steps to configure a centos router
TRANSCRIPT
-
7/29/2019 Steps to Configure a CentOS Router
1/50
http://keymoo.info/trading
1 | P a g e
Moo Trader IT Infrastructure
Publish Date: 1 Sep 2012
This written guide is for videos 3, 4, 5 of my guide for a virtual trading infrastructure. There are five
videos in the series.
The playlist is herehttp://www.youtube.com/playlist?list=PL0EE3D21CC70F0541
http://www.youtube.com/playlist?list=PL0EE3D21CC70F0541http://www.youtube.com/playlist?list=PL0EE3D21CC70F0541http://www.youtube.com/playlist?list=PL0EE3D21CC70F0541http://www.youtube.com/playlist?list=PL0EE3D21CC70F0541 -
7/29/2019 Steps to Configure a CentOS Router
2/50
http://keymoo.info/trading
2 | P a g e
Part 3Video guide available here:http://youtu.be/iBqjabVnfY0
Steps to configure a CentOS router/firewall
Install CentOS 6.3 x64
Download the ISO fromhttp://www.centos.org/orhttp://mirror.centos.org/centos/6/isos/x86_64/
I use CentOS-6.3-x86_64-bin-DVD1.iso theres a torrent link there also for a faster download.
Create VM
Create your VM as shown in the video in Part 3 here:
http://youtu.be/iBqjabVnfY0http://youtu.be/iBqjabVnfY0http://youtu.be/iBqjabVnfY0http://www.centos.org/http://www.centos.org/http://www.centos.org/http://mirror.centos.org/centos/6/isos/x86_64/http://mirror.centos.org/centos/6/isos/x86_64/http://mirror.centos.org/centos/6/isos/x86_64/http://mirror.centos.org/centos/6/isos/x86_64/http://www.centos.org/http://youtu.be/iBqjabVnfY0 -
7/29/2019 Steps to Configure a CentOS Router
3/50
http://keymoo.info/trading
3 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
4/50
http://keymoo.info/trading
4 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
5/50
http://keymoo.info/trading
5 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
6/50
http://keymoo.info/trading
6 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
7/50
http://keymoo.info/trading
7 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
8/50
http://keymoo.info/trading
8 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
9/50
http://keymoo.info/trading
9 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
10/50
http://keymoo.info/trading
10 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
11/50
http://keymoo.info/trading
11 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
12/50
http://keymoo.info/trading
12 | P a g e
Boot VM and install CentOS
-
7/29/2019 Steps to Configure a CentOS Router
13/50
http://keymoo.info/trading
13 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
14/50
http://keymoo.info/trading
14 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
15/50
http://keymoo.info/trading
15 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
16/50
http://keymoo.info/trading
16 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
17/50
http://keymoo.info/trading
17 | P a g e
Check the MAC addresses you configured in vSphere Client. In my example The external network is
Internal network is
Configure each network card
Click Edit
-
7/29/2019 Steps to Configure a CentOS Router
18/50
http://keymoo.info/trading
18 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
19/50
http://keymoo.info/trading
19 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
20/50
http://keymoo.info/trading
20 | P a g e
Click Apply
-
7/29/2019 Steps to Configure a CentOS Router
21/50
http://keymoo.info/trading
21 | P a g e
Now edit the internal interface
-
7/29/2019 Steps to Configure a CentOS Router
22/50
http://keymoo.info/trading
22 | P a g e
Click Apply
-
7/29/2019 Steps to Configure a CentOS Router
23/50
http://keymoo.info/trading
23 | P a g e
Click Close, Next.
-
7/29/2019 Steps to Configure a CentOS Router
24/50
http://keymoo.info/trading
24 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
25/50
http://keymoo.info/trading
25 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
26/50
http://keymoo.info/trading
26 | P a g e
Click Write changes to disk
-
7/29/2019 Steps to Configure a CentOS Router
27/50
http://keymoo.info/trading
27 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
28/50
http://keymoo.info/trading
28 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
29/50
http://keymoo.info/trading
29 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
30/50
http://keymoo.info/trading
30 | P a g e
Click Reboot
-
7/29/2019 Steps to Configure a CentOS Router
31/50
http://keymoo.info/trading
31 | P a g e
Login, and shut down the machine and take a Snapshot.
