We first prepared and configured Computer B (connected to a wired connection and will act as the router) and Computer A . We manually assigned a static IP address (192.168.8.254) to the interface connected to Computer A and to Computer B. We needed the subnet, gateway, and subnetmask. (Answer to Question 3) Then, we checked if IP forwarding is enabled in linux kernel in Computer B. It was disabled, so we enabled it for the Computer B to act as a router.
After that, we set the appropriate firewall settings.
(Answer to Question 1.)
iptables -F -> flushes the selected chain (all the chains in the table if none is given). This is equivalent to deleting all the rules one by one
iptables -P INPUT ACCEPT -> sets the policy for the chain to the target (INPUT).
iptables -P OUTPUT ACCEPT -> sets the policy for the chain to OUTPUT
iptables -P FORWARD ACCEPT -> sets the policy for the chain to FORWARD
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-> specifies the packet matching table nat (consulted when a packet that creates a new connection is encountered) , then appends POSTROUTING to the selected chain, sets the name of the interface (eth0), and specifies the MASQUERADE (target of the rule).
To check if the configuration for both computers were successful, we pinged Computer B using Computer A. Then, we copied the contents of Computer B's /etc/resolv.conf file to Computer A's. We successfully accessed a website after those steps.
Now, the challenging part was to automate the configuration of Computer A. We created the configuration file /etc/dhcp/dhcpd.conf in Computer B. We used domain-name, domain-name-servers, subnet-mask, broadcast-address, and routers for the option. (Answer to Question 2)
References:
Handouts given
Wikipedia
http://linux.die.net/man/8/iptables
No comments:
Post a Comment