Différences

Ci-dessous, les différences entre deux révisions de la page.

--- guide:installation_serveur_agregation_connexion_2014 [2016/11/05 14:05] – [1.2.5. Activation du NAT] vivi
+++ guide:installation_serveur_agregation_connexion_2014 [2021/04/18 20:24] (Version actuelle) – modification externe 127.0.0.1
@@ Ligne 117: / Ligne 117: @@
 Une bonne idée est de s'appuyer sur cette méthode : https://help.ubuntu.com/community/Router
-Mais pour mémoire le point important est celui-ci:
+Ce qui va donner chez moi ce genre de chose:
+<code bash>
+nano nat.sh
+</code>
+<code bash>
+#
+# Configure here your interfaces
+#
+EXTIF="bond0"
+INTIF="br0"
+#
+# Commands path
+#
+DEPMOD=/sbin/depmod
+MODPROBE=/sbin/modprobe
+#
+# General information
+#
+echo "[INFO][NAT] Loading NAT configuration..."
+echo "[INFO][NAT] External Interface:  $EXTIF"
+echo "[INFO][NAT] Internal Interface:  $INTIF"
+#
+# Checking requested linux kernel modules
+#
+echo "[INFO][NAT] Verifying that all kernel modules are ok"
+$DEPMOD -a
+echo "[INFO][NAT] Loading module ip_tables..."
+$MODPROBE ip_tables
+echo "[INFO][NAT] Loading module nf_conntrack..."
+$MODPROBE nf_conntrack
+echo "[INFO][NAT] Loading module nf_conntrack_ftp..."
+$MODPROBE nf_conntrack_ftp
+echo "[INFO][NAT] Loading module nf_conntrack_irc..."
+$MODPROBE nf_conntrack_irc
+echo "[INFO][NAT] Loading module iptable_nat..."
+$MODPROBE iptable_nat
+echo "[INFO][NAT] Loading module nf_nat_ftp..."
+$MODPROBE nf_nat_ftp
+#
+# Enabling ip forwarding
+#
+echo "[INFO][NAT] Enabling forwarding..."
+echo "1" > /proc/sys/net/ipv4/ip_forward
+echo "[INFO][NAT] Enabling DynamicAddr..."
+echo "1" > /proc/sys/net/ipv4/ip_dynaddr
+#
+# Setting iptables rules
+#
+echo "[INFO][NAT] Clearing any existing rules and setting default policy..."
+iptables-restore <<-EOF
+*nat
+-A POSTROUTING -o "$EXTIF" -j MASQUERADE
+COMMIT
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A FORWARD -i "$EXTIF" -o "$INTIF" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+-A FORWARD -i "$INTIF" -o "$EXTIF" -j ACCEPT
+-A FORWARD -j LOG
+COMMIT
+EOF
+echo "[INFO][NAT] NAT configuration loaded !"
+</code>
+After configuring the 2 variables, save the script below as nat.sh and make it executable by doing
+<code bash>
+chmod a+x nat.sh
+</code>
+Now, test the script by running as root
+<code bash>
+sudo sh nat.sh
+</code>
+Investigate the messages from the console output to see if any error happened. If everything looks fine, use another host in the internal network to test if it can access the external network (presumably the Internet). A quick way to test is pinging Google public DNS from the console.
+<code bash>
+ping -c 3 -W 10 8.8.8.8
+</code>
+If ping responds, make our new script bootable so we don't have to run the script every time we restart.
+<code bash>
+sudo mv nat.sh /etc/init.d/
+</code>
+See : https://askubuntu.com/questions/765120/after-upgrade-to-16-04-lts-rc-local-not-executing-command
+<code bash>
+sudo systemctl enable rc-local.service
+</code>
+<code bash>
+sudo nano /etc/rc.local
+</code>
 <code>
-sudo iptables -A POSTROUTING -t nat -j MASQUERADE
+# Executing nat script
+/etc/init.d/nat.sh
+</code>
+As a final test, restart your computer and test to see if you still have the same functionality. If so then congratulations! If not then make sure you followed the above correctly so the script is bootable.
+Mais pour mémoire le point important est celui-ci:
+<code bash>
+iptables -A POSTROUTING -t nat -j MASQUERADE
 </code>