-
7/29/2019 Steps to Configure a CentOS Router
32/50
http://keymoo.info/trading
32 | P a g e
-
7/29/2019 Steps to Configure a CentOS Router
33/50
http://keymoo.info/trading
33 | P a g e
Power on
Connect via Puttyhttp://www.putty.org/
Click Yes
http://www.putty.org/http://www.putty.org/http://www.putty.org/http://www.putty.org/ -
7/29/2019 Steps to Configure a CentOS Router
34/50
http://keymoo.info/trading
34 | P a g e
Check network interfaces are up and running
-
7/29/2019 Steps to Configure a CentOS Router
35/50
http://keymoo.info/trading
35 | P a g e
Update packagesyum update
This will update your packages to the latest version
Check network settingsifconfig
Make sure that your adapters are set up correctly, note down which is internal, external and
DMZ/Wireless if you use a third.
Install download toolyum install wget
Install rpmforge
Download the files
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
wgethttp://apt.sw.be/RPM-GPG-KEY.dag.txt
Import the key
rpm --import RPM-GPG-KEY.dag.txt
Check the package
rpm -K rpmforge-release-0.5.2-2.el6.rf.i686.rpm
Install the package
rpm -ivh rpmforge-release-0.5.2-2.el6.rf.i686.rpm
Install nano editor
yum install nano
Check the package is enabled
nano /etc/yum.repos.d/rpmforge.repo
check its enabled
[rpmforge]
name = RHEL $releasever - RPMforge.net - dag
baseurl = http://apt.sw.be/redhat/el6/en/$basearch/rpmforge
mirrorlist = http://apt.sw.be/redhat/el6/en/mirrors-rpmforge
#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge
enabled = 1
protect = 0
http://apt.sw.be/RPM-GPG-KEY.dag.txthttp://apt.sw.be/RPM-GPG-KEY.dag.txthttp://apt.sw.be/RPM-GPG-KEY.dag.txthttp://apt.sw.be/RPM-GPG-KEY.dag.txt -
7/29/2019 Steps to Configure a CentOS Router
36/50
http://keymoo.info/trading
36 | P a g e
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1
-
7/29/2019 Steps to Configure a CentOS Router
37/50
http://keymoo.info/trading
37 | P a g e
Part 4Video guide available here:http://youtu.be/gRIYIDyXQQY
Configure internal network interfacenano /etc/sysconfig/network-scripts/ifcfg-eth1
edit the file so it looks like this. Your HWADDR and UUID will be different. There may be other minor
differences.
DEVICE="eth1"
BOOTPROTO="static"
ONBOOT=yes
TYPE="Ethernet"
UUID="2915807d-57a3-4c1b-a67e-96c3d10043f7"
HWADDR=00:0C:29:5B:2D:17
IPADDR=10.0.0.9
DNS1=10.0.0.6
DNS2=208.67.222.222
DNS3=208.67.220.220
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="eth1 internal"
Install Shorewall
Take a VMware snapshot
In case you mess this bit up
Install pre-requisites
Shorewall has some dependencies that are not resolved by the rpm package. You will need to install
bc, perl and the perl-Digest-SHA1 package.
