Linux (commonly pronounced LIH-N?ks in English; variants exist) is a Unix-like computer operating system. Linux is one of the most prominent examples of free software and open source development: typically all underlying source code can be freely modified, used, and redistributed by anyone.

Tags | | |

Building a DHCP server with NAT using Debian Lenny

Below I will be outlining how to build a DHCP server and NAT for the clients. This how-to assumes that you are starting from a totally vanilla Debian install, also I will assume that you have at least two NICs:
eth0 = Public
eth1 = Private (NAT)



First lets get the packages we are going to need



# apt-get install dhcp3-server



Now we need to configure our ethernet settings, we want to set the eth1 NIC to use an internal IP scope.



# nano /etc/network/interfaces



# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp

allow-hotplug eth1
iface eth1 inet static
address 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1



Now we need to edit the dhcp-config file to setup our NAT IP space. In the example below, replace the xxx with the correct IP for your environments DNS servers (optional).



# nano /etc/dhcp3/dhcpd.conf



ddns-update-style none;

option domain-name-servers 192.168.0.1, xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;
option broadcast-address 192.168.0.255;
option ntp-servers 192.168.0.254;

default-lease-time 14400;
max-lease-time 14400;
#authoritative;

log-facility local7;

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.5 192.168.0.253;
option routers 192.168.0.1;
}



Next, we need to allow IP forwarding otherwise the NAT clients will not be able to reach an outbound network.



# nano /etc/sysctl.conf




# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1



Next, we need to the the dhcp server what NIC it will be using.



# nano /etc/default/dhcp3-server



INTERFACES="eth1"



Last, we need to configure IP tables to route the traffic correctly, below is a sample firewall script that will accomplish this.




*filter
:INPUT ACCEPT [5072:272211]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [8928:529007]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -j DROP


-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j ACCEPT

*nat
:PREROUTING ACCEPT [5556:310567]
:POSTROUTING ACCEPT [11:3060]
:OUTPUT ACCEPT [23:3801]

-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT



Now all you need to do it either reboot or run the following commands and you should be good to go!



# /etc/init.d/networking restart; /etc/init.d/dhcp3-server restart;



That's it, if you have supplemental questions on how to configure this, feel free to post them below in the comments and I will try to answer them for you


Comments

Feel free to leave a comment or question

Name: (Optional but appreciated):

Comment:

Use [code] [/code] for code block style



Security Code: