PasserellesNumeriquesCambodia (PNC)
Table of Contents I. Configure DHCP Relay... 3 1. Use client to testing with connection... 4 II. IPTABLES On SUSE... 5 1. Variable and allow client ping... 5 2. Allow Loopback and Client ping to DCHP Server... 6 3. Established and DHCP (Request IP address) with DNS... 6 1. Testing Client get IP across IPTABLES... 7 4. Allow Staff and Student Access FTP server... 8 1. Testing with Staff and students access FTP server... 8 5. Allow Client Remote Server... 10 1. Testing both client Remote Desktop... 10 6. Allow Client Join Domain with AD... 12 1. Testing Client Join Domain... 13
I. Configure DHCP Relay - Now we use Linux SUSE refer to Route to do Relay agent and IPTABLES - First we use SUSE to Relay agent and IPTABLES - Type: yast i dhcp-relay - We type this it will install dhcp-relay automatic. - Type yast lan: to assign IP address all Network Interface Card (NIC) - Assign IP all NIC and select one IP address to connect direct with server For server have to assign Default geteway (192.168.2.254) to connect between DHCP Relay and DHCP server. Ping connection between DHCP server and DHCP Relay
- Type : rcnetwork restart: for restart network service and view Ethernet (eth) Go to edit file (dhcprelay.conf): vim /etc/sysconfig/dhcrelay to add interface card (NIC) - Insert all Ethernet (eth) into this file (dhcrelay file) with IP address DHCP server - Then restart DHCP-Relay Service by: rcdhcrelay restart 1. Use client to testing with connection - Now we use windows XP and assign is Obtain IP or (Dynamic) - This client connect through eth2 (VMnet 3) to broadcast by use both command: Ipconfig /release Ipconfig /renew
- Client Get IP address through DHCP-relay. II. IPTABLES On SUSE 1. Variable and allow client ping - Variable is a syntax that we do it for refer name or Ethernet (eth) in linux - Type: rcnetwork restart: to view of Ethernet (eth) in IPtables - Create one to configure IPTABLES and extension.sh by: touch filename.sh: Ex. touch iptables.sh - We can create any path that we want to create this file - Go on this file to Configure IPtables and with configuration that we want to configure.
- The first, we have to input those syntax in this file for: Variables and Drop all Policy because it is the easy way to allow next time (Drop all and allow which option that we want to allow Command iptables F or X: it syntax Clear cache and option in iptables. 2. Allow Loopback and Client ping to DCHP Server - Command: Allow Loopback it means allow DHCP server ping them self reply (connection) - In this case if we don t to allow client ping to DHCP server we do not type this command because we have dropped Rule above. - Protocol ICMP is a protocol for ping connection between one system or other system. - Allow client who a cross get IP address from DHCP server it will be allow in iptables to DHCP Server. 3. Established and DHCP (Request IP address) with DNS - Ask the step above all Rule have been Dropped, so now we have to allow client to request IP address from DHCP server with Established. Established and Related: is - For DNS Server we have to allow with syntax below: create two options for staff and student.
1. Testing Client get IP across IPTABLES - A client doesn t have IP address so it needs to broadcast and DHCP Relay will receive this broadcast and forward to DHCP server through IPTABLES. - For client: Students =VMnet3 and Staff= VMnet4. - Now we testing with Client (Students) - Testing with DNS server that IPTABLES have been allowed - So now Client (Students) can request DHCP and DNS from DHCP Server across IPTABLES. - Now we testing with Client (Staff) - Staff have to get IP address from DHCP server by IP range: 10.10.2.0 with subnet mask /8 -
- After we Client (Staff) broadcast IP address succeed then nslookup to view DNS server - Nslookup have been succeeding with DNS server that allows from IPTABLES. 4. Allow Staff and Student Access FTP server - We can only time with two interfaces but it not easy to control so we should create two options between Staff and Students. - So now syntax above are options with Staff and Students: if in the next time we want to Drop with students or staff it is easier than create one options. 1. Testing with Staff and students access FTP server - Ask in the step above both clients still use those IP address and access to FTP Students: 172.16.2.0 /16 Staff: 1010.2.254 /8
Now we testing with Staff - Go to Web browser type: ftp://ip server then press Enter - This step Staff and Student can access to FTP with authentication user. NOTE: If we nslookup successes so we can also access FTP by input IP address or domain name - Other w ay Staff also type: ftp://192.168.2.2: IP address of FTP - We have to change IP address to Name (CNAME) is easy to remember with students and staff. - So now client can also access FT P without authentication during logged.
Now we testing with Student - Now we testing with students to access FTP by domain name. - Both client (Student & Staff) accesses to FTP successes by allow from IPTABLES. 5. Allow Client Remote Server - Now we allow client remote to server. - We have to configure two rule one for Students and other one for Staff. - Now we use Remote Desktop with port 3389: port of Remote Desktop. - We can use on input to server and don t from server reply because we have allow Established and Related above. 1. Testing both client Remote Desktop - After we allow rule above, Now we need to testing with client to remote Desktop - The first make sure that Server have been allow to remote
Now we use Students to Remote Desktop - Client (Students) can also remote Desktop according to rule in IPTABLES allow - One more this client have been get IP address from server - Go on Start Manu (in client) select Remote Desktop in Accessories. - Then input IP address Server Press Enter to remote or Connect. - It will be need Password of Server
- Then it will show all information in server ask picture below. - So now we have successful with Remote Desktop across by