Routerkonfigurationtsdateien (Raspberry): Unterschied zwischen den Versionen

22.05.2016

/etc/network/interfaces:

# interfaces(5) file used by ifup(8) and ifdown(8)

# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
    address 10.1.0.1
    netmask 255.255.255.0

auto wlan0
allow-hotplug wlan0
iface wlan0 inet static
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
    address 10.0.0.98
    netmask 255.255.255.0
    gateway 10.0.0.138
    dns-nameservers 10.0.0.138

# NAT und Masquerading aktivieren
up /sbin/iptables -A FORWARD -o wlan0 -i eth0 -m conntrack --ctstate NEW -j ACCEPT
up /sbin/iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
up /sbin/iptables -t nat -F POSTROUTING
up /sbin/iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

# IP-Forwarding aktivieren
up sysctl -w net.ipv4.ip_forward=1
up sysctl -w net.ipv6.conf.all.forwarding=1

# Port TCP 81 an IP-Adresse 10.1.0.150:80 (Webif)
up /sbin/iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 81 -j DNAT --to-destination 10.1.0.150:80
up /sbin/iptables -A FORWARD -i wlan0 -d 10.1.0.150 -p tcp --dport 81 -j ACCEPT

# Port TCP (100)22 an IP-Adresse 10.1.0.150:22 (ssh)
up /sbin/iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 10022 -j DNAT --to-destination 10.1.0.150:22
up /sbin/iptables -A FORWARD -i wlan0 -d 10.1.0.150 -p tcp --dport 10022 -j ACCEPT

# Port TCP 81 auch ueber OpenVPN an 10.1.0.150 weiterleiten
up /sbin/iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 81 -j DNAT --to-destination 10.1.0.150:80
up /sbin/iptables -A FORWARD -i tun0 -d 10.1.0.150 -p tcp --dport 81 -j ACCEPT

# Port UDP 1194 an IP-Adresse 10.1.0.150 (OpenVPN)
up /sbin/iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 1194 -j DNAT --to-destination 10.1.0.150
up /sbin/iptables -A FORWARD -i wlan0 -d 10.1.0.150 -p udp --dport 1194 -j ACCEPT

# Route für OpenVPN-Pakete aus Ethernet-Schnittstelle
up route add -net 10.7.0.0 netmask 255.255.255.0 gw 10.1.0.1 metric 1

11.05.2016

/etc/network/interfaces:

source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
    address 10.1.0.1
    netmask 255.255.255.0

auto wlan0
allow-hotplug wlan0
iface wlan0 inet static
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
    address 10.0.0.98
    netmask 255.255.255.0
    gateway 10.0.0.138
    dns-nameservers 10.0.0.138

# NAT und Masquerading aktivieren
up /sbin/iptables -A FORWARD -o wlan0 -i eth0 -m conntrack --ctstate NEW -j ACCEPT
up /sbin/iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
up /sbin/iptables -t nat -F POSTROUTING
up /sbin/iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

# IP-Forwarding aktivieren
up sysctl -w net.ipv4.ip_forward=1
up sysctl -w net.ipv6.conf.all.forwarding=1

# Port TCP 81 an IP-Adresse 10.1.0.150:80 (Webif)
up /sbin/iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 81 -j DNAT --to-destination 10.1.0.150:80
up /sbin/iptables -A FORWARD -i wlan0 -d 10.1.0.150 -p tcp --dport 81 -j ACCEPT

# Port TCP 81 auch ueber OpenVPN an 10.1.0.150 weiterleiten
up /sbin/iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 81 -j DNAT --to-destination 10.1.0.150:80
up /sbin/iptables -A FORWARD -i tun0 -d 10.1.0.150 -p tcp --dport 81 -j ACCEPT

# Port UDP 1194 an IP-Adresse 10.1.0.150 (OpenVPN)
up /sbin/iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 1194 -j DNAT --to-destination 10.1.0.150
up /sbin/iptables -A FORWARD -i wlan0 -d 10.1.0.150 -p udp --dport 1194 -j ACCEPT

# Route für OpenVPN-Pakete aus Ethernet-Schnittstelle
up route add -net 10.7.0.0 netmask 255.255.255.0 gw 10.1.0.1 metric 1

Zurück zu Router (Raspbian)