Wszystko poustawiane. Działa i wydaje mi się, że jest poprawnie.
Porobiłem testy.
Tak więc w pliku /etc/net.conf mam :
(na razie jest jako stały adres LAN bo łączę się z routera. Później będzie adres publiczny)
# -----------------------------------------------------------------------
# NETWORKING
# -----------------------------------------------------------------------
# Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available interfaces.
#
# Interfaces to start at boot-up (in this order)
# Declare each interface then list in INTERFACES
# - prefix an entry in INTERFACES with a ! to disable it
# - no hyphens in your interface names - Bash doesn't like it
#.
# DHCP: Set your interface to "dhcp" (eth0="dhcp")
#
#Static IP example
eth0="eth0 10.10.1.145 netmask 255.255.255.0 broadcast 10.10.1.255"
eth1="eth1 10.10.10.1 netmask 255.255.255.0 broadcast 10.10.10.255"
#eth0="dhcp"
INTERFACES=(eth0 eth1)
# Routes to start at boot-up (in this order)
# Declare each route then list in ROUTES
# - prefix an entry in ROUTES with a ! to disable it
#
gateway="default gw 10.10.1.1"
ROUTES=(gateway)
W /etc/dhcpd.conf mam :
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "bluelan.eu";
option domain-name-servers ns1.bluelan.eu, ns2.bluelan.eu;
default-lease-time 3600;
max-lease-time 7200;
# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the.
# DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 {
#}
# This is a very basic subnet declaration.
#subnet 10.254.239.0 netmask 255.255.255.224 {
# range 10.254.239.10 10.254.239.20;
# option routers rtr-239-0-1.bluelan.eu, rtr-239-0-2.bluelan.eu;
#}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
#subnet 10.254.239.32 netmask 255.255.255.224 {
# range dynamic-bootp 10.254.239.40 10.254.239.60;
# option broadcast-address 10.254.239.31;
# option routers rtr-239-32-1.example.org;
#}
# A slightly different configuration for an internal subnet.
#subnet 10.10.0.0 netmask 255.255.0.0 {
#range 10.10.10.1 10.10.20.254;
#option domain-name-servers 194.204.152.34,8.8.8.8;
#option domain-name "siec.local";
#option routers 10.10.0.1;
#option broadcast-address 10.10.255.255;
#}
# A slightly different configuration for an internal subnet.
subnet 10.10.0.0 netmask 255.255.0.0 {
range 10.10.10.1 10.10.10.20;
option domain-name-servers 194.204.152.34,8.8.8.8;
option domain-name "siec.local";
option routers 10.10.0.1;
option broadcast-address 10.10.255.255;
}
# Użytkownicy w sieci.
# Przydzielanie adresacji na podstawie MAC
#
host CyberLap {
hardware ethernet 00:1E:37:D6:CE:AE;
fixed-address 10.10.10.30;
option broadcast-address 10.10.255.255;
option routers 10.10.10.1;
}
#host CyberStacjon {
#hardware ethernet 00:16:E6:DD:51:CF;
#fixed-address 10.10.10.51;
#option broadcast-address 10.10.255.255;
#option routers 10.10.0.1;
#}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
#host passacaglia {
# hardware ethernet 0:0:c0:5d:bd:95;
# filename "vmunix.passacaglia";
# server-name "toccata.fugue.com";
#}
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
# hardware ethernet 08:00:07:26:c0:a5;
# fixed-address fantasia.fugue.com;
#}
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
#class "foo" {
# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}
#shared-network 224-29 {
# subnet 10.17.224.0 netmask 255.255.255.0 {
# option routers rtr-224.example.org;
# }
# subnet 10.0.29.0 netmask 255.255.255.0 {
# option routers rtr-29.example.org;
# }
# pool {
# allow members of "foo";
# range 10.17.224.10 10.17.224.250;
# }
# pool {
# deny members of "foo";
# range 10.0.29.10 10.0.29.230;
# }
#}
Co do pliku ethers doczytałem, że wystarczy utworzyć dowolny plik o dowolnej nazwie byleby
wpisy miały postac :
