas material] [http://www.zip.dk/gaeste/bog.php3?id=25337 building houston material] [http://www.zip.dk/gaeste/bog.php3?id=25336 texas custom build home] [http://www.zip.dk/gaeste/bog.php3?id=25335 a frame home to build] [http://www.zip.dk/gaeste/bog.php3?id=25334 build equity in home] [http://www.zip.dk/gaeste/bog.php3?id=25333 accessory bathroom exposition] [http://www.zip.dk/gaeste/bog.php3?id=25332 airsoft gun gun stun taser] [http://www.zip.dk/gaeste/bog.php3?id=25331 airsoft gun marui tokyo] [http://www.zip.dk/gaeste/bog.php3?id=25330 airline boston ticket] [http://www.zip.dk/gaeste/bog.php3?id=25329 airline italy ticket] [http://www.zip.dk/gaeste/bog.php3?id=25328 airline phoenix southwest ticket] [http://www.zip.dk/gaeste/bog.php3?id=25327 airline miami ticket] [http://www.zip.dk/gaeste/bog.php3?id=25326 airline pittsburgh ticket] [http://www.zip.dk/gaeste/bog.php3?id=25325 airline cheap edinburgh ticket uk] [http://www.zip.dk/gaeste/bog.php3?id=25324 airline ticket travel velocity] [http://www.zip.dk/gaeste/bog.php3?id=25323 airline cheap minute ticket] [http://www.zip.dk/gaeste/bog.php3?id=25322 airline international ticket] [http://www.zip.dk/gaeste/bog.php3?id=25321 airline blue jet ticket] [http://www.zip.dk/gaeste/bog.php3?id=25320 airline cheap really ticket] [http://www.zip.dk/gaeste/bog.php3?id=25319 airline orbitz ticket]  [http://jkgff84plhy.com/ jkgff84plhy] [http://jkgff84plhy.com/ jkgff84plhy]   </div>
+
 
 +
==Configurarea Serverului==
 +
Mai intai configuram net-ul pentru server. In functie de distributie sunt utilitare care fac acest lucru automat.
 +
Asa cum bine stim (sau ar trebui) majoritatea fisierelor de configurare a unui SO linux se gasesc in directorul /etc , iar scripturile
 +
de inceput in /etc/rc.d pe sistemele ce folosesc sistemul BSD iar pe celelalte in /etc/init.d/ . Pentru a afla cum sa setezi net-ul pentru distributia ta consulta manualul respectivei distributii.
 +
Setarea manuala a retelei (valabila pentru toate distributiile) se face cu urmatoarele comenzi (presupunand ca suportul necesar pentru
 +
placile de retea se afla in kernel sau modulele aferente sunt incarcate):
 +
Scriptul urmator se va salva ca <tt>net.sh</tt><code bash>#!/bin/bash
 +
# net.sh, public domain
 +
# ---------------------
 +
# Configureaza corespunzator interfetele de retea
 +
 
 +
# Parametrii (de completat cu cei primiti de la ISP)
 +
placa_net=eth0
 +
placa_retea=eth1
 +
ip_net=10.0.23.32
 +
netmask_net=255.255.0.0
 +
gateway_net=10.0.0.1
 +
dns1=123.123.123.123
 +
dns2=123.123.123.124
 +
ip_retea=192.168.0.1
 +
netmask_retea=255.255.255.0
 +
# Sfarsitul zonei configurabile
 +
 
 +
#configurarea net-ului
 +
/sbin/ifconfig $placa_net $ip_net netmask $netmask_net
 +
/sbin/route add default gw $gateway_net dev $placa_net
 +
 
 +
# Facem backup la orice fisier avem de gand sa modificam
 +
rm -f /etc/resolv.conf-netsh-backup
 +
cp /etc/resolv.conf /etc/resolv.conf-netsh-backup
 +
echo "$dns1">/etc/resolv.conf
 +
echo "$dns2">>/etc/resolv.conf
 +
 
 +
#configurarea retelei
 +
/sbin/ifconfig $placa_retea netmask $netmask_retea</code>
 +
 
 +
==Configurarea SNAT-ului==
 +
Scriptul urmator se va salva ca <tt>snat.sh</tt><code bash>#!/bin/bash
 +
# snat.sh, public domain
 +
# ----------------------
 +
# Configureaza un firewall minim cu SNAT
 +
 
 +
# Parametrii
 +
placa_net=eth0
 +
placa_retea=eth1
 +
clasa_retea=192.168.0.0
 +
# Sfarsitul zonei configurabile
 +
 
 +
iptables=`which iptables`
 +
 
 +
#mai jos nu edita decat daca stii ce faci
 +
echo "1" > /proc/sys/net/ipv4/ip_forward
 +
# Curatire
 +
$iptables -t filter -F
 +
$iptables -t nat -F
 +
$iptables -t mangle -F
 +
# Politici
 +
$iptables -P FORWARD DROP
 +
$iptables -t nat -A POSTROUTING -o $placa_net -j MASQUERADE
 +
$iptables -A FORWARD -i $placa_retea -j ACCEPT
 +
$iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT</code>
 +
 
