ubuntu12.04 capacity is server (mentohust authentication) plus switch do routing software sharing internet

Recently established in the lab's network environment, all host labs are connected via a switch. Want to be a gateway through the server (single card), using the Mentohust authentication extranet, and then other hosts in the intranet through this gateway to connect to the external network.

1. First use mentohust on the server to connect to the extranet, and then enter the Ifconfig command at the terminal to view the acquired extranet IP:

Eth0      Link encap: Ethernet  Hardware address B8:AC:6F:D8:8F:A2            inet address: 115.156.236.116  broadcast: 115.156.236.255  Mask : 255.255.255.0          inet6 Address: 2001:250:4000:4400:4003:3056:bf9a:df7f/64 scope:global          INET6 Address: 2001:250:4000:4400:BAAC:6FFF:FED8:8FA2/64 Scope:global          inet6 Address: fe80::baac:6fff:fed8:8fa2/64 Scope:Link          Up broadcast RUNNING multicast  mtu:1500  hop count: 1          receive packet: 31284 Error: 0 Discard: 1 Overload: 0 Number of frames: 0          Send packet: 19074 error: 0 Discard: 0 Overload: 0 Carrier: 0          collisions: 0 Send Queue Length: +           Receive bytes: 37252618 (37.2 mb)  Send bytes: 2297121 (2.2 MB) Lo        Link encap: Local loopback            inet address: 127.0.0.1  Mask: 255.0.0.0          Inet6 Address::: 1/128 scope:host up          LOOPBACK RUNNING  mtu:65536  metric: 1          receive packets : 14588 Error: 0 Discard: 0 Overload: 0 Number of frames: 0          Send packet: 14588 error: 0 Discard: 0 Overload: 0 Carrier: 0          collisions: 0 Send Queue Length: 0           Receive bytes: 2383317 (2.3 mb)  Send bytes: 2383317 (2.3 MB)

From the above can be seen to obtain the external network IP is 115.156.236.116, you need to write down this IP, the following will be used.

2. Configure a second IP for the NIC eth0. That is, intranet gateway. Enter the following command in the terminal to achieve:

sudo ifconfig eth0:0 192.168.0.254 up

After completion in the terminal input ifconfig see the output results such as the following:

eth0 Link ENCAP: Ethernet Hardware address B8:AC:6F:D8:8F:A2 inet address: 115.156.236.116 Broadcast: 115.156.236.255 Mask: 255.255.255.0 Inet6 Address: 2001:250:4000:4400:4003:3056:bf9a:df7f/64 scope:global inet6 Address: 2001:250:4000:4400:baac:6fff: FED8:8FA2/64 scope:global Inet6 Address: fe80::baac:6fff:fed8:8fa2/64 scope:link up broadcast RUNNING Multica ST mtu:1500 Hops: 1 Receive packet: 38759 Error: 0 Discard: 1 Overload: 0          Number of frames: 0 Send packet: 22017 error: 0 Discard: 0 Overload: 0          Carrier: 0 Collisions: 0    Send Queue Length: 1000 Receive bytes: 42439643 (42.4 MB) Send bytes: 2741665 (2.7 MB) eth0:0 Link ENCAP: Ethernet Hardware address B8:AC:6F:D8:8F:A2 inet address: 192.168.0.254 Broadcast: 192.168.0.255 mask: 255.255.255.0 up BR Oadcast RUNNING Multicast mtu:1500 hop count: 1lo link encap: Local loopback inet Address: 127.0.0.1 Mask: 255.0.0.0 in Et6 Address::: 1/128 scope:host up LOOPBACK RUNNING mtu:65536 metric: 1 Receive packet: 15363 Error: 0 Discard: 0 Overload: 0          Number of frames: 0 Send packet: 15363 error: 0 Discard: 0 Overload: 0          Carrier: 0 Collisions: 0           Send Queue Length: 0 Bytes Received: 2459095 (2.4 Mb) Send bytes: 2459095 (2.4 MB) 

3. Turn on the server routing feature and enter the following command in the terminal:

sudo echo "1" >/proc/sys/net/ipv4/ip_forward

4. Set iptables, and in the terminal, enter for example the following command:

sudo iptables-f   #关闭防火墙sudo iptables-p INPUT acceptsudo iptables-p FORWARD acceptsudo iptables-t nat-a postrouting -S 192.168.0.0/24-o eth0-j SNAT--to 115.156.236.116 #地址欺骗

After this step is configured. The rest of the intranet hosts are able to configure the intranet IP (192.168.0.X) statically. The gateway is the server's intranet IP, which is 192.168.0.254,dnsserver set to 8.8.8.8 to be able to surf the Internet. The reason for the server (gateway) Ping differs from other hosts in the intranet is that the firewall of the other hosts is not shutting down, especially the Windows system.

