Search the Community
Showing results for tags 'nat'.
-
Avem urmatotul network +++++++++++ (blade) + Router + 192.168.123.111 +++++++++++ **************** | *--------------* | *- ZONE1 -* | *--------------* | *- Solaris 10-* |______________ *--------------* |192.168.123.0 *- SPARC 64 -* | (Subnet1) *- Router -* | *--------------* | **************** 192.168.123.110 | (BLADE) | --------- - NAT - --------- | Subnet1 Address | 192.168.123.0 Netmask Address | 255.255.255.0 IP Pool Starting Address | 100 IP Pool Ending Address | 200 __________________________|______________________________________ | | | | -------------- ---------- ------------- --------------- - Debian - - Fedora - - FreeBSD - - Centos - -------------- ---------- ------------- --------------- 192.168.123.100 DHCP 192.168.123.107 192.168.123.105 Vom izola serverul Centos 192.168.1123.105 intrun subnet separat in asa fel incat sa nu poata fi accesat de catre celelalte servere din Subnet1.Eventual ii vom lasa liber accessul SSH doar de pe reteaua externa (Internet) 1.Vom crea un router in serverul (Blade 192.168.123.110) cu un nou subnet 10.0.0.0 Vom crea urmatorul subnet2 clasa A: Network class A IP Adrddress 10.0.0.1 Subnet Mask 255.255.255.252 Broadcast 10.0.0.3 Host range 10.0.0.1 (Router),10.0.0.2 Host Centos (redman) Setari Blade solaris 10 (Router) Vom aloca o interfata fizica pentru subnet2 Show interface [blade]# dladm show-dev | sort -n | awk '{ print $1,$2,$3,$7,$8 }' bge0 link: up duplex: full bge1 link: up duplex: full qfe4 link: down duplex: unknown qfe5 link: down duplex: unknown qfe6 link: down duplex: unknown qfe7 link: up duplex: full Avem 3 interfete de retea momentan care sunt up bge0 link: up duplex: full bge1 link: up duplex: full qfe7 link: up duplex: full Vom folosi urmatoarele qfe7 -> interfata externa conectata direct la internet bge1 -> interfata interna in care vom crea un subnet Vom seta ipforwarding si routing in sistemù routeadm -u -e ipv4-forwarding routeadm -u -e ipv4-routing Vom seta ipfilter svcadm -v enable svc:/network/pfil:default svcadm -v enable svc:/network/ipfilter:default svcadm -v enable svc:/system/rmtmpfiles:default Vom adauga interfetele in fisierul de configurare a firewall-ului echo "bge -1 0 pfil" >> /etc/ipf/pfil.ap echo "qfe -1 0 pfil" >> /etc/ipf/pfil.ap Pentru a verifica daca ip forwarding si routing a fost setat corect [blade]# routeadm | head Configuration Current Current Option Configuration System State --------------------------------------------------------------- IPv4 routing enabled enabled IPv6 routing disabled disabled IPv4 forwarding enabled enabled IPv6 forwarding disabled disabled Routing services "route:default ripng:default" [blade]# Configurarea interfetei pt subnet ifconfig bge1 10.0.0.1 netmask 255.255.255.252 broadcast 10.0.0.3 && ifconfig bge1 plumb up echo 10.0.0.1 > /etc/hostname.bge1 echo "10.0.0.0 255.255.255.252" >> /etc/netmasks [blade]# ifconfig bge1 bge1: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 3 inet 10.0.0.1 netmask fffffffc broadcast 10.0.0.3 ether x:xx:xx:xx:xx:xx [blade]# INIT restart init 6 Configurarea serverului redman (Centos) Vom configura interfata de retea a serverului ifconfig eth2 10.0.0.2 netmask 255.255.255.252 broadcast 10.0.0.3 route add default gw 10.0.0.1 eth2 ifconfig eth2 up [root@redman ~]# ifconfig eth2 eth2 Link encap:Ethernet HWaddr 00:xx:xx:xx:xx:xx inet addr:10.0.0.2 Bcast:10.0.0.3 Mask:255.255.255.252 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:418 errors:0 dropped:0 overruns:0 frame:0 TX packets:236 errors:1 dropped:0 overruns:0 carrier:1 collisions:0 txqueuelen:1000 RX bytes:36660 (35.8 KiB) TX bytes:22175 (21.6 KiB) [root@redman ~]# Note: Setarile in centos nu vor fi valabile la reboot Pentru a face acest lucru va trebui creata o directiva /etc/sysconfig/network-scripts ceea ce eu nu o voi face deoarece nu am nevoie de setari statice. Vom crea o regula in Router (BLADE Solaris 10) pentru a permite ssh catre redman (centos) Aici vom face un port forwarding: echo 'rdr qfe7 192.168.123.111 port 4444 -> 10.0.0.2 port 22' >> /etc/ipf/ipnat.conf ipnat -C -f /etc/ipf/ipnat.conf Pentru a verifica regulile NAT [blade]# ipnat -l List of active MAP/Redirect filters: rdr qfe7 192.168.123.111/32 port 4444 -> 10.0.0.2 port 22 tcp List of active sessions: [blade]# Intrun final vom avea urmatorul rezultat ########## #internet# #####.#### . ----------------.---------- - SSH PKI redman port 4444- ----------------.---------- . . +++++++++.+ (blade) + Router.+ 192.168.123.111 +++++++++.+ **************** | . *--------------* | . *- ZONE1 -* (redman) | ................................. (Netmask) 10.0.0.2 _______________ * Solaris 10 -* . 255.255.255.252 ------------ |192.168.123.0 *--------------*__ NAT __________________- Centos - | (Subnet1) *- SPARC 64 -* . 10.0.0.1 ------------ | *- Router/FW -* . (subnet2) | | *--------------* . ----------- | **************** . - SSH PKI - | 192.168.123.110 . - port 22 - | (BLADE) . -----.----- | ............................ --------- - NAT - --------- | Subnet1 Address | 192.168.123.0 Netmask Address | 255.255.255.0 IP Pool Starting Address | 100 IP Pool Ending Address | 200 __________________________|____________________________ | | | -------------- ---------- ------------ - Debian - - Fedora - - FreeBSD - -------------- ---------- ------------ 192.168.123.100 DHCP 192.168.123.107