yum install bc perl perl-Digest-SHA1
Download the packages
Refer tohttp://shorewall.net/download.htmfor more info
wgethttp://www.invoca.ch/pub/packages/shorewall/RPMS/ils-5/noarch/shorewall-4.5.7.1-1.el5.noarch.rpm
wgethttp://www.invoca.ch/pub/packages/shorewall/RPMS/ils-5/noarch/shorewall-core-4.5.7.1-
1.el5.noarch.rpm
Download the key
http://youtu.be/gRIYIDyXQQYhttp://youtu.be/gRIYIDyXQQYhttp://youtu.be/gRIYIDyXQQYhttp://shorewall.net/download.htmhttp://shorewall.net/download.htmhttp://shorewall.net/download.htmhttp://www.invoca.ch/pub/packages/shorewall/RPMS/ils-5/noarch/shorewall-4.5.7.1-1.el5.noarch.rpmhttp://www.invoca.ch/pub/packages/shorewall/RPMS/ils-5/noarch/shorewall-4.5.7.1-1.el5.noarch.rpmhttp://www.invoca.ch/pub/packages/shorewall/RPMS/ils-5/noarch/shorewall-4.5.7.1-1.el5.noarch.rpmhttp://www.invoca.ch/pub/packages/shorewall/RPMS/ils-5/noarch/shorewall-core-4.5.7.1-1.el5.noarch.rpmhttp://www.invoca.ch/pub/packages/shorewall/RPMS/ils-5/noarch/shorewall-core-4.5.7.1-1.el5.noarch.rpmhttp://www.invoca.ch/pub/packages/shorewall/RPMS/ils-5/noarch/shorewall-core-4.5.7.1-1.el5.noarch.rpmhttp://www.invoca.ch/pub/packages/shorewall/RPMS/ils-5/noarch/shorewall-core-4.5.7.1-1.el5.noarch.rpmhttp://www.invoca.ch/pub/packages/shorewall/RPMS/ils-5/noarch/shorewall-core-4.5.7.1-1.el5.noarch.rpmhttp://www.invoca.ch/pub/packages/shorewall/RPMS/ils-5/noarch/shorewall-core-4.5.7.1-1.el5.noarch.rpmhttp://www.invoca.ch/pub/packages/shorewall/RPMS/ils-5/noarch/shorewall-4.5.7.1-1.el5.noarch.rpmhttp://shorewall.net/download.htmhttp://youtu.be/gRIYIDyXQQY -
7/29/2019 Steps to Configure a CentOS Router
38/50
http://keymoo.info/trading
38 | P a g e
wgethttps://lists.shorewall.net/shorewall.gpg.key
Install the key
rpm --import shorewall.gpg.key
Install the core package
rpm -ivh shorewall-core-4.5.7.1-1.el5.noarch.rpm
Install the main package
rpm -ivh shorewall-4.5.7.1-1.el5.noarch.rpm
Check that shorewall is there
cd /etc/shorewall/
lslha
Make copies of the config files were going to change in case we need to revert, and for future
reference.
cp zones zones.orig
cp shorewall.conf shorewall.conf.orig
cp rules rules.orig
cp policy policy.orig
cp masq masq.orig
cp interfaces interfaces.orig
Configure the firewall
Edit the zones file
nano zones
This file may differ from my setup, refer to the documentation
http://shorewall.net/GettingStarted.html
You will probably use the two-interface configuration, so I will show you how to set that up.
http://shorewall.net/two-interface.htm
Heres my file
# Shorewall version 4 - Zones File
#
# For information about this file, type "man shorewall-zones"
#
# The manpage is also online at
https://lists.shorewall.net/shorewall.gpg.keyhttps://lists.shorewall.net/shorewall.gpg.keyhttps://lists.shorewall.net/shorewall.gpg.keyhttp://shorewall.net/GettingStarted.htmlhttp://shorewall.net/GettingStarted.htmlhttp://shorewall.net/two-interface.htmhttp://shorewall.net/two-interface.htmhttp://shorewall.net/two-interface.htmhttp://shorewall.net/GettingStarted.htmlhttps://lists.shorewall.net/shorewall.gpg.key -
7/29/2019 Steps to Configure a CentOS Router
39/50
http://keymoo.info/trading
39 | P a g e
# http://www.shorewall.net/manpages/shorewall-zones.html
#
###############################################################################
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
loc ipv4
nano interfaces
Add the following lines
net eth0 dhcp,tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0
loc eth1 tcpflags,nosmurfs,routefilter,logmartians
Configure policy
nano policy
Add these lines
loc net ACCEPT
net all DROP info
loc $FW ACCEPT
$FW all ACCEPT
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
Configure masquerading
nano masq
Add
eth0 10.0.0.0/8
Edit shorewall.conf so that the firewall is enabled at startup
nano shorewall.conf
Change
STARTUP_ENABLED=No
-
7/29/2019 Steps to Configure a CentOS Router
40/50
http://keymoo.info/trading
40 | P a g e
To
STARTUP_ENABLED=Yes
Any other setups, look at the docs, theyre pretty good. Configure your files as shown in the guide on
that two-interface page.
