fresh_server

1. ##############################################################################
2. /etc/network/interfaces
3. ##############################################################################
4. # This file describes the network interfaces available on your system
5. # and how to activate them. For more information, see interfaces(5).
6.  
7. source /etc/network/interfaces.d/*
8.  
9. # The loopback network interface
10. auto lo
11. iface lo inet loopback
12.  
13. # eth0
14. allow-hotplug eth0
15. iface eth0 inet static
16. address 10.0.0.2
17. netmask 255.255.255.0
18. gateway 10.0.0.1
19. nameserver 10.0.0.1
20.  
21. # eth1
22. allow-hotplug eth1
23. iface eth1 inet static
24. address 10.0.1.1
25. netmask 255.255.255.0
26. gateway 10.0.0.1
27. nameserver 10.0.0.1
28. ##############################################################################
29. /etc/wide-dhcpv6/dhcp6c.conf
30. ##############################################################################
31. # Default dhpc6c configuration: it assumes the address is autoconfigured using
32. # router advertisements.
33.  
34. #profile default
35. #{
36. # information-only;
37. #
38. # request domain-name-servers;
39. # request domain-name;
40. #
41. # script "/etc/wide-dhcpv6/dhcp6c-script";
42. #};
43.  
44. # eth0 is my external facing interface (WAN)
45. interface eth0 {
46. # request a non-temporary address
47. send ia-na 1;
48. # request prefix delegation address
49. send ia-pd 1;
50. # send rapid commit, don't wait for RA
51. send rapid-commit;
52. # we'd like information about DNS, too
53. request domain-name-servers;
54. request domain-name;
55. # script provided by my distribution, it adds nameservers to resolv.conf
56. script "/etc/wide-dhcpv6/dhcp6c-script";
57. };
58.  
59. id-assoc pd 1 {
60. # internal facing interface (LAN), you can duplicate this section if you want more subnets for more interfaces
61. prefix-interface eth1 {
62. # subnet. Combined with ia-pd to configure the subnet for this interface.
63. sla-id 0;
64. #IP address "postfix". if not set it will use EUI-64 address of the interface. Combined with SLA-ID'd prefix to create full IP address of interface. In my case, ifid 1 means that eth1 will get a IPv6 ending with ::1
65. ifid 1;
66. # prefix bits assigned. Take the prefix size you're assigned (something like /48 or /56) and subtract it from 64. In my case I was being assigned a /56, so 64-56=8
67. sla-len 8;
68. };
69. };
70.  
71. id-assoc na 1 {
72. # id-assoc for eth1
73. };
74. ##############################################################################
75. /etc/dnsmasq.conf
76. ##############################################################################
77. bogus-priv
78. except-interface=eth0
79. enable-ra
80. expand-hosts
81. dhcp-authoritative
82. domain=internal.myoffice.com
83. domain-needed
84. local=/internal.myoffice.com/
85. log-queries
86.  
87. # Construct a valid IPv6 range from reading the address set on the interface. The ::1 part refers to the ifid in dhcp6c.conf. Make sure you get this right or dnsmasq will get confused.
88. dhcp-range=tag:eth1,::1,constructor:eth1,ra-names,12h
89.  
90. dhcp-range=10.0.1.10,10.0.1.100,12h
91. ##############################################################################
92. cat /etc/sysctl.conf
93. ##############################################################################
94. #
95. # /etc/sysctl.conf - Configuration file for setting system variables
96. # See /etc/sysctl.d/ for additional system variables.
97. # See sysctl.conf (5) for information.
98. #
99.  
100. #kernel.domainname = example.com
101.  
102. # Uncomment the following to stop low-level messages on console
103. #kernel.printk = 3 4 1 3
104.  
105. #################################################################
106. # Functions previously found in netbase
107. #
108.  
109. # Uncomment the next two lines to enable Spoof protection (reverse-path filter)
110. # Turn on Source Address Verification in all interfaces to
111. # prevent some spoofing attacks
112. #net.ipv4.conf.default.rp_filter=1
113. #net.ipv4.conf.all.rp_filter=1
114.  
115. # Uncomment the next line to enable TCP/IP SYN cookies
116. # See http://lwn.net/Articles/277146/
117. # Note: This may impact IPv6 TCP sessions too
118. #net.ipv4.tcp_syncookies=1
119.  
120. # Uncomment the next line to enable packet forwarding for IPv4
121. net.ipv4.ip_forward=1
122. net.ipv4.conf.all.forwarding=1
123.  
124.  
125. # Uncomment the next line to enable packet forwarding for IPv6
126. # Enabling this option disables Stateless Address Autoconfiguration
127. # based on Router Advertisements for this host
128. net.ipv6.conf.all.forwarding=1
129. net.ipv6.conf.eth0.accept_ra=2
130.  
131. #################################################################
132. # Additional settings - these settings can improve the network
133. # security of the host and prevent against some network attacks
134. # including spoofing attacks and man in the middle attacks through
135. # redirection. Some network environments, however, require that these
136. # settings are disabled so review and enable them as needed.
137. #
138. # Do not accept ICMP redirects (prevent MITM attacks)
139. #net.ipv4.conf.all.accept_redirects = 0
140. #net.ipv6.conf.all.accept_redirects = 0
141. # _or_
142. # Accept ICMP redirects only for gateways listed in our default
143. # gateway list (enabled by default)
144. # net.ipv4.conf.all.secure_redirects = 1
145. #
146. # Do not send ICMP redirects (we are not a router)
147. #net.ipv4.conf.all.send_redirects = 0
148. #
149. # Do not accept IP source route packets (we are not a router)
150. #net.ipv4.conf.all.accept_source_route = 0
151. #net.ipv6.conf.all.accept_source_route = 0
152. #
153. # Log Martian Packets
154. #net.ipv4.conf.all.log_martians = 1
155. #
156. ##############################################################################