Blog

Ubuntu small router configuration in one file.

Вариант 1 – WAN порта с DHCP

auto lo
iface lo inet loopback
 
auto eth0
iface eth0 inet static
        address 192.168.0.1
        netmask 255.255.255.0
 
auto eth1
iface eth1 inet static
	hwaddress ether 4C:00:10:52:73:3E
	up echo 1 > /proc/sys/net/ipv4/ip_forward
	up iptables -t nat -A POSTROUTING -j MASQUERADE -o eth1 -s 192.168.0.0/24

Вариант 2 – Статична конфигурация

auto lo
iface lo inet loopback
 
auto eth0
iface eth0 inet static
        address 192.168.0.1
        netmask 255.255.255.0
 
auto eth1
iface eth1 inet static
	hwaddress ether 4C:00:10:52:73:3E
	address 10.18.9.66
        netmask 255.255.255.0
	gateway 10.18.9.254
	up echo 1 > /proc/sys/net/ipv4/ip_forward
	up sudo sh -c "echo nameserver 93.155.131.1 > /etc/resolv.conf"
	up sudo sh -c "echo nameserver 93.155.130.14 >> /etc/resolv.conf"
	up iptables -t nat -A POSTROUTING -j MASQUERADE -o eth1 -s 192.168.0.0/24
	up ip route add 10.0.0.0/8 via 10.18.9.1
	up ip route add 212.233.128.0/17 via 10.18.9.1

Реална конфигурация на клиент …

auto lo
iface lo inet loopback
 
auto eth0
iface eth0 inet static
	address 192.168.0.1
	netmask 255.255.255.0
 
auto eth1
iface eth1 inet static
	address 10.129.5.2
	netmask 255.255.255.0
	up echo "1" > /proc/sys/net/ipv4/ip_forward
	up route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.129.5.1
	up route add -net 212.233.128.0 netmask 255.255.128.0 gw 10.129.5.1
	up route add -net 93.155.131.0 netmask 255.255.255.240 gw 10.129.5.1
	up route add -host 195.138.132.24 gw 10.129.5.1
	up iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j SNAT --to 10.129.5.2
	up iptables -t nat -A PREROUTING -p tcp -d 10.129.5.2 --dport 9084 -j DNAT --to 192.168.0.2:9084
	up iptables -t nat -A PREROUTING -p udp -d 10.129.5.2 --dport 9084 -j DNAT --to 192.168.0.2:9084
	up iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 43454 -j DNAT --to 192.168.0.2:43454
	up iptables -t nat -A PREROUTING -p udp -i eth1 --dport 43454 -j DNAT --to 192.168.0.2:43454
	up iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 25765 -j DNAT --to 192.168.0.2:25765
	up iptables -t nat -A PREROUTING -p udp -i eth1 --dport 25765 -j DNAT --to 192.168.0.2:25765
	up sudo sh -c "echo nameserver 93.155.131.1 > /etc/resolv.conf"
	up sudo sh -c "echo nameserver 93.155.130.4 >> /etc/resolv.conf"
 
auto tun0
iface tun0 inet static
        address 93.155.130.38
        netmask 255.255.255.252
        up ifconfig tun0 multicast
        pre-up iptunnel add tun0 mode gre remote 93.155.131.1 local 10.129.5.2 ttl 255
        pointopoint 93.155.130.37
        up route add default gw 93.155.130.37
	up iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o tun0 -j SNAT --to 93.155.130.38
	up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o tun0 -j TCPMSS --clamp-mss-to-pmtu
	up iptables -t nat -A PREROUTING -p tcp -i tun0 --dport 43454 -j DNAT --to 192.168.0.2:43454
	up iptables -t nat -A PREROUTING -p udp -i tun0 --dport 43454 -j DNAT --to 192.168.0.2:43454
	up iptables -t nat -A PREROUTING -p tcp -i tun0 --dport 25765 -j DNAT --to 192.168.0.2:25765
	up iptables -t nat -A PREROUTING -p udp -i tun0 --dport 25765 -j DNAT --to 192.168.0.2:25765
	up iptables -A FORWARD -p tcp -d 192.168.0.2 --dport 25765 -j ACCEPT
	up iptables -A FORWARD -p tcp -d 192.168.0.2 --dport 43454 -j ACCEPT
	up iptables -A FORWARD -p udp -d 192.168.0.2 --dport 25765 -j ACCEPT
	up iptables -A FORWARD -p udp -d 192.168.0.2 --dport 43454 -j ACCEPT
	post-down iptunnel del tun0
Tags: , , , ,

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.