5. The above operations are all-in-one. Every time the server restarts, it is executed again. So it's best to write a script to integrate it. Before writing a script, there is a problem that needs to be resolved first, and the server (gateway) is connected via Mentohust. The mentohust via DHCP does not guarantee the same IP access every time. So you need to be able to use the command to obtain the host's IP, we observe ifconfig after the terminal display content:

eth0 Link ENCAP: Ethernet Hardware address B8:AC:6F:D8:8F:A2 inet address: 115.156.236.116 Broadcast: 115.156.236.255 Mask: 255.255.255.0 Inet6 Address: 2001:250:4000:4400:4003:3056:bf9a:df7f/64 scope:global inet6 Address: 2001:250:4000:4400:baac:6fff: FED8:8FA2/64 scope:global Inet6 Address: fe80::baac:6fff:fed8:8fa2/64 scope:link up broadcast RUNNING Multica ST mtu:1500 Hops: 1 Receive packet: 38759 Error: 0 Discard: 1 Overload: 0          Number of frames: 0 Send packet: 22017 error: 0 Discard: 0 Overload: 0          Carrier: 0 Collisions: 0    Send Queue Length: 1000 Receive bytes: 42439643 (42.4 MB) Send bytes: 2741665 (2.7 MB) eth0:0 Link ENCAP: Ethernet Hardware address B8:AC:6F:D8:8F:A2 inet address: 192.168.0.254 Broadcast: 192.168.0.255 mask: 255.255.255.0 up BR Oadcast RUNNING Multicast mtu:1500 hop count: 1lo link encap: Local loopback inet Address: 127.0.0.1 Mask: 255.0.0.0 in Et6 Address::: 1/128 scope:host up LOOPBACK RUNNING mtu:65536 metric: 1 Receive packet: 15363 Error: 0 Discard: 0 Overload: 0          Number of frames: 0 Send packet: 15363 error: 0 Discard: 0 Overload: 0          Carrier: 0 Collisions: 0           Send Queue Length: 0 Bytes Received: 2459095 (2.4 Mb) Send bytes: 2459095 (2.4 MB) 

All we need to get is 115.156.236.116, this part can be intercepted by grep with the awk command, detailed input in the terminal commands such as the following:

Ifconfig | Grep-c 2-w ' \<eth0\> ' | Grep-c 1 Inet6 | grep ' inet address ' | Awk-f ' {print $} ' | Awk-f ': ' {print $} '

We need to use this result in our script. So to assign the result to a variable in the script. To facilitate our use in scripting, the contents of the script file are as follows:

#!/bin/bashserver_ip=$ (ifconfig | grep-c 2-w ' \<eth0\> ' | grep-c 1 inet6 | grep ' inet address ' | awk-f ' ' {print $ }' | Awk-f ': ' {print $} ') sudo ifconfig eth0:0 192.168.0.254 Upsudo echo "1" >/proc/sys/net/ipv4/ip_forwardsudo iptables-fsudo iptables-p INPUT acceptsudo iptables -P FORWARD acceptsudo iptables-t nat-i postrouting-s 192.168.0.0/24-o eth0-j SNAT--to $Server _ip

Save the script file as a file name, such as Connectthenet, and then add the operational permissions for it:

sudo chmod a+x connectthenet

This allows you to use Mentohust to connect to the extranet after each restart of the server. Then run the script once at the terminal to:

sudo./connectthenet

It's like it's done ~

Copyright notice: This article blog original articles, blogs, without consent, may not be reproduced.

ubuntu12.04 capacity is server (mentohust authentication) plus switch do routing software sharing internet