Martin Chang的部落格

Server - 1 NIC Bridged get DHCP from router 192.168.1.1 , 1 NIC Vmnet2 static IP 192.168.2.1

Client - 1 NIC Vmnet2 DHCP from Server

Setup Centos 6 x64 for Server & Client

1. English
2. Basic Storage
3. Fresh Installation Hostname(Server - Server.localdomain, Client - Client.localdomain)
4. Hong Kong
5. Use All Space
6. Desktop

Install VMware Tools for Server & Client

1. Login root
2. Extract VmwareTools-XXXXXX.tar.gz to /tmp
3. cd/tmp/vmware-tools-distrib
4. ./vmware-install.pl
5. reboot machine

Enable the NIC for Server

Login root

• Modify ifcfg

vi /etc/sysconfig/network-scripts/ifcfg-eth0
change ONBOOT="no"  to "yes"
vi /etc/sysconfig/network-scripts/ifcfg-eth1
change ONBOOT="no"  to "yes"

• Modify eth1 to static IP address
  Run setup - network configuration - Device configuration - eth1
  Static IP 192.168.2.1
  Netmask 255.255.255.0
  
  
• Restart network service

/etc/init.d/network restart

Install DHCP for Server

• yum install dhcp
• chkconfig dhcpd on
• modify /etc/dhcp/dhcpd.conf 

------------------------------------
subnet 192.168.2.0 netmask 255.255.255.0 {
  range 192.168.2.100 192.168.2.200;
  option domain-name-servers 192.168.2.1;
  option routers 192.168.2.1;
  default-lease-time 600;
  max-lease-time 7200;
}
----------------------------------------

Enable the NIC for Client

Login root

• Modify ifcfg

vi /etc/sysconfig/network-scripts/ifcfg-eth0
change ONBOOT="no"  to "yes"

• Reboot Client
• run ifconfig to check eth0 DHCP client 

Install DNS  for Server
login root

• yum install bind
• chkconfig named on
• modify /etc/named.conf 

------------------------------------
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { any; };
recursion yes;
        forward only;                    
        forwarders {                     
                192.168.1.1;           
        };
dnssec-enable yes;
dnssec-validation yes;
# dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
----------------------------------------

• modify /etc/sysconfig/iptables.conf 

------------------------------------
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

# Accept DNS client request

-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
------------------------------------

• Restart iptables service

/etc/init.d/iptables restart

• Test the nslookup from client

nslookup www.yahoo.com

Enable the NAT function

Login root

• Modify /etc/sysctl.conf

net.ipv4.ip_forward = 0 to 1

• modify /etc/sysconfig/iptables.conf 

------------------------------------

*nat
:PREROUTING ACCEPT [17:1025]
:POSTROUTING ACCEPT [4:291]
:OUTPUT ACCEPT [4:291]

 # NIC 1 route 去NIC 0
-A POSTROUTING -s 192.168.2.0/24 -o eth1 -j MASQUERADE 
-A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE 
COMMIT

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [22:2203]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 

# Accept DNS client request
-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT 

# Accept HTTP request
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT 

-A INPUT -j REJECT --reject-with icmp-host-prohibited 

# Accept HTTP forward
-A FORWARD -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT 

# Reject ICMP forward
-A FORWARD -p icmp -j REJECT 

COMMIT
------------------------------------

• /etc/init.d/iptables restart