2021年2月11日木曜日

[ノートPC]を natマシン にして [USBテザリングしたrakuten mini ] をとおして インターネットに出る

 


PC---> LAN HUB---> note PC---USBテザリング---->rakuten mini ---LTE---> internet

 

この note PC の設置方法です


# ifconfig 

enp0s26u1u1u4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

enp14s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500





1 # ./comment-out.bat ufw-nat.bat 

ufw disable

ufw enable

ufw default deny

 ufw allow Deluge

 ufw limit ssh/tcp

 ufw status

sleep 1

ifconfig enp14s0 139.96.10.1

sleep 1

systemctl restart dhcpd4

ifconfig





2 # ./comment-out.bat /etc/dhcpd.conf
option domain-name-servers 8.8.8.8, 8.8.4.4;
option subnet-mask 255.255.255.0;
option routers 139.96.10.1;
subnet 139.96.10.0 netmask 255.255.255.0 {
  range 139.96.10.100 139.96.10.109;
}




3 # ./comment-out.bat /etc/ufw/before.rules
*nat
:POSTROUTING ACCEPT [0:0]

-A POSTROUTING -s 139.96.10.0/24 -o enp0s26u1u1u4 -j MASQUERADE

COMMIT

*filter
:ufw-before-input - [0:0]
:ufw-before-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-not-local - [0:0]


-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-output -o lo -j ACCEPT

-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP

-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

-A ufw-before-forward -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type echo-request -j ACCEPT

-A ufw-before-input -p udp --sport 67 --dport 68 -j ACCEPT

-A ufw-before-input -j ufw-not-local

-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN

-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN

-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN

-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP

-A ufw-before-input -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT

-A ufw-before-input -p udp -d 239.255.255.250 --dport 1900 -j ACCEPT

COMMIT





4 # ./comment-out.bat /etc/ufw/sysctl.conf 

net/ipv4/ip_forward=1

net/ipv4/conf/default/rp_filter=1
net/ipv4/conf/all/rp_filter=1
net/ipv4/conf/default/accept_source_route=0
net/ipv4/conf/all/accept_source_route=0
net/ipv6/conf/default/accept_source_route=0
net/ipv6/conf/all/accept_source_route=0
net/ipv4/conf/default/accept_redirects=0
net/ipv4/conf/all/accept_redirects=0
net/ipv6/conf/default/accept_redirects=0
net/ipv6/conf/all/accept_redirects=0
net/ipv4/icmp_echo_ignore_broadcasts=1
net/ipv4/icmp_ignore_bogus_error_responses=1
net/ipv4/icmp_echo_ignore_all=0
net/ipv4/conf/default/log_martians=0
net/ipv4/conf/all/log_martians=0
net/ipv4/tcp_sack=1





5# ./comment-out.bat    /etc/default/ufw

IPV6=yes

DEFAULT_INPUT_POLICY="DROP"

DEFAULT_OUTPUT_POLICY="ACCEPT"

DEFAULT_FORWARD_POLICY="ACCEPT"

DEFAULT_APPLICATION_POLICY="SKIP"

MANAGE_BUILTINS=no

IPT_SYSCTL=/etc/ufw/sysctl.conf

IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns"

























mysetの作り方は

https://qiita.com/tyokai/items/a290d9f490c71da6c23a
みてください





投稿者 時刻: 0 件のコメント:
登録: 投稿 (Atom)