Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##############################################################################
- /etc/network/interfaces
- ##############################################################################
- # This file describes the network interfaces available on your system
- # and how to activate them. For more information, see interfaces(5).
- source /etc/network/interfaces.d/*
- # The loopback network interface
- auto lo
- iface lo inet loopback
- # eth0
- allow-hotplug eth0
- iface eth0 inet static
- address 10.0.0.2
- netmask 255.255.255.0
- gateway 10.0.0.1
- nameserver 10.0.0.1
- # eth1
- allow-hotplug eth1
- iface eth1 inet static
- address 10.0.1.1
- netmask 255.255.255.0
- gateway 10.0.0.1
- nameserver 10.0.0.1
- ##############################################################################
- /etc/wide-dhcpv6/dhcp6c.conf
- ##############################################################################
- # Default dhpc6c configuration: it assumes the address is autoconfigured using
- # router advertisements.
- #profile default
- #{
- # information-only;
- #
- # request domain-name-servers;
- # request domain-name;
- #
- # script "/etc/wide-dhcpv6/dhcp6c-script";
- #};
- # eth0 is my external facing interface (WAN)
- interface eth0 {
- # request a non-temporary address
- send ia-na 1;
- # request prefix delegation address
- send ia-pd 1;
- # send rapid commit, don't wait for RA
- send rapid-commit;
- # we'd like information about DNS, too
- request domain-name-servers;
- request domain-name;
- # script provided by my distribution, it adds nameservers to resolv.conf
- script "/etc/wide-dhcpv6/dhcp6c-script";
- };
- id-assoc pd 1 {
- # internal facing interface (LAN), you can duplicate this section if you want more subnets for more interfaces
- prefix-interface eth1 {
- # subnet. Combined with ia-pd to configure the subnet for this interface.
- sla-id 0;
- #IP address "postfix". if not set it will use EUI-64 address of the interface. Combined with SLA-ID'd prefix to create full IP address of interface. In my case, ifid 1 means that eth1 will get a IPv6 ending with ::1
- ifid 1;
- # prefix bits assigned. Take the prefix size you're assigned (something like /48 or /56) and subtract it from 64. In my case I was being assigned a /56, so 64-56=8
- sla-len 8;
- };
- };
- id-assoc na 1 {
- # id-assoc for eth1
- };
- ##############################################################################
- /etc/dnsmasq.conf
- ##############################################################################
- bogus-priv
- except-interface=eth0
- enable-ra
- expand-hosts
- dhcp-authoritative
- domain=internal.myoffice.com
- domain-needed
- local=/internal.myoffice.com/
- log-queries
- # Construct a valid IPv6 range from reading the address set on the interface. The ::1 part refers to the ifid in dhcp6c.conf. Make sure you get this right or dnsmasq will get confused.
- dhcp-range=tag:eth1,::1,constructor:eth1,ra-names,12h
- dhcp-range=10.0.1.10,10.0.1.100,12h
- ##############################################################################
- cat /etc/sysctl.conf
- ##############################################################################
- #
- # /etc/sysctl.conf - Configuration file for setting system variables
- # See /etc/sysctl.d/ for additional system variables.
- # See sysctl.conf (5) for information.
- #
- #kernel.domainname = example.com
- # Uncomment the following to stop low-level messages on console
- #kernel.printk = 3 4 1 3
- #################################################################
- # Functions previously found in netbase
- #
- # Uncomment the next two lines to enable Spoof protection (reverse-path filter)
- # Turn on Source Address Verification in all interfaces to
- # prevent some spoofing attacks
- #net.ipv4.conf.default.rp_filter=1
- #net.ipv4.conf.all.rp_filter=1
- # Uncomment the next line to enable TCP/IP SYN cookies
- # See http://lwn.net/Articles/277146/
- # Note: This may impact IPv6 TCP sessions too
- #net.ipv4.tcp_syncookies=1
- # Uncomment the next line to enable packet forwarding for IPv4
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.forwarding=1
- # Uncomment the next line to enable packet forwarding for IPv6
- # Enabling this option disables Stateless Address Autoconfiguration
- # based on Router Advertisements for this host
- net.ipv6.conf.all.forwarding=1
- net.ipv6.conf.eth0.accept_ra=2
- #################################################################
- # Additional settings - these settings can improve the network
- # security of the host and prevent against some network attacks
- # including spoofing attacks and man in the middle attacks through
- # redirection. Some network environments, however, require that these
- # settings are disabled so review and enable them as needed.
- #
- # Do not accept ICMP redirects (prevent MITM attacks)
- #net.ipv4.conf.all.accept_redirects = 0
- #net.ipv6.conf.all.accept_redirects = 0
- # _or_
- # Accept ICMP redirects only for gateways listed in our default
- # gateway list (enabled by default)
- # net.ipv4.conf.all.secure_redirects = 1
- #
- # Do not send ICMP redirects (we are not a router)
- #net.ipv4.conf.all.send_redirects = 0
- #
- # Do not accept IP source route packets (we are not a router)
- #net.ipv4.conf.all.accept_source_route = 0
- #net.ipv6.conf.all.accept_source_route = 0
- #
- # Log Martian Packets
- #net.ipv4.conf.all.log_martians = 1
- #
- ##############################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement