waldek
/
linux_course_doc
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

fixes network mistakes

This commit is contained in:
waldek 2021-05-05 10:26:31 +02:00
parent 3a8735e420
commit e0a4b57d55
3 changed files with 2526 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
modules/resources/exercise_networking.md
View File

@ -54,24 +54,35 @@ Who gave you this second address?
Can the client ping both IP addresses?
Can the client now ping outside of the network?
There are **two** main things you need to do in order for the router to actually route.
The *easiest* way to achieve routing between your internal network and the outside world is to enable [NAT](https://en.wikipedia.org/wiki/Network_address_translation) on your router.
In order to do this, you need to do 2 things.
First enable the kernel to actually forward packages, secondly `iptables` needs to do masquerading.
You can do both these things with just to simple commands on you router.
1. IP forwarding needs to be setup on the router
2. NAT needs to be enabled
From here on out all your clients *should* have internet access but you won't be able to `ping` your clients from outside your network.
Your clients can ping each other and the internet at large but for clients **outside** of their mini network the router will **masquerade** the IP address.
This means that from outside your network, you'll never be able to ping a specific client, just the router itself.
```bash
sysctl net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -j MASQUERADE
```
These settings won't save themselves so next time you reboot they'll be missing.
There are multiple ways of setting this up.
Have a look around and find me a good solution!
For the kernel option you should have a look at `/etc/sysctl.conf`.
In this file you can enable, disable or set kernel values.
To save `iptables` rules have a look online but [this](http://www.faqs.org/docs/iptables/iptables-save.html) and [this](https://zertrin.org/projects/iptables-persistent/).
### Extra Challenge
Your client machines are now behind a NAT.
Can you think of a way to ssh into them?
As you can only ping the router from outside of the network you'll have to setup [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding).
On Debian this is done with [iptables](https://serverfault.com/questions/532569/how-to-do-port-forwarding-redirecting-on-debian#532575).
## DHCP

2512
modules/resources/network_solo.dia Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
modules/resources/network_solo.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 27 KiB

After

Width:  |  Height:  |  Size: 27 KiB