Como passar DNS Wifi e acesso à internet ao cliente DHCP

Question

Como passar DNS Wifi e acesso à internet ao cliente DHCP

#1 resposta do (2 votos)
#2 resposta do (0 votos)

1

Eu tenho um laptop que se conecta ao Wi-Fi para acesso à internet. Este computador está executando o Linux (Fedora), e está atuando como um servidor DHCP para outro computador (ubuntu linaro) que não possui um adaptador wifi. O laptop e o outro computador se conectam através de um cabo cruzado através de suas respectivas portas Ethernet padrão. Então laptop é o servidor DHCP, e outro computador é o cliente DHCP.

Verifiquei que o outro computador está obtendo corretamente um endereço DHCP do laptop. No entanto, ping www.yahoo.com não funciona. Eu também posso ver em /etc/resolv.conf do computador cliente DHCP que as configurações corretas estão lá do servidor DHCP.

Eu não fiz alterações em iptables .

A minha pergunta é, como é que digo ao portátil para passar pedidos de DNS e acesso à Internet do cliente dhcp para a rede wifi? Preciso executar um daemon de DNS também?

[idf@localhost ~]$ cat /proc/sys/net/ipv4/ip_forward 
1

[idf@localhost ~]$

Aqui está a saída de ifconfig -a no laptop (servidor DHCP)

[idf@localhost ~]$ ifconfig -a
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.1  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::28c:faff:feac:2de0  prefixlen 64  scopeid 0x20<link>
        ether 00:8c:fa:ac:2d:e0  txqueuelen 1000  (Ethernet)
        RX packets 899  bytes 123800 (120.8 KiB)
        RX errors 0  dropped 8  overruns 0  frame 0
        TX packets 1338  bytes 131506 (128.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 6557  bytes 1142539 (1.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6557  bytes 1142539 (1.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        inet6 fe80::5054:ff:fe0c:77c4  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:0c:77:c4  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 11  bytes 1174 (1.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0-nic: flags=4098<BROADCAST,MULTICAST>  mtu 1500
        ether 52:54:00:0c:77:c4  txqueuelen 500  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.128.231.168  netmask 255.255.255.128  broadcast 10.128.231.255
        inet6 fe80::2ae3:47ff:febd:bc4a  prefixlen 64  scopeid 0x20<link>
        ether 28:e3:47:bd:bc:4a  txqueuelen 1000  (Ethernet)
        RX packets 10004803  bytes 10357195255 (9.6 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7473957  bytes 1022964388 (975.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[idf@localhost ~]$

Aqui está o meu arquivo dhcpd.conf

[idf@localhost ~]$ more /etc/dhcp/dhcpd.conf 
ddns-update-style interim;                                   # Required for dhcp 3.0+ / Red Hat 8.0+
ignore client-updates;

subnet 192.168.1.0 netmask 255.255.255.0 {

        range 192.168.1.128 192.168.1.254;                   # Range of IP addresses to be issued to DHCP clients
           option subnet-mask              255.255.255.0;    # Default subnet mask to be used by DHCP clients
           option broadcast-address        192.168.1.255;    # Default broadcastaddress to be used by DHCP clients
           option routers                  192.168.1.1;      # Default gateway to be used by DHCP clients
           option domain-name              "synctrading.org";
           option domain-name-servers      192.168.1.1;           # Default DNS to be used by DHCP clients
           option netbios-name-servers     192.168.1.100;    # Specify a WINS server for MS/Windows clients.
                                                             # (Optional. Specify if used on your network)

#         DHCP requests are not forwarded. Applies when there is more than one ethernet device and forwarding is configured.
#       option ipforwarding off;

        default-lease-time 21600;                            # Amount of time in seconds that a client may keep the IP address
        max-lease-time 43200;

        option time-offset              -18000;              # Eastern Standard Time
#       option ntp-servers              192.168.1.1;         # Default NTP server to be used by DHCP clients
#       option netbios-name-servers     192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless you understand Netbios very well
#       option netbios-node-type 2;
}

[idf@localhost ~]$

EDIT 1

Depois de seguir as instruções abaixo (eu mudei os servidores de nomes para o google dns no arquivo dhcpd.conf), eu fiz um sudo tcpdump -i enp1s0 do laptop. Então, do cliente DHCP, eu tentei ping www.yahoo.com e algumas coisas interessantes foram impressas no dump do servidor DHCP. "admin prohibited" é interessante, mas não sei o que isso significa ou como corrigi-lo.