# /etc/ethers
# Plik okresla jakie adresy IP i adresy MAC (adresy fizyczne kart sieciowych)
# maja byc dopuszczone do sieci.
# Nawet pisanie adresu recznie uniemozliwi dostep do internetu oraz
# podszycie sie pod innego uzytkownika
10.10.10.30 <-->00:1E:37:D6:CE:AE
i należy jedynie wykonać :
A to jest wynik ifconfig:
[root@cdn2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 metric 1
inet 10.10.1.145 netmask 255.255.255.0 broadcast 10.10.1.255
inet6 fe80::219:bbff:fee1:4ce7 prefixlen 64 scopeid 0x20<link>
ether 00:19:bb:e1:4c:e7 txqueuelen 1000 (Ethernet)
RX packets 870853 bytes 88424027 (84.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1863997 bytes 148341126 (141.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 17
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 metric 1
inet 10.10.10.1 netmask 255.255.255.0 broadcast 10.10.10.255
inet6 fe80::211:6bff:fe99:95d1 prefixlen 64 scopeid 0x20<link>
ether 00:11:6b:99:95:d1 txqueuelen 1000 (Ethernet)
RX packets 1862741 bytes 140621279 (134.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 867686 bytes 84682316 (80.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 20 base 0xe000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436 metric 1
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 4 bytes 192 (192.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4 bytes 192 (192.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Teraz porobiłem testy, że :
1. kiedy wpisałem poprawny MAC dla komputera z adresem IP :
Komputer dostał adres z przyznanego w dhcpd.conf .
2. kiedy zmieniłem MAC w dhcpd.conf komputer dostał adres z przedziału
10.10.10.2 10.10.10.20 i brak internetu, ale sieć działa.
Chce to zachować bo w przyszłości dołożę panel informacyjny.
Te aresy z puli 10.10.10.2 10.10.10.20 będą otrzymywać komunikat w przeglądarce, że
podłączyli się do sieci i nie mają dostępu do internetu, ale jeśli chcą to mogą
się skontaktować z administratorem.
Te pozostałe adresy, jeśli zostaną zablokowane to dostaną komunikat coś w rodzaju
"nie płacisz - nie Masz"
Wszystkie usługi działają.
Mój /etc/rc.conf wygląda tak :
#
# /etc/rc.conf - Main Configuration for Arch Linux
#
# -----------------------------------------------------------------------
# LOCALIZATION
# -----------------------------------------------------------------------
#
# LOCALE: available languages can be listed with the 'locale -a' command
# LANG in /etc/locale.conf takes precedence
# DAEMON_LOCALE: If set to 'yes', use $LOCALE as the locale during daemon
# startup and during the boot process. If set to 'no', the C locale is used.
# HARDWARECLOCK: set to "", "UTC" or "localtime", any other value will result
# in the hardware clock being left untouched (useful for virtualization)
# Note: Using "localtime" is discouraged, using "" makes hwclock fall back
# to the value in /var/lib/hwclock/adjfile
# TIMEZONE: timezones are found in /usr/share/zoneinfo
# Note: if unset, the value in /etc/localtime is used unchanged
# KEYMAP: keymaps are found in /usr/share/kbd/keymaps
# CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
# CONSOLEMAP: found in /usr/share/kbd/consoletrans
# USECOLOR: use ANSI color sequences in startup messages
#
LOCALE="pl_PL.UTF-8"
DAEMON_LOCALE="no"
HARDWARECLOCK="UTC"
TIMEZONE="Europe/Warsaw"
KEYMAP="pl"
CONSOLEFONT="lat2-16"
CONSOLEMAP=
USECOLOR="yes"