 +
==Final==
 +
Asa acum ca avem cele 2 scripturi urmeaza sa le facem executabile si sa le punem sa porneasca la boot-are.
 +
Pentru a le face executabile vom da comenzile:<code># chmod +x net.sh
 +
# chmod +x snat.sh</code>
 +
"#" simbolizeaza prompt-ul de root.
 +
Urmatorul pas este adaugarea lor in scriptul rc.local care il gasiti fie in /etc/rc.d fie in /etc/init.d sau in locul indicat de manualul distributiei.
 +
 
 +
Iar acum suntem in posesia unui server de linux care stie sa si "dea" net-ul mai departe. Si cum stiu ca sunteti niste admini responsabili, va apucati sa cititi mai multe despre <tt>[[Iptables_romana|iptables]]</tt>, si cum se securizeaza acest server, si ce servicii le mai puteti
 +
oferi clientilor.
 +
 
 +
[[Category:HowTo]]
 +
[[Category:Networking]]
 +
[[Category:Routing]]

Latest revision as of 12:26, 15 August 2007

Scopul Ghidului

Setarea unui server de internet folosind SNAT

Configurarea Serverului

Mai intai configuram net-ul pentru server. In functie de distributie sunt utilitare care fac acest lucru automat. Asa cum bine stim (sau ar trebui) majoritatea fisierelor de configurare a unui SO linux se gasesc in directorul /etc , iar scripturile de inceput in /etc/rc.d pe sistemele ce folosesc sistemul BSD iar pe celelalte in /etc/init.d/ . Pentru a afla cum sa setezi net-ul pentru distributia ta consulta manualul respectivei distributii. Setarea manuala a retelei (valabila pentru toate distributiile) se face cu urmatoarele comenzi (presupunand ca suportul necesar pentru placile de retea se afla in kernel sau modulele aferente sunt incarcate): Scriptul urmator se va salva ca net.sh#!/bin/bash

  1. net.sh, public domain
  2. ---------------------
  3. Configureaza corespunzator interfetele de retea
  1. Parametrii (de completat cu cei primiti de la ISP)

placa_net=eth0 placa_retea=eth1 ip_net=10.0.23.32 netmask_net=255.255.0.0 gateway_net=10.0.0.1 dns1=123.123.123.123 dns2=123.123.123.124 ip_retea=192.168.0.1 netmask_retea=255.255.255.0

  1. Sfarsitul zonei configurabile
  1. configurarea net-ului

/sbin/ifconfig $placa_net $ip_net netmask $netmask_net /sbin/route add default gw $gateway_net dev $placa_net

  1. Facem backup la orice fisier avem de gand sa modificam

rm -f /etc/resolv.conf-netsh-backup cp /etc/resolv.conf /etc/resolv.conf-netsh-backup echo "$dns1">/etc/resolv.conf echo "$dns2">>/etc/resolv.conf

  1. configurarea retelei

/sbin/ifconfig $placa_retea netmask $netmask_retea

Configurarea SNAT-ului

Scriptul urmator se va salva ca snat.sh#!/bin/bash

  1. snat.sh, public domain
  2. ----------------------
  3. Configureaza un firewall minim cu SNAT
  1. Parametrii

placa_net=eth0 placa_retea=eth1 clasa_retea=192.168.0.0

  1. Sfarsitul zonei configurabile

iptables=`which iptables`

  1. mai jos nu edita decat daca stii ce faci

echo "1" > /proc/sys/net/ipv4/ip_forward

  1. Curatire

$iptables -t filter -F $iptables -t nat -F $iptables -t mangle -F

  1. Politici

$iptables -P FORWARD DROP $iptables -t nat -A POSTROUTING -o $placa_net -j MASQUERADE $iptables -A FORWARD -i $placa_retea -j ACCEPT $iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

Final

Asa acum ca avem cele 2 scripturi urmeaza sa le facem executabile si sa le punem sa porneasca la boot-are. Pentru a le face executabile vom da comenzile:# chmod +x net.sh

  1. chmod +x snat.sh

"#" simbolizeaza prompt-ul de root. Urmatorul pas este adaugarea lor in scriptul rc.local care il gasiti fie in /etc/rc.d fie in /etc/init.d sau in locul indicat de manualul distributiei.

Iar acum suntem in posesia unui server de linux care stie sa si "dea" net-ul mai departe. Si cum stiu ca sunteti niste admini responsabili, va apucati sa cititi mai multe despre iptables, si cum se securizeaza acest server, si ce servicii le mai puteti oferi clientilor.

Retrieved from "http://wiki.linux360.ro/index.php?title=Cum_dau_net_mai_departe&oldid=3445"