https://manuais.iessanclemente.net/index.php?title=Linux_como_router&feed=atom&action=historyLinux como router - Historial de revisiones2024-03-29T11:56:03ZHistorial de revisiones de esta página en el wikiMediaWiki 1.36.2https://manuais.iessanclemente.net/index.php?title=Linux_como_router&diff=64111&oldid=prevBruno en 22:27 10 mar 20182018-03-10T22:27:05Z<p></p>
<p><b>Página nueva</b></p><div>Para conigurar un equipo con Debian/Ubuntu como router se ten máis dun interface de rede, basta con habilitar o ''ip forwarding'' ou reenvio de paquetes.<br />
<br />
Isto consíguese poñendo un 1 en vez do 0 que hai no ficheiro ''<tt>/proc/sys/net/ipv4/ip_forward</tt>''<br />
<br />
O principal problema é que cando reiniciamos a máquina volve a estar un 0 onde escribimos un 1, e deshabilita o reenvío de paquetes.<br />
<br />
Para facer eses cambios permanentes, editamos o ficheiro ''<tt>/etc/sysctl.conf</tt>'' e descomentamos a seguinte liña:<br />
<br />
<syntaxhighlight lang="bash" highlight="28"><br />
#<br />
# /etc/sysctl.conf - Configuration file for setting system variables<br />
# See /etc/sysctl.d/ for additional system variables.<br />
# See sysctl.conf (5) for information.<br />
#<br />
<br />
#kernel.domainname = example.com<br />
<br />
# Uncomment the following to stop low-level messages on console<br />
#kernel.printk = 3 4 1 3<br />
<br />
##############################################################3<br />
# Functions previously found in netbase<br />
#<br />
<br />
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)<br />
# Turn on Source Address Verification in all interfaces to<br />
# prevent some spoofing attacks<br />
#net.ipv4.conf.default.rp_filter=1<br />
#net.ipv4.conf.all.rp_filter=1<br />
<br />
# Uncomment the next line to enable TCP/IP SYN cookies<br />
# See http://lwn.net/Articles/277146/<br />
# Note: This may impact IPv6 TCP sessions too<br />
#net.ipv4.tcp_syncookies=1<br />
<br />
# Uncomment the next line to enable packet forwarding for IPv4<br />
net.ipv4.ip_forward=1<br />
<br />
# Uncomment the next line to enable packet forwarding for IPv6<br />
# Enabling this option disables Stateless Address Autoconfiguration<br />
# based on Router Advertisements for this host<br />
#net.ipv6.conf.all.forwarding=1<br />
<br />
###################################################################<br />
# Additional settings - these settings can improve the network<br />
# security of the host and prevent against some network attacks<br />
# including spoofing attacks and man in the middle attacks through<br />
# redirection. Some network environments, however, require that these<br />
# settings are disabled so review and enable them as needed.<br />
#<br />
# Do not accept ICMP redirects (prevent MITM attacks)<br />
#net.ipv4.conf.all.accept_redirects = 0<br />
#net.ipv6.conf.all.accept_redirects = 0<br />
# _or_<br />
# Accept ICMP redirects only for gateways listed in our default<br />
# gateway list (enabled by default)<br />
# net.ipv4.conf.all.secure_redirects = 1<br />
#<br />
# Do not send ICMP redirects (we are not a router)<br />
#net.ipv4.conf.all.send_redirects = 0<br />
#<br />
# Do not accept IP source route packets (we are not a router)<br />
#net.ipv4.conf.all.accept_source_route = 0<br />
#net.ipv6.conf.all.accept_source_route = 0<br />
#<br />
# Log Martian Packets<br />
#net.ipv4.conf.all.log_martians = 1<br />
#<br />
</syntaxhighlight><br />
<br />
Para aplicar a configuración nova, podemos reiniciar o equipo, ou executar<br />
<syntaxhighlight lang="bash"><br />
sysctl -p<br />
</syntaxhighlight><br />
<br />
Como probablemente, as redes as que está conectado o router, son redes privadas, necesitaremios, activar a tradución de enderezos (NAT) mediante ''iptables''. Supoñendo que eth0 é o interface de rede que conecta o router co exterior.<br />
<syntaxhighlight lang="bash"><br />
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br />
</syntaxhighlight><br />
<br />
Para gardar todo isto, instalamos o paquete '''iptables-persistent''' e indicamos que queremos gardar as regras actuais.</div>Bruno