# -----------------------------------------------------------------------
# HARDWARE
# -----------------------------------------------------------------------
#
# MODULES: Modules to load at boot-up. Blacklisting is no longer supported.
# Replace every !module by an entry as on the following line in a file in
# /etc/modprobe.d:
# blacklist module
# See "man modprobe.conf" for details.
#
MODULES=()
MODULES="imq"
# Udev settle timeout (default to 30)
UDEV_TIMEOUT=30
# Scan for FakeRAID (dmraid) Volumes at startup
USEDMRAID="no"
# Scan for BTRFS volumes at startup
USEBTRFS="no"
# Scan for LVM volume groups at startup, required if you use LVM
USELVM="no"
# -----------------------------------------------------------------------
# NETWORKING
# -----------------------------------------------------------------------
#
# HOSTNAME: Hostname of machine. Should also be put in /etc/hosts
#
HOSTNAME="cdn2"
# Use 'ip addr' or 'ls /sys/class/net/' to see all available interfaces.
#
# Wired network setup
# - interface: name of device (required)
# - address: IP address (leave blank for DHCP)
# - netmask: subnet mask (ignored for DHCP) (optional, defaults to 255.255.255.0)
# - broadcast: broadcast address (ignored for DHCP) (optional)
# - gateway: default route (ignored for DHCP)
#.
# Static IP example
# interface=eth0
# address=192.168.0.2
# netmask=255.255.255.0
# broadcast=192.168.0.255
# gateway=192.168.0.1
#
# DHCP example
# interface=eth0
# address=
# netmask=
# gateway=
interface=eth0
address=
netmask=
broadcast=
gateway=
# Setting this to "yes" will skip network shutdown.
# This is required if your root device is on NFS.
NETWORK_PERSIST="no"
# Enable these netcfg profiles at boot-up. These are useful if you happen to
# need more advanced network features than the simple network service
# supports, such as multiple network configurations (ie, laptop users)
# - set to 'menu' to present a menu during boot-up (dialog package required)
# - prefix an entry with a ! to disable it
#
# Network profiles are found in /etc/network.d
#
# This requires the netcfg package
#
#NETWORKS=(main)
# -----------------------------------------------------------------------
# DAEMONS
# -----------------------------------------------------------------------
#
# Daemons to start at boot-up (in this order)
# - prefix a daemon with a ! to disable it
# - prefix a daemon with a @ to start it up in the background
#
# If you are sure nothing else touches your hardware clock (such as ntpd or
# a dual-boot), you might want to enable 'hwclock'. Note that this will only
# make a difference if the hwclock program has been calibrated correctly.
#
# If you use a network filesystem you should enable 'netfs'.
#
DAEMONS=(syslog-ng !network !inet netconfd dhcp4 sshd httpd mysqld crond !dbus !gdm)
a /etc/rc.local tak :
#!/bin/bash
#
# /etc/rc.local: Local multi-user startup script.
#
/etc/rc.d/firewall restart
arp -f /etc/ethers
Teraz zostaje kwestia przekierowań portów.
Zrobię sobie dowiązanie do firewall typu /etc/forward
i będę umieszczać tam takie wpisy :
$i -I FORWARD -p tcp -d 10.10.10.210 --dport 4661 -j ACCEPT
$i -t nat -A PREROUTING -p tcp -i eth0 --dport 4661 -j DNAT --to 10.10.100.210
$i -I FORWARD -p udp -d 10.10.10.210 --dport 4672 -j ACCEPT
$i -t nat -A PREROUTING -p udp -i eth0 --dport 4672 -j DNAT --to 10.10.100.210
To chyba starczy i mam wszystko co potrzebuję.
Na razie nie pytam o pozostałe rzeczy, ale będę jeszcze chciał uruchomić konsolę graficzną gnome.
Już poinstalowałem niektóre paczki, ale napotykam pewne niezrozumiałe części w opisach i muszę
to powoli rozgryźć.