22:46:31.697964 IP 192.168.1.128.42318 > google-public-dns-a.google.com.domain: 15883+ A? www.yahoo.com. (31)
22:46:31.698068 IP localhost.localdomain > 192.168.1.128: ICMP host google-public-dns-a.google.com unreachable - admin prohibited, length 67
22:46:31.698593 IP 192.168.1.128.56805 > alu7750testscr.xyz1.gblx.mgmt.Level3.net.domain: 15883+ A? www.yahoo.com. (31)
22:46:31.698683 IP localhost.localdomain > 192.168.1.128: ICMP host alu7750testscr.xyz1.gblx.mgmt.Level3.net unreachable - admin prohibited, length 67
22:46:31.699123 IP 192.168.1.128.40441 > google-public-dns-a.google.com.domain: 15883+ A? www.yahoo.com. (31)
22:46:31.699180 IP localhost.localdomain > 192.168.1.128: ICMP host google-public-dns-a.google.com unreachable - admin prohibited, length 67
22:46:31.699598 IP 192.168.1.128.60984 > alu7750testscr.xyz1.gblx.mgmt.Level3.net.domain: 15883+ A? www.yahoo.com. (31)
22:46:36.706262 IP 192.168.1.128.46076 > alu7750testscr.xyz1.gblx.mgmt.Level3.net.domain: 5928+ A? www.yahoo.com.synctrading.org. (47)
22:46:36.706356 IP localhost.localdomain > 192.168.1.128: ICMP host alu7750testscr.xyz1.gblx.mgmt.Level3.net unreachable - admin prohibited, length 83
22:46:36.707346 IP 192.168.1.128.ssh > localhost.localdomain.41245: Flags [P.], seq 1661:1729, ack 576, win 330, options [nop,nop,TS val 35236 ecr 4294953343], length 68
22:46:36.707409 IP localhost.localdomain.41245 > 192.168.1.128.ssh: Flags [.], ack 1729, win 277, options [nop,nop,TS val 4294958364 ecr 35236], length 0
22:46:36.707781 IP 192.168.1.128.ssh > localhost.localdomain.41245: Flags [P.], seq 1729:1765, ack 576, win 330, options [nop,nop,TS val 35236 ecr 4294958364], length 36
22:46:36.707823 IP localhost.localdomain.41245 > 192.168.1.128.ssh: Flags [.], ack 1765, win 277, options [nop,nop,TS val 4294958364 ecr 35236], length 0
22:46:36.710622 IP 192.168.1.128.ssh > localhost.localdomain.41245: Flags [P.], seq 1765:1833, ack 576, win 330, options [nop,nop,TS val 35237 ecr 4294958364], length 68
22:46:36.710663 IP localhost.localdomain.41245 > 192.168.1.128.ssh: Flags [.], ack 1833, win 277, options [nop,nop,TS val 4294958367 ecr 35237], length 0
22:46:46.577998 AoE length 46, Ver 1, Flags: [none]

EDIT 2

[idf@localhost ~]$ sudo iptables -L -n
[sudo] password for idf: 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:67
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_direct  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_IN_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_IN_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_OUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_OUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:68
OUTPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination         
FWDI_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
FWDI_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
FWDI_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
FWDI_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
FWDI_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination         
FWDO_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
FWDO_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
FWDO_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
FWDO_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
FWDO_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_direct (1 references)
target     prot opt source               destination         

Chain FWDI_FedoraWorkstation (5 references)
target     prot opt source               destination         
FWDI_FedoraWorkstation_log  all  --  0.0.0.0/0            0.0.0.0/0           
FWDI_FedoraWorkstation_deny  all  --  0.0.0.0/0            0.0.0.0/0           
FWDI_FedoraWorkstation_allow  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FWDI_FedoraWorkstation_allow (1 references)
target     prot opt source               destination         

Chain FWDI_FedoraWorkstation_deny (1 references)
target     prot opt source               destination         

Chain FWDI_FedoraWorkstation_log (1 references)
target     prot opt source               destination         

Chain FWDO_FedoraWorkstation (5 references)
target     prot opt source               destination         
FWDO_FedoraWorkstation_log  all  --  0.0.0.0/0            0.0.0.0/0           
FWDO_FedoraWorkstation_deny  all  --  0.0.0.0/0            0.0.0.0/0           
FWDO_FedoraWorkstation_allow  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FWDO_FedoraWorkstation_allow (1 references)
target     prot opt source               destination         

Chain FWDO_FedoraWorkstation_deny (1 references)
target     prot opt source               destination         

Chain FWDO_FedoraWorkstation_log (1 references)
target     prot opt source               destination         

Chain INPUT_ZONES (1 references)
target     prot opt source               destination         
IN_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
IN_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
IN_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
IN_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
IN_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain INPUT_direct (1 references)
target     prot opt source               destination         

Chain IN_FedoraWorkstation (5 references)
target     prot opt source               destination         
IN_FedoraWorkstation_log  all  --  0.0.0.0/0            0.0.0.0/0           
IN_FedoraWorkstation_deny  all  --  0.0.0.0/0            0.0.0.0/0           
IN_FedoraWorkstation_allow  all  --  0.0.0.0/0            0.0.0.0/0           

