Zadača: ustroitь šlюz dostupa v internet dlя polьzovateleй.

Variant nomer 1, iptables, dnsmasq i htb (htb.init).

Vklюčaem ip-forwarding, dlя routinga meždu interfeйsami

sudo nano /proc/sys/net/ipv4/ip_forward

menяem nolь na edinicu, sohranяemsя.

Redaktiruem faйl sysctl.conf

sudo nano /etc/sysctl.conf

dobavlяem v lюboe mesto

net.ipv4.conf.default.forwarding=1
net.ipv4.conf.all.forwarding=1

gotovo, sohranяemsя.

Teperь razberemsя s IPTABLES

Moi interfeйsы: eth0 – lan1, 192.168.55.0/24 (za neй bolьšinstvo kompov), eth2 – inet, 192.168.1.0/24 (internet prihodit otsюda)

pišem pravila

sudo iptables -A FORWARD -s 192.168.55.0/24 -i eth2 -o eth0 -m conntrack –ctstate NEW -j ACCEPT

sudo iptables -A FORWARD -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTING -t nat -j MASQUERADE

na эtom šage v seti 192.168.55.0/24 poяvitьsя internet, no nam eщe nužen DNS i šeйping,  a tak že podnяtь эti že pravila posle perezagruzki sistemы.

Sohranяem rabočuю konfiguraciю pravil IPTABLES

sudo iptables-save > /etc/iptables.up.rules

Я podnimaю pravila vmeste s interfeйsami, эto značit v /etc/network/interfaces k interfeйsu s internetom (u menя eth2) dobavlяem pre-up iptables-restore < /etc/iptables.up.rules.

vыglяdit эto tak

auto eth2
iface eth2 inet dhcp
pre-up iptables-restore < /etc/iptables.up.rules

Sohranяemsя i peregružaemsя dlя testa.

Dlя keširovaniя zaprosov DNS stavim dnsmasq (variantov tut massa, no эtot paket mne milee eщe po  )

sudo apt-get install dnsmasq

iz nastroйki vsego to raskommentiruem dva parametra podstavlяя svoi značeniя. pervыm govorim na kakom interfeйse slušatь i otvečatь na zaprosы i vtorim zapreщaem DHCP na ukazannыh interfeйsah.

listen-address=192.168.55.2
no-dhcp-interface=eth0, eth1, eth2, eth3, wlan0

perečitыvaem konfig sudo /etc/inid.d/dnsmasq restart

i posledniй štrih:

rezatь kanal budem pri pomoщi htb i otdelьnogo init skripta (skačatь tut )

v faйle я pomenяl lišь HTB_PATH do /etc/htb (tam u nas budut vыstavlenы parametrы našego šeйpinga)

radi primera я ostavil dlя polьzovateleй 512Kbit v obe storonы, poэtomu vešal parametrы i na eth0 i na eth2.

Itogo v /etc/htb u menя 6 faйlov

eth0

DEFAULT=20
R2Q=1

eth0-2.full

# root class containing total bandwidth
RATE=512Kbit
CEIL=512Kbit

eth0-2:20.default

# default class for outgoing traffic
RATE=500Kbit
CEIL=512Kbit
LEAF=sfq
PRIO=4

eth2

DEFAULT=20
R2Q=1

eth2-2:20.default

# default class for outgoing traffic
RATE=500Kbit
CEIL=512Kbit
LEAF=sfq
PRIO=4

eth2-2.full

# root class containing total bandwidth
RATE=512Kbit
CEIL=512Kbit

Linki:

http://oss-it.ru/129/comment-page-1#comments

http://leolik.blogspot.com/2008/04/dhcp-squid_19.html

http://habrahabr.ru/blogs/sysadm/123490/#habracut

http://habrahabr.ru/blogs/linux/60095/

http://habrahabr.ru/blogs/ubuntu/73257/