Sponsor me
Services Configuration File Examples¶
DHCP server¶
Variables¶
Globals¶
Name |
Value |
|---|---|
|
Domain name |
|
Primary DNS |
|
Secondary DNS |
|
Network address where the DHCP service will run |
|
Network mask |
|
Start address for the dynamic address range |
|
End address for the dynamic address range |
|
Network gateway |
For each host¶
Name |
Value |
|---|---|
|
Host name |
|
Host MAC Address (for example |
|
Host IP Address |
Configuration file¶
ddns-update-style none;
option domain-name %(domain_name);
option domain-name-servers %(dns_1), %(dns_2);
authoritative;
log-facility local7;
subnet %(net_address) netmask %(net_mask) {
range %(net_start) %(net_end);
option routers %(net_gateway);
}
# for each host
host %(host1_name) {
fixed-address %(host1_ip);
hardware ethernet %(host1_mac);
}
# end for each host
DNS (Bind)¶
Variables¶
Name |
Value |
|---|---|
|
ISP’s DNS server (can have multiple values) |
|
IP Address where the server will listen (can have multiple values) |
|
Zone (or domain) that the server will manage (can have multiple values) |
Configuration file¶
options {
directory "/var/bind";
forward first;
forwarders {
%(isp_dns1);
%(isp_dns2);
};
listen-on-v6 { none; };
listen-on {
%(bind_addr1);
%(bind_addr2);
};
pid-file "/var/run/named/named.pid";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
# for each host
zone "%(zone1)" IN {
type master;
file "pri/%(zone1).zone";
allow-update { none; };
notify no;
};
zone "%(zone1)" IN {
type master;
file "pri/%(zone1).zone.ptr";
allow-update { none; };
notify no;
};
# end for each host
iptables¶
Table management¶
List rules from a table¶
# iptables -t ${table} -L -v
Remove a rule from a table¶
# iptables -t ${table} -D ${chain} ${num}
Remove all rules from a table¶
# iptables -t ${table} -F
Remove all rules of a specific chain from a table¶
# iptables -t ${table} -F ${chain}
Filter rules¶
List¶
# iptables -t filter -L -v
Add¶
# iptables -t filter -I ${chain} ${pos} -j ${target} \
[-s ${src_ip}/${src_ip_prefix_length}] \
[-d ${dest_ip}/${dst_ip_prefix_length}] \
[-p ${protocol}]
If protocol (-p option) is udp or tcp, source and target ports
can be added:
# iptables -t filter -I ${chain} ${num} -j ${target} \
[-s ${src_ip}/${src_ip_prefix_length}] \
[-d ${dest_ip}/${dst_ip_prefix_length}] \
[-p ${protocol}] -m ${protocolo} \
[--sport ${src_port}] [--dport ${dst_port}]
Where:
${chain}isINPUT,OUTPUTorFORWARD${pos}is the index of the rule inside de table${protocol}isudp,tcp,icmporall${target}isDROP,ACCEPTorREJECT
NAT rules¶
List¶
# iptables -t nat -L -v
Port forwarding¶
# iptables -t nat -I PREROUTING ${pos} -i ${dev} \
-j DNAT --to ${nat_dst_ip}[:${nat_dst_port}] \
-p <tcp|udp> --dport ${port} \
[-s ${src_ip}/${src_ip_prefix_length}] \
[-d ${dest_ip}/${dst_ip_prefix_length}]
Masquerading (masq)¶
# iptables -t nat -I POSTROUTING ${pos} -o ${dev} \
-j MASQUERADE -s ${src_ip}/${src_ip_prefix_length}
SNAT (snat)¶
# iptables -t nat -I POSTROUTING ${pos} -o ${dev} \
-j SNAT --to ${nat_src_ip} \
-s ${src_ip}/${src_ip_prefix_length}