infra:serveurs:sonic
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
projets:fuz:sonic [2019-09-15 21:07] – barzi | infra:serveurs:sonic [2023-11-08 21:06] – removed - external edit (Unknown date) 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Sonic : services internet FUZ@Laboïkos ====== | ||
- | |||
- | <WRAP round box 60%> | ||
- | ===== Goals ===== | ||
- | * Avoir un serveur/ | ||
- | </ | ||
- | |||
- | ===== Ressources ===== | ||
- | * heu, internet? | ||
- | |||
- | ===== Roadmap ===== | ||
- | - Arrivée de la fibre | ||
- | - Test pour se passer de la livebox | ||
- | - installation du serveur (base sonicemotion) | ||
- | |||
- | ===== Procedure ===== | ||
- | - Installation debian stretch (amd64) | ||
- | - Ajout des paquets | ||
- | '' | ||
- | - Ajout du fichier ''/ | ||
- | < | ||
- | # Port du haut | ||
- | SUBSYSTEM==" | ||
- | # Port du bas | ||
- | SUBSYSTEM==" | ||
- | </ | ||
- | - Ajout du chargement automatique du module vlan au démarrage : | ||
- | < | ||
- | # | ||
- | # This file contains the names of kernel modules that should be loaded | ||
- | # at boot time, one per line. Lines beginning with "#" | ||
- | 8021q | ||
- | </ | ||
- | - Ajout du fichier ''/ | ||
- | < | ||
- | user " | ||
- | |||
- | pty "/ | ||
- | noipdefault | ||
- | defaultroute | ||
- | hide-password | ||
- | replacedefaultroute | ||
- | persist | ||
- | noauth | ||
- | usepeerdns | ||
- | lcp-echo-interval 20 | ||
- | lcp-echo-failure 3 | ||
- | plugin rp-pppoe.so wan0.835 | ||
- | default-asyncmap | ||
- | noaccomp | ||
- | mtu 1492</ | ||
- | |||
- | - et la ligne avec le mot de passe correspondant au login utilisé dans ''/ | ||
- | - Configuration du réseau dans ''/ | ||
- | < | ||
- | |||
- | iface wan0 inet manual | ||
- | iface wan0.835 inet manual | ||
- | |||
- | iface ppp0 inet ppp | ||
- | provider orange | ||
- | |||
- | iface lan0 inet static | ||
- | address 192.168.42.1/ | ||
- | </ | ||
- | |||
- | - Ajout des règles netfilter dans un fichier ''/ | ||
- | < | ||
- | #!/bin/bash | ||
- | |||
- | echo 1 > / | ||
- | echo 0 > / | ||
- | echo 1 > / | ||
- | echo 0 > / | ||
- | echo 0 > / | ||
- | echo 1 > / | ||
- | echo 1 > / | ||
- | |||
- | # Flush all chains | ||
- | iptables --flush | ||
- | ip6tables --flush | ||
- | # stop routing | ||
- | echo 0 > / | ||
- | # Flush | ||
- | iptables -F | ||
- | iptables -t nat -F | ||
- | |||
- | OUT=" | ||
- | echo " | ||
- | |||
- | # Allow unlimited traffic on the loopback interface | ||
- | / | ||
- | / | ||
- | |||
- | # Accepte les paquets des sessions deja etablies | ||
- | / | ||
- | # Allow unlimited outbound traffic | ||
- | / | ||
- | / | ||
- | |||
- | |||
- | |||
- | # Disallow NEW and INVALID incoming or forwarded packets from $OUT. | ||
- | iptables -A INPUT -i $OUT -m state --state NEW,INVALID -j DROP | ||
- | |||
- | iptables -t nat -A POSTROUTING -o $OUT -j MASQUERADE | ||
- | iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu | ||
- | # Turn on IP forwarding | ||
- | echo 1 > / | ||
- | </ | ||
- | Sans oublier de le rendre exécutable '' | ||
- | - Configurer le serveur DHCP ''/ | ||
- | < | ||
- | option domain-name " | ||
- | Option domain-name-servers 8.8.8.8, 8.8.4.4; # a changer | ||
- | |||
- | ## LAN0 | ||
- | subnet 192.168.42.0 netmask 255.255.255.0 { | ||
- | range 192.168.42.42 192.168.42.254; | ||
- | option subnet-mask 255.255.255.0; | ||
- | option broadcast-address 192.168.42.255; | ||
- | option routers 192.168.42.1; | ||
- | } | ||
- | </ | ||
- | |||
- | Relancer tout! | ||
- | |||
- | À suivre : configuration exim4/ | ||
- | |||
- | <WRAP notice round box 70%> | ||
- | ===== Follow-up ===== | ||
- | * Project created on **Sun 12-05-19** by **[[mailto: | ||
- | </ | ||
infra/serveurs/sonic.txt · Last modified: 2023-11-08 21:41 by ToM