fixes network mistakes
This commit is contained in:
parent
3a8735e420
commit
e0a4b57d55
|
|
@ -54,24 +54,35 @@ Who gave you this second address?
|
||||||
Can the client ping both IP addresses?
|
Can the client ping both IP addresses?
|
||||||
Can the client now ping outside of the network?
|
Can the client now ping outside of the network?
|
||||||
|
|
||||||
There are **two** main things you need to do in order for the router to actually route.
|
The *easiest* way to achieve routing between your internal network and the outside world is to enable [NAT](https://en.wikipedia.org/wiki/Network_address_translation) on your router.
|
||||||
|
In order to do this, you need to do 2 things.
|
||||||
|
First enable the kernel to actually forward packages, secondly `iptables` needs to do masquerading.
|
||||||
|
You can do both these things with just to simple commands on you router.
|
||||||
|
|
||||||
1. IP forwarding needs to be setup on the router
|
1. IP forwarding needs to be setup on the router
|
||||||
2. NAT needs to be enabled
|
2. NAT needs to be enabled
|
||||||
|
|
||||||
|
From here on out all your clients *should* have internet access but you won't be able to `ping` your clients from outside your network.
|
||||||
|
Your clients can ping each other and the internet at large but for clients **outside** of their mini network the router will **masquerade** the IP address.
|
||||||
|
This means that from outside your network, you'll never be able to ping a specific client, just the router itself.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sysctl net.ipv4.ip_forward=1
|
sysctl net.ipv4.ip_forward=1
|
||||||
iptables -t nat -A POSTROUTING -j MASQUERADE
|
iptables -t nat -A POSTROUTING -j MASQUERADE
|
||||||
```
|
```
|
||||||
|
|
||||||
These settings won't save themselves so next time you reboot they'll be missing.
|
These settings won't save themselves so next time you reboot they'll be missing.
|
||||||
There are multiple ways of setting this up.
|
For the kernel option you should have a look at `/etc/sysctl.conf`.
|
||||||
Have a look around and find me a good solution!
|
In this file you can enable, disable or set kernel values.
|
||||||
|
|
||||||
|
To save `iptables` rules have a look online but [this](http://www.faqs.org/docs/iptables/iptables-save.html) and [this](https://zertrin.org/projects/iptables-persistent/).
|
||||||
|
|
||||||
### Extra Challenge
|
### Extra Challenge
|
||||||
|
|
||||||
Your client machines are now behind a NAT.
|
Your client machines are now behind a NAT.
|
||||||
Can you think of a way to ssh into them?
|
Can you think of a way to ssh into them?
|
||||||
|
As you can only ping the router from outside of the network you'll have to setup [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding).
|
||||||
|
On Debian this is done with [iptables](https://serverfault.com/questions/532569/how-to-do-port-forwarding-redirecting-on-debian#532575).
|
||||||
|
|
||||||
## DHCP
|
## DHCP
|
||||||
|
|
||||||
|
|
|
||||||
File diff suppressed because it is too large
Load Diff
Binary file not shown.
|
Before Width: | Height: | Size: 27 KiB After Width: | Height: | Size: 27 KiB |
Loading…
Reference in New Issue