Chain IN_FedoraWorkstation_allow (1 references)
target     prot opt source               destination         
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251          udp dpt:5353 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:137 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:138 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpts:1025:65535 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpts:1025:65535 ctstate NEW

Chain IN_FedoraWorkstation_deny (1 references)
target     prot opt source               destination         

Chain IN_FedoraWorkstation_log (1 references)
target     prot opt source               destination         

Chain OUTPUT_direct (1 references)
target     prot opt source               destination         
[idf@localhost ~]$

EDIT 3

[idf@localhost ~]$ sudo iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
PREROUTING_direct  all  --  0.0.0.0/0            0.0.0.0/0           
PREROUTING_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
PREROUTING_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
OUTPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
RETURN     all  --  192.168.122.0/24     224.0.0.0/24        
RETURN     all  --  192.168.122.0/24     255.255.255.255     
MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24    
POSTROUTING_direct  all  --  0.0.0.0/0            0.0.0.0/0           
POSTROUTING_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
POSTROUTING_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
MASQUERADE  all  --  192.168.1.0/24       0.0.0.0/0           

Chain OUTPUT_direct (1 references)
target     prot opt source               destination         

Chain POSTROUTING_ZONES (1 references)
target     prot opt source               destination         
POST_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
POST_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
POST_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
POST_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
POST_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain POSTROUTING_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain POSTROUTING_direct (1 references)
target     prot opt source               destination         

Chain POST_FedoraWorkstation (5 references)
target     prot opt source               destination         
POST_FedoraWorkstation_log  all  --  0.0.0.0/0            0.0.0.0/0           
POST_FedoraWorkstation_deny  all  --  0.0.0.0/0            0.0.0.0/0           
POST_FedoraWorkstation_allow  all  --  0.0.0.0/0            0.0.0.0/0           

Chain POST_FedoraWorkstation_allow (1 references)
target     prot opt source               destination         

Chain POST_FedoraWorkstation_deny (1 references)
target     prot opt source               destination         

Chain POST_FedoraWorkstation_log (1 references)
target     prot opt source               destination         

Chain PREROUTING_ZONES (1 references)
target     prot opt source               destination         
PRE_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
PRE_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
PRE_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
PRE_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
PRE_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain PREROUTING_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain PREROUTING_direct (1 references)
target     prot opt source               destination         

Chain PRE_FedoraWorkstation (5 references)
target     prot opt source               destination         
PRE_FedoraWorkstation_log  all  --  0.0.0.0/0            0.0.0.0/0           
PRE_FedoraWorkstation_deny  all  --  0.0.0.0/0            0.0.0.0/0           
PRE_FedoraWorkstation_allow  all  --  0.0.0.0/0            0.0.0.0/0           

Chain PRE_FedoraWorkstation_allow (1 references)
target     prot opt source               destination         

Chain PRE_FedoraWorkstation_deny (1 references)
target     prot opt source               destination         

Chain PRE_FedoraWorkstation_log (1 references)
target     prot opt source               destination

dns iptables routing linux

por Ivan 30.06.2015 / 02:25

2 respostas

0

Sua configuração DHCP parece bem. Pode ser que você não tenha um resolvedor de DNS em 192.168.1.1 ou não execute o serviço dnsmasq. Que tipo de dispositivo é seu gateway?

por 30.06.2015 / 07:07

Tags dns iptables routing linux

Como obtenho notificações para pastas específicas? Existe algum prejuízo em usar um processador AMD ao lado de uma GPU Nvidia?

score 2 · Accepted Answer

Substituir

domain-name-servers      192.168.1.1;

pelo endereço do servidor de DNS usado pelo laptop ou configure um servidor de cache de DNS no seu laptop. Use comandos como nslookup ou host para testar o acesso do DNS no cliente.

Você precisa ativar o mascaramento no laptop com o iptables:

iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -o <wifi_interface> -j MASQUERADE

Talvez você já tenha alguma configuração do iptables em uso (esse não é o meu ponto strong). Tente definir a política padrão para a tabela nat com

iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT

Note que você sempre pode ver quais pacotes estão passando em uma interface usando

sudo tcpdump -i <name_of_interface>

Se você fizer isso em ambas as interfaces ao mesmo tempo, poderá ver onde um pacote é perdido ou rejeitado pelo laptop.

Você pode ter um serviço que já tenha configurado o iptables, por exemplo firewalld no fedora. É melhor tentar usar sua ferramenta de configuração para fazer alterações. Por exemplo,

firewall-cmd --add-masquerade

mas você também precisa configurar uma zona confiável para sua rede ethernet (desculpe, eu não sei mais nada sobre isso).