Apache and DNS Behind the NATED firewall

This is what i did to setup Apache and DNS behind the NATED Server/ Router

 

Linux Box as Router

Author: Varinder Singh [varin312@gmail.com] January 13, 2010

 

Hardware Modification

 

Installed one more Network card. (One is already onboard in the system)

 

Eth0- Internet (DSL Modem) (Network 192.168.2.0)

Eth1-> Internal Network (Network 172.16.0.0)

 

Software configuration

 

By default the NICs are controlled by NetworkManager service. NetworkManger service only effective while the user logged in through GUI. And for Linux router I wont prefer to login via GUI or even GUI installed. So we have to stop the NetworkManager service and start the “network” service. Below are the command to do that

 

#service NetworkManager stop

#chkconfig NetworkManager off

 

#service network start

#chkconfig network on

 

Editing the configuration files for NICs

 

Now we have to configure the NIC. I find two ways to do that

 

  1. Via GUI. System->
  2. Manually edit the files /etc/sysconfig/network-scripts/ifgcfg-ethx for NICs

 

I preferred the first option via GUI (I am thinking I will remove the GUI after everything is fine)

 

After editing the configuration files for NICs

 

#service network restart

 

Make IP forwarding ON

 

Open the file /etc/sysctl.conf and change the value of net.ip_forwarding peramteres to 1 from 0. It will looks like given below

 

Ip_forward = 1

 

Run the following command to make changes in kernel for IP farwarding

#sysctl –p

 

To do packet forwarding we have to activate NATing

 

#iptables –t nat –A POSTROUTING –o eth0 –j MASQUERADE


#iptables –append FORWARD –in-interface eth1 -j ACCEPT

 

#service iptables save

 

 

 

 

 

Client Side testing

 

ON THE CLIENT (internal Network Machine) I did the following

 

#service NetworkManager stop

#service network start

 

Configure the NIC on Client with IP 172.16.0.2

 

#ifconfig eth0 172.16.0.2/16

 

 

 

Configure the DHCP server on the router

 

#yum install dhcp

 

#vim /etc/dhcpd.conf

 

#

# DHCP Server Configuration file.

# see /usr/share/doc/dhcp*/dhcpd.conf.sample

# see ‘man 5 dhcpd.conf’

#

 

ddns-update-style interim;

ignore client-updates;

 

 

subnet 172.16.0.0 netmask 255.255.0.0 {

option routers 172.16.0.1;

option subnet-mask 255.255.0.0;

option domain-name “meapay.com”;

option broadcast-address 172.16.255.255;

option domain-name-servers 172.16.0.100, 192.168.2.1;

range dynamic-bootp 172.16.0.2 172.16.0.200;

default-lease-time 86400;

max-lease-time 172800;

}

subnet 192.168.2.0 netmask 255.255.255.0 {

}

 

host ns{

hardware ethernet 00:13:D3:FB:66:90;

fixed-address 172.16.0.100;

}

 

 

 

 

Home Wireless router settings

 

  1. Disable DHCP in the settings of your Router.
  2. Change IP of that as according to your Network.

     

 

 

 

DNS server setup

 

#vim /etc/named.conf

 

 

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

 

options {

listen-on port 53 { any; }; //changed from 127.0.0.1 to any

listen-on-v6 port 53 { ::1; };

directory “/var/named”;

dump-file “/var/named/data/cache_dump.db”;

statistics-file “/var/named/data/named_stats.txt”;

memstatistics-file “/var/named/data/named_mem_stats.txt”;

allow-query { any; }; //changed to any

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside . trust-anchor dlv.isc.org.;

};

 

logging {

channel default_debug {

file “data/named.run”;

severity dynamic;

};

};

 

zone “.” IN {

type hint;

file “named.ca”;

};

 

include “/etc/named.rfc1912.zones”;

 

zone “meapay.com” IN { //declaration of forward and reverse zone files

type master;

file “meapay.db”;

};

zone “0.16.172.in-addr.arpa” IN {

type master;

file “172.16.0.db”;

};

 

include “/etc/pki/dnssec-keys//named.dnssec.keys”;

include “/etc/pki/dnssec-keys//dlv/dlv.isc.org.conf”;

 

 

 

#vim /etc/named/meapay.db

 

$TTL 1D

@ IN SOA ns.meapay.com. root.ns.meapay.com. (

1 ;serial

1D ;refresh

1H ;retry

1W ;expire

3H ) ;minimum

 

NS ns.meapay.com.

ns.meapay.com. A 172.16.0.100

 

 

 

#vim /etc/named/172.16.0.db

 

$TTL 1D

@ IN SOA ns.meapay.com. root.meapay.com. (

0 ;serial

1D ;refresh

1H ;retry

1W ;expire

3H ) ;minimum

 

NS ns.meapay.com.

172.16.0.100 PTR ns.meapay.com.

;192.168.122.88 PTR station88.meapay.com.

;192.168.122.99 PTR station99.meapay.com.

;192.168.122.1 PTR station11.meapay.com.

 

 

#iptables -I INPUT -m state –state NEW -m tcp -p tcp –dport 53 -j ACCEPT

#iptables -I INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
#service iptables save
 

Athour Varinder Singh, Harpinder Singh (Waked up)

Date March 27, 2010 (3:25 AM )

 

 

Port Forwarding on Linux Firewall (Router) for Apache

 

 

DNAT the Packets destined for port 80 at router to be forwarded to Apache at port 8080

 

iptables -t nat -A PREROUTING -p tcp -i eth0 -d xx.xx.xx.xx(Real IP of my Router by ISP) –dport 80 –sport 1024:65535 -j DNAT –to 172.16.0.100:8080

 

After DNAT Forwarded Packets to Apache must be allowed by the firewall

 

 

iptables -A FORWARD -p tcp -i eth0 -o eth1 -d 172.16.0.100 –dport 8080 –sport 1024:65535 -m state –state NEW -j ACCEPT

 

iptables -A FORWARD -t filter -o eth0 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT

 

iptables -A FORWARD -t filter -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT

 

 

There is lot of room to improve it. Please comment if you find errors. I will try to correct

 

Reference: http://www.Linuxhomenetworking.com

                                                                                                                                                                                               
About these ads

4 Comments on “Apache and DNS Behind the NATED firewall”

  1. […] Adres URL: Apache and DNS Behind the NATED firewall « Varinder Singh […]

  2. […] This post was mentioned on Twitter by IT Blog Network, Planet CDOT. Planet CDOT said: Varinder Singh: Apache and DNS Behind the NATED firewall: This is what i did to setup Apache and DNS behind the … http://bit.ly/gR2tib […]

  3. […] (to access Internet) How to setup your own DNS and DHCP server. Please read the post on my blog http://varinderjhand.wordpress.com/2…ated-firewall/ I hope it will […]

  4. […] body knows what is not working. I have tried the similar thing and posted on my blog. Here is link DNS and Apache behind NATED firewall . It may be little different, but you can have idea. Hope it […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.