Portál AbcLinuxu, 3. prosince 2025 20:00
3.11.2009 01:29
option domain-name "sadam.chickenkiller.com"; #DSN stroje
option domain-name-servers 213.46.172.36,213.46.172.37; #DSN servery ktere budou predany klientum na DHCP
default-lease-time 3600;#doba po kterou ma klined pridelenou IP
authoritative; #DHCP server je hlavni (zjednodusene)
subnet 192.168.2.0 netmask 255.255.255.0 { # subnet , ip musi byt stejna jako je IP karty na ktere pobezi DHCP
range 192.168.2.2 192.168.2.255;#rozsah DHCP
option routers 192.168.2.1; #route
}
host sadamPC { #pojmenovani meho stroje pro prideleni pevne IP v DHCP
hardware ethernet 00:1D:7D:A4:6D:9F; #MAC adresa me sitove karty v PC
fixed-address 192.168.3.8;# tvrda IP ktera se memu PC nastavi
}
Dale je treba nakonfigurovat iptables, pouzivam tento zbastleny skript
#!/bin/bash
IPTABLES=/usr/sbin/iptables
EXTIF="eth2" #device conected to the internet
INTIF0="eth0" #Firs internal device
#port forwarting
IP="192.168.2.8" #Ip adress of target machine
PORT="5900" #VNC #Number of forwarted port
echo "1" > /proc/sys/net/ipv4/ip_forward #zapnuti smerovani packetu
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF0 -j ACCEPT #pustit vse ven
$IPTABLES -A FORWARD -i $INTIF0 -o $EXTIF -j ACCEPT #naopak
$IPTABLES -A FORWARD -j LOG
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE #nahozeni maskarady
#port forwarting
$IPTABLES -A PREROUTING -t nat -p tcp -i $EXTIF --dport $PORT -j DNAT --to $IP:$PORT
$IPTABLES -A FORWARD -i $EXTIF -p tcp -d $IP --dport $PORT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Tiskni
Sdílej:
ISSN 1214-1267, (c) 1999-2007 Stickfish s.r.o.