{"id":296,"date":"2019-09-06T21:17:38","date_gmt":"2019-09-06T19:17:38","guid":{"rendered":"https:\/\/thesis.science.upjs.sk\/~rstana\/?page_id=296"},"modified":"2019-10-21T18:10:35","modified_gmt":"2019-10-21T16:10:35","slug":"linux-nat-router","status":"publish","type":"page","link":"https:\/\/thesis.science.upjs.sk\/~rstana\/linux-nat-router\/","title":{"rendered":"Linux NAT Router"},"content":{"rendered":"

Linux NAT Router - smerovanie<\/h2>\n

Konfigurova\u0165 NAT server budeme na Ubuntu 16 LTS nain\u0161talovanom vo Virtualboxe. Nain\u0161talujeme si 2 virtu\u00e1lne stroje, kde jeden bude sl\u00fa\u017ei\u0165 ako br\u00e1na\/NAT server a druh\u00fd ako klient na, ktorom budeme testova\u0165, \u010di nastaven\u00e1 konfigur\u00e1cia na NAT serveri funguje. <\/p>\n

Na NAT serveri nastav\u00edme v nastaveniach virtu\u00e1lky 2 sie\u0165ov\u00e9 adapt\u00e9ry (jeden potrebujeme na dotiahnutie internetu zvonku - WAN a jeden pre lok\u00e1lnu sie\u0165 LAN). Jeden bude nastaven\u00fd na NAT aby sme dostali IP adresu z vonku z DHCP. Druh\u00fd bude nastaven\u00fd na Internal Network teda pre n\u00e1s LAN. Na druhom klientskom stroji nastav\u00edme jednu sie\u0165ovku na Internal Network.<\/p>\n

Po zapnut\u00ed oboch strojov si m\u00f4\u017eeme pr\u00edkazom ip a<\/code> pozrie\u0165 dostupn\u00e9 sie\u0165ov\u00e9 adapt\u00e9ry. Na serveri uvid\u00edme 3 adapt\u00e9ry, v mojom pr\u00edpade: lo - loopback, enp0s3, ktor\u00fd m\u00e1 pridelen\u00fa adresu od DHCP, teda je to WAN a enp0s8, ktor\u00fd m\u00e1 status DOWN, ktor\u00fd bude n\u00e1\u0161 adapt\u00e9r do lok\u00e1lnej siete. Na klientovi uvid\u00edme 2 adapt\u00e9ry, v mojom pr\u00edpade: lo - loopback a enp0s3, ktor\u00fd je tie\u017e DOWN.<\/p>\n

Jednotliv\u00e9 sie\u0165ov\u00e9 rozhrania vieme zap\u00edna\u0165\/vyp\u00edna\u0165 pr\u00edkazom ip link set dev enp0sX up\/down<\/code>, kde enp0sX je sie\u0165ov\u00e9 rozhranie, napr\u00edklad eth0s8.<\/p>\n

Teraz potrebujeme nastavi\u0165 sie\u0165ov\u00e9 rozhrania na serveri. Konfigura\u010dn\u00fd s\u00fabor je \/etc\/network\/interfaces<\/code>. Uprav\u00edme konfigur\u00e1k tak, aby vyzeral nasledovne (v koment\u00e1roch vysvetlenia):<\/p>\n

source \/etc\/network\/interfaces.d\/*\n\n# The loopback network interface\nauto lo\niface lo inet loopback\n\n# The primary network interface\nallow-hotplug enp0s3\nauto enp0s3  # prid\u00e1me, aby sa interface zaplo po re\u0161tartovan\u00ed sie\u0165ov\u00fdch rozhran\u00ed\niface enp0s3 inet dhcp\n\n# LAN interface\nauto enp0s8 # prid\u00e1me, aby sa interface zaplo po re\u0161tartovan\u00ed sie\u0165ov\u00fdch rozhran\u00ed\niface enp0s8 inet static # nastav\u00edme, aby bola statick\u00e1 ip a v \u010fal\u0161\u00edch riadkoch nastav\u00edme parametre\n    address 192.168.1.1\n    netmask 255.255.255.0\n    network 192.168.1.0\n    broadcast 192.168.1.255<\/code><\/pre>\n
Teraz potrebujeme re\u0161tartova\u0165 sie\u0165ov\u00e9 rozhrania pr\u00edkazom:<\/p>\n
systemctl restart networking<\/code><\/pre>\n
T\u00fdmto m\u00e1me nastaven\u00e9 rozhranie pre LAN na br\u00e1ne.<\/p>\n
Ak chceme na klientskom po\u010d\u00edta\u010di komunikova\u0165 s br\u00e1nou, potrebujeme tie\u017e upravi\u0165 konfigura\u010dn\u00fd s\u00fabor \/etc\/network\/interfaces<\/code>, aby vyzeral nasledovne:<\/p>\n
source \/etc\/network\/interfaces.d\/*\n\n# The loopback network interface\nauto lo\niface lo inet loopback\n\n# The primary network interface\nallow-hotplug enp0s3\nauto enp0s3  # prid\u00e1me, aby sa interface zapol po re\u0161tartovan\u00ed sie\u0165ov\u00fdch rozhran\u00ed\niface enp0s3 inet static # nastav\u00edme, aby bola staticka ip a v \u010fal\u0161\u00edch riadkoch nastav\u00edme parametre\naddress 192.168.1.2\nnetmask 255.255.255.0\ngateway 192.168.1.1\nbroadcast 192.168.1.255<\/code><\/pre>\n
Teraz u\u017e vieme komunikova\u0165 medzi t\u00fdmito dvoma strojmi, \u010do vieme skontrolova\u0165 napr\u00edklad pingnut\u00edm. Probl\u00e9m ale nastane, ak chceme pristupova\u0165 na internet. Preto potrebujeme nastavi\u0165 na br\u00e1ne smerovanie. To vieme do\u010dasne (do najbli\u017e\u0161ieho re\u0161tartu) urobi\u0165 pr\u00edkazom sysctl -w net.ipv4.ip_forward=1<\/code>. Pre trval\u00e9 zapnutie smerovania je potrebn\u00e9 upravi\u0165 (odkomentova\u0165) v konfigur\u00e1ku \/etc\/systcl.conf<\/code> riadok net.ipv4.ip_forward=1<\/code>. N\u00e1sledne aplikujeme nastavenie pr\u00edkazom sysctl -p \/etc\/sysctl.conf<\/code>. <\/p>\n
(Tu by sme u\u017e mali vediet pingovat adresu sie\u0165ovky enp0s3<\/code> na serveri z klienta.)<\/p>\n
Smerovaciu tabu\u013eku si pre kontrolu vieme zobrazi\u0165 pr\u00edkazom ip route show<\/code>.<\/p>\n
S\u00edce u\u017e m\u00e1me nastaven\u00e9 smerovanie, na klientovi st\u00e1le nem\u00e1me pr\u00edstup na internet. Potrebujeme e\u0161te povoli\u0165 NATovanie. Urob\u00edme to nastaven\u00edm iptables a to pr\u00edkazmi:<\/p>\n
iptables --table nat --append POSTROUTING --out-interface enp0s3 -j MASQUERADE\niptables --append FORWARD --in-interface enp0s8 -j ACCEPT<\/code><\/pre>\n
Ak sme n\u00e1hodou nie\u010do urobili zle vieme nastavenie zahodi\u0165 pr\u00edkazom iptables -F<\/code><\/p>\n
Ale toto nastavenie ost\u00e1va len do re\u0161tartovania. Automatick\u00e9 nastavenie po re\u0161tarte vieme nastavi\u0165 nasledovne:<\/p>\n
    \n
  • Aktu\u00e1lnu konfigur\u00e1ciu iptables si ulo\u017e\u00edme do s\u00faboru \/etc\/iptables.rules<\/code> pr\u00edkazom: <\/li>\n<\/ul>\n
    iptables-save > \/etc\/iptables.rules<\/code><\/pre>\n
      \n
    • Aby sa t\u00e1to ulo\u017een\u00e1 konfigur\u00e1cia na\u010d\u00edtala po re\u0161tarte prid\u00e1me do \/etc\/network\/interfaces<\/code> hne\u010f pod riadok iface lo inet loopback<\/code> nasledovn\u00fd riadok:<\/li>\n<\/ul>\n
      pre-up iptables-restore < \/etc\/iptables.rules<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
      Linux NAT Router – smerovanie Konfigurova\u0165 NAT server budeme na Ubuntu 16 LTS nain\u0161talovanom vo Virtualboxe. Nain\u0161talujeme si 2 virtu\u00e1lne stroje, kde jeden bude sl\u00fa\u017ei\u0165 ako br\u00e1na\/NAT server a druh\u00fd ako klient na, ktorom budeme testova\u0165, \u010di nastaven\u00e1 konfigur\u00e1cia na NAT serveri funguje. Na NAT serveri nastav\u00edme v nastaveniach virtu\u00e1lky 2 sie\u0165ov\u00e9 adapt\u00e9ry (jeden potrebujeme […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/thesis.science.upjs.sk\/~rstana\/wp-json\/wp\/v2\/pages\/296"}],"collection":[{"href":"https:\/\/thesis.science.upjs.sk\/~rstana\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/thesis.science.upjs.sk\/~rstana\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/thesis.science.upjs.sk\/~rstana\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thesis.science.upjs.sk\/~rstana\/wp-json\/wp\/v2\/comments?post=296"}],"version-history":[{"count":2,"href":"https:\/\/thesis.science.upjs.sk\/~rstana\/wp-json\/wp\/v2\/pages\/296\/revisions"}],"predecessor-version":[{"id":304,"href":"https:\/\/thesis.science.upjs.sk\/~rstana\/wp-json\/wp\/v2\/pages\/296\/revisions\/304"}],"wp:attachment":[{"href":"https:\/\/thesis.science.upjs.sk\/~rstana\/wp-json\/wp\/v2\/media?parent=296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}