There is a moment in life of every human when he starts to feel lack of remote shell, own apache or something else. One can say, that since human descend the tree, he've been looking for way to send files between computers. I'm couple years after this moment.
Last week my old server machine completely broke down, so I bought new one and I'm now installing systems on it. It's good opportunity to create series of posts about setting up own home server machine.
If you are savvy administrator do not expect anything new, but if you are experienced desktop linux user or intermediate level admin you can find something interesting. In this series I won't compile any programs (except absolutely necessary), because I like easily configurable systems. I don't like to investigate after 2 years "what actually I've done here those 2 years ago".
Ok, after this too long introduction I can start. Let's start with diagram of situation. As you can see it's common arrangement of LAN. I have access to internet and one static IP address bounded with my ethernet card MAC address. My internet provider allows me to connect more than one device to internet but in that situation I'd have slow connection between my computers.
I can create my own LAN! To do so, I'll need server with two ethernet cards and switch. Cables are of course also required. When I have this equipment I can start. Firstly I install system on the server machine. According to title of this post, this time it will be CentOS 5.0. I won't now describe whole installation process because majority of you done this already or can do it without any help. If you really need guide I recommend this :P (but better try google). If you just installed or you will start installation in the minute I advise you to consider creation of RAID with LVM. I described it in one of my previous posts.
CentOS already installed.
Ok. Everything connected, server machine installed and no internet just behind server :(. What we want? I want just to connect laptop to switch and have internet. No configuration. To have it I'll need DHCP and masquerade on server machine.
Steps:
1. My eth1 (LAN side) does not have IP address. There is no source of dynamically attached IP address on this side. We will attach static IP address to eth1 card. Edit file /etc/sysconfig/network-scripts/ifcfg-eth1 and put there lines like this:
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:1a:4d:3c:42:e2
BROADCAST=192.168.33.255
IPADDR=192.168.33.1
IPV6ADDR=
IPV6PREFIX=
NETMASK=255.255.255.0
NETWORK=192.168.33.0
Of course leave your HWADDR line and change subnet address to one you like. Now type:
#/etc/init.d/network restart
and
#ifconfig eth1
You will see that device has its IP address setted.
2. Still no internet on LAN side. Yes, I have IP address of server card but machines inside LAN should obtain IP addresses too. Firs install DHCP daemon. Try:
#yum install dhcp
When dhcp is installed edit file /etc/dhcpd.conf and insert there something like:
ddns-update-style interim;
ignore client-updates;
subnet 192.168.33.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.33.1;
option subnet-mask 255.255.255.0;
option domain-name "example.com";
#your default DNS servers
option domain-name-servers 11.22.33.44, 22.33.44.55;
range dynamic-bootp 192.168.33.50 192.168.33.100;
default-lease-time 21600;
max-lease-time 43200;
}
(Remember about brackets and semicolons.) Now type:
#/etc/init.d/dhcpd start
Should start without error. After this step if you reboot computer inside LAN it should obtain IP address dynamically. But still no internet :/
3. Last step (yes, last :)) is creation of iptables masquerade mechanism. I should now explain rules of iptables but I won't. Maybe i'll post about it later - it is huge topic. Generally, iptables is great tool for operating on packets. It can be perfect firewall, advanced router, traffic shaper, etc.
I assume that you have iptables firewall already created (you can do it in installation process) or you know how to do it.
Masquerade mechanism is couple of instructions for server how to translate internal IP addresses for outcoming/incoming packets. To create such instructions create script in (for example) /etc/masq.conf and put there:
#!/bin/sh
iptables -t nat -A POSTROUTING -s 192.168.33.0/24 -j MASQUERADE
iptables -A FORWARD -s 192.168.33.0/24 -j ACCEPT
Make the file executable. Now add to file /etc/rc.local line:
/etc/masq.conf
Try to reboot server machine and then connect some computer to local network. It should have connection with internet.
Well done. Now I have software router. I don't know what i'll put in next post but probably something about apache installation and configuration.
Subskrybuj:
Komentarze do posta (Atom)
Brak komentarzy:
Prześlij komentarz