Check your firewall configshorewall check
Should get something like this with no errors
Checking...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Checking /etc/shorewall/zones...
Checking /etc/shorewall/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Checking /usr/share/shorewall/action.Drop for chain Drop...
Checking /usr/share/shorewall/action.Broadcast for chain Broadcast...
Checking /usr/share/shorewall/action.Invalid for chain Invalid...
Checking /usr/share/shorewall/action.NotSyn for chain NotSyn...
Checking /usr/share/shorewall/action.Reject for chain Reject...
Checking /etc/shorewall/policy...
Running /etc/shorewall/initdone...
Adding Anti-smurf Rules
Adding rules for DHCP
Checking TCP Flags filtering...
Checking Kernel Route Filtering...
Checking Martian Logging...
Checking Accept Source Routing...
Checking /etc/shorewall/tcrules...
Checking MAC Filtration -- Phase 1...
Checking /etc/shorewall/rules...
Checking /etc/shorewall/conntrack...
Checking MAC Filtration -- Phase 2...
-
7/29/2019 Steps to Configure a CentOS Router
41/50
http://keymoo.info/trading
41 | P a g e
Applying Policies...
Shorewall configuration verified
Start your firewall for the first timeshorewall start
Should get this:
Compiling...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Compiling /usr/share/shorewall/action.Drop for chain Drop...
Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast...
Compiling /usr/share/shorewall/action.Invalid for chain Invalid...
Compiling /usr/share/shorewall/action.NotSyn for chain NotSyn...
Compiling /usr/share/shorewall/action.Reject for chain Reject...
Compiling /etc/shorewall/policy...
Running /etc/shorewall/initdone...
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling Accept Source Routing...
Compiling /etc/shorewall/tcrules...
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...
Compiling /etc/shorewall/conntrack...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Generating Rule Matrix...
-
7/29/2019 Steps to Configure a CentOS Router
42/50
http://keymoo.info/trading
42 | P a g e
Creating iptables-restore input...
Shorewall configuration compiled to /var/lib/shorewall/.start
Starting Shorewall....
Initializing...
Processing /etc/shorewall/init ...
Processing /etc/shorewall/tcclear ...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Accept Source Routing...
Setting up Proxy ARP...
Preparing iptables-restore input...
Running /sbin/iptables-restore...
IPv4 Forwarding Enabled
Processing /etc/shorewall/start ...
Processing /etc/shorewall/started ...
done.
Test your connection at this stage and configure one of your machines to use your new firewall as
the gateway. It should work.
Troubleshooting
If it doesnt, then it is likely either ifcfg-eth0, ifcfg-eth1 or you have muddled up your internal with
external interfaces. Check your /etc/shorewall/interfaces file. Check the output ofifconfig matches
the network interfaces you have set up in VMware vSphere client.
Take a snapshot
We will take a snapshot now before moving on to the caching proxy server installation.
Proxy server installationyum install squid
Done!
Backup config file
cp /etc/squid/squid.conf /etc/squid/squid.conf.orig
Configure firewall to redirect local traffic to the proxynano /etc/shorewall/rules
Proxy server by default listens on port 3128. Add these lines /etc/shorewall/rules file
-
7/29/2019 Steps to Configure a CentOS Router
43/50
http://keymoo.info/trading
43 | P a g e
ACCEPT $FW net tcp www
REDIRECT loc 3128 tcp www
Configure squidnano /etc/squid/squid.conf
Change line
http_port 3128
to
http_port 3128 intercept
Depending on what your local network range is, you will need to comment out some possible
internal networks in squid.conf. Mine looks like this:
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
#acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
Restart shorewall and start squidshorewall restart
service squid start
Test
In your test machine, make sure you can still access the internet when it is pointed to this firewall as
the gateway. All should be well. Squid can be configured in a variety of ways depending on your
setup. I recommend you read the documentation. The default config options may not be optimal.
