1) edit /proc/sys/net/ipv4/ipforward to contain the value of 1 instead of 0.
2) modprobe iptable
nat
3) make a bash script containing the following:

NOTE: Change anywhere it says “eth3? to the interface where your internet connection is coming in from. edit the -s statement to the network and netmask of the private network you plan on creating.

!/bin/bash if [ "$1" == "enable" ]; then iptables -A POSTROUTING -t nat -o eth3 -s 10.0.0.0/28 -j MASQUERADE iptables -A FORWARD -t filter -i eth3 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -t filter -o eth3 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT else iptables -D POSTROUTING -t nat -o eth3 -s 10.0.0.0/28 -j MASQUERADE iptables -D FORWARD -t filter -i eth3 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -D FORWARD -t filter -o eth3 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT fi

4) Install dhcp3-server (apt-get install dhcp3-server -y)
*NOTE: Dhcp3 will not start automatically until it is configured.
*
5) edit the /etc/dhcp3/dhcpd.conf file and add in the network(s) you want to lease out addresses for. It should look similar to the following:

# Sample configuration file for ISC dhcpd for Debian # # $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $ # # The ddns-updates-style parameter controls whether or not the server will # attempt to do a DNS update when a lease is confirmed. We default to the # behavior of the version 2 packages ('none', since DHCP v2 didn't # have support for DDNS.) ddns-update-style none; # option definitions common to all supported networks... option domain-name "example.org"; option domain-name-servers 141.219.70.30, 141.219.70.130; default-lease-time 86400; max-lease-time 604800; # If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. authoritative; # Use this to send dhcp log messages to a different log file (you also # have to hack syslog.conf to complete the redirection). log-facility local7; subnet 10.0.0.0 netmask 255.255.255.240 { range 10.0.0.2 10.0.0.14; option subnet-mask 255.255.255.240; option broadcast-address 10.0.0.15; option routers 10.0.0.1; }

6) Edit /etc/default/dhcp3-server to contain the interface you want your dhcp server to listen out of (the private network obviously)
7) Start the dhcp server: /etc/init.d/dhcp3-server start

Done!

Blog Logo

Mario Loria


Published

Image

./scriptthe.net

Because 127.0.0.1 gets old after a while.

Back to Overview