198
edits
Changes
→DHCP configuration
== NAT configuration ==
The firewall and NAT is configured with a iptables script:
1. Stop/disable firewalld
<pre>
systemctl stop firewalld
systemctl disable firewalld
</pre>
2. Start/enable iptables
<pre>
systemctl start iptables
systemctl enable iptables
</pre>
3. Run the iptables script and save the iptables rules
<pre>
/root/iptables.sh
iptables-save > /etc/sysconfig/iptables
</pre>
File: /root/iptables.sh
<pre>
#!/bin/bash
echo "Setting iptables rules"
iptables -F
iptables -t nat -F
# Add loopback interface
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow DNS
iptables -A INPUT -i em1 -p tcp --dport 2049 -j ACCEPT
iptables -A INPUT -i em1 -p udp --dport 2049 -j ACCEPT
iptables -A INPUT -i em1 -p tcp --dport 111 -j ACCEPT
iptables -A INPUT -i em1 -p udp --dport 111 -j ACCEPT
iptables -A INPUT -i em1 -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -i em1 -p udp --dport 53 -j ACCEPT
iptables -A INPUT -i em1 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i em1 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i em1 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -i p11p1 -s 192.168.1.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o em1 -j MASQUERADE
iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Drop whatever else may come to input
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
</pre>
== DHCP configuration ==
1. Start/enable the network service
<pre>
systemctl start network
systemctl enable network
</pre>
2. Set static ip address on interface facing private network
File: /etc/sysconfig/network-scripts/ifcfg-p11p1
<pre>
TYPE=Ethernet
DEVICE=p11p1
BOOTPROTO=static
NM_CONTROLLED=yes
ONBOOT=yes
IPADDR=192.168.1.254
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
DNS1=142.204.43.43
DNS2=8.8.8.8
DOMAIN="proximity.on.ca senecac.on.ca"
HWADDR=00:0A:CD:1E:83:BA
</pre>
3. Restart the NetworkManager service
<pre>
systemctl restart NetworkManager
</pre>
4. Configure dhcpd
File: /etc/dhcp/dhcpd.conf
<pre>
option domain-name-servers 142.204.1.2,142.204.43.43;