You may want to change or add the following options:
Cache_mem
Maximum_object_size_in_memory
Maximum_object_size
And others.
Enable autostart of shorewall and squidTo see what services begin at startup, type
-
7/29/2019 Steps to Configure a CentOS Router
44/50
http://keymoo.info/trading
44 | P a g e
Chkconfig
Will look like this:
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rdisc 0:off 1:off 2:off 3:off 4:off 5:off 6:off
restorecond 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
shorewall 0:off 1:off 2:on 3:on 4:on 5:on 6:off
squid 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off
Shorewall should already be configured, but squid wont be.
chkconfig squid on
Squid will now start on boot.
Take a snapshot
We will take a snapshot now before moving on to the content filter installation. If you dont want a
content filter, then you can skip this step. If you have kids on your network, you might want to installand configure this, or use OpenDNS.org as a content filter. I use both.
Install content filterThis step can be skipped if you dont want a content filter.
yum install dansguardian
Reconfigure firewall
You will need to point your firewall to dansguardian now instead ofsquid. The flow is
internet->firewall->dansguardian->squid->client
-
7/29/2019 Steps to Configure a CentOS Router
45/50
http://keymoo.info/trading
45 | P a g e
dansguardian listens on port 8080, so we need to change the firewall.
nano /etc/shorewall/rules
Change
REDIRECT loc 3128 tcp www
To
REDIRECT loc 8080 tcp www
Configure dansguardian
Dansguardian comes with a lot of config files and blacklist files. Im not going into it in depth here,
theres plenty of info on the internet about it. Dansguardian should work with the default config, but
it is setup for a primary school and will be over-eager in blocking. Change the naughtiness level to
from 50 to a higher number. I use 150. Before we do that, let s copy our original files.
cp /etc/dansguardian/dansguardian.conf /etc/dansguardian/dansguardian.conf.orig
cp /etc/dansguardian/dansguardianf1.conf /etc/dansguardian/dansguardianf1.conf.orig
Dansguardian allows you to have different settings in the dansguardianf1, dansguardianf2 file, etc. I
only use one, lets edit dansguardianf1.conf
nano /etc/dansguardian/dansguardianf1.conf
Change the line
Naughtynesslimit = 50
To
Naughtynesslimit = 150
Yes, the dansguardian developers cant spell. Start dansguardian
service dansguardian start
Test your connection. Try a dodgy site, it should be blocked. There are various exception files which
you can configure, have a look through and read the docs if you want to tune it to your needs.
Finally,
chkconfig dansguardian on
Take a snapshot
We will take a snapshot now before moving on to the DNS/DHCP installation.
-
7/29/2019 Steps to Configure a CentOS Router
46/50
http://keymoo.info/trading
46 | P a g e
DNS/DHCP Server configYou can use industry standard software for this, but they are quite large and tricky to set up. The
main ones are BIND9, and ISC DHCP. I use dnsmasq instead as it is easier for me to set up. You can
use the heavier weight ones if you like, but you dont need to for home/soho use.
yum install dnsmasq
IMPORTANT: Before starting this, make sure any other DHCP and DNS servers are stopped on your
network. Competing DHCP servers on a network dont work very well.
DHCP
DHCP is configured using the dnsmasq.conf file. If you want to use DHCP reservations then use the
/etc/ethers file. This will give out the same IP address every time for the MAC address specified. For
info on configuring dnsmasq, go tohttp://www.thekelleys.org.uk/dnsmasq/doc.html
My config file looks like this:
# these options were copied from ClearOS config
bogus-priv
cache-size=5000
conf-dir=/etc/dnsmasq.d
dhcp-authoritative
dhcp-lease-max=1000
domain-needed
domain=localdomain
expand-hosts
no-negcache
strict-order
user=nobody
# For debugging purposes, log each DNS query as it passes through.
log-queries
# Log lots of extra information about DHCP transactions.
log-dhcp
DHCP options are in /etc/dnsmasq.d/dhcp.conf My file looks like this
dhcp-option=eth1,1,255.255.255.0
dhcp-option=eth1,3,10.0.0.9
dhcp-option=eth1,6,10.0.0.9,208.67.222.222,208.67.220.220
http://www.thekelleys.org.uk/dnsmasq/doc.htmlhttp://www.thekelleys.org.uk/dnsmasq/doc.htmlhttp://www.thekelleys.org.uk/dnsmasq/doc.htmlhttp://www.thekelleys.org.uk/dnsmasq/doc.html -
7/29/2019 Steps to Configure a CentOS Router
47/50
http://keymoo.info/trading
47 | P a g e
dhcp-option=eth1,15,localdomain
dhcp-option=eth1,28,10.0.0.255
dhcp-range=eth1,10.0.0.100,10.0.0.254,12h
read-ethers
This file doesnt exist by default, you will need to create it.
option 1 is the netmask to give
option 3 is the default gateway set this to 10.0.0.9
option 6 are the DNS servers to give out.
option 15 is the domain suffix
option 28 is the broadcast address
dhcp-range is the range of ip addresses that dynamic IPs will be given out.
Read-ethers tells dnsmasq to read the /etc/ethers file
My /etc/ethers file looks like this
# see man ethers for syntax
00:1b:2f:d5:f6:78 10.0.0.2
00:0c:29:cd:6f:18 10.0.0.6
Etc for each MAC address on your network. I have about 25 lines in here.
DNS setup
The DNS is read from the /etc/hosts file. Make sure this is set up how you want. Mine looks like this:
127.0.0.1 localhost.localdomain localhost
10.0.0.6 carbon.localdomain carbon
10.0.0.1 hydrogen.localdomain hydrogen
10.0.0.2 helium.localdomain helium
10.0.0.3 lithium.localdomain lithium
10.0.0.4 beryllium.localdomain
10.0.0.5 boron.localdomain boron
10.0.0.7 nitrogen.localdomain nitrogen
10.0.0.8 oxygen.localdomain oxygen
10.0.0.9 flourine.localdomain flourine
10.0.0.10 neon.localdomain neon
10.0.0.12 magnesium.localdomain magnesium
-
7/29/2019 Steps to Configure a CentOS Router
48/50
http://keymoo.info/trading
48 | P a g e
Finally,
chkconfig dnsmasq on
Shut down your server and take another snapshot. Boot it up and test it with a client using DHCP. It
should all work.
-
7/29/2019 Steps to Configure a CentOS Router
49/50
http://keymoo.info/trading
49 | P a g e
Part 5Video guide available here:http://youtu.be/4EFnSJS5FWQ
NTP
Install the service
Yum install ntp
Backup the config file
cp /etc/ntp.conf /etc/ntp.conf.orig
A the top of the file add
tinker panic 0
In the server section you can add your preferred NTP servers near your location. Start the service,
service ntpd start
Start at boot
chkconfig ntpd on
Webmin
Documentation herehttp://www.webmin.com/rpm.html
Add the webmin repo
nano /etc/yum.repos.d/webmin.repo
And add these lines
[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1
Download the key
wget http://www.webmin.com/jcameron-key.asc
Import the key
rpm --import jcameron-key.asc
Update the repos
yum update
Install the software
http://youtu.be/4EFnSJS5FWQhttp://youtu.be/4EFnSJS5FWQhttp://youtu.be/4EFnSJS5FWQhttp://www.webmin.com/rpm.htmlhttp://www.webmin.com/rpm.htmlhttp://www.webmin.com/rpm.htmlhttp://www.webmin.com/rpm.htmlhttp://youtu.be/4EFnSJS5FWQ -
7/29/2019 Steps to Configure a CentOS Router
50/50
http://keymoo.info/trading
yum install webmin
When its installed you should be able to access it like so
http://flourine.localdomain:10000/
You will get a screen similar to this in your browser
http://flourine.localdomain:10000/http://flourine.localdomain:10000/http://flourine.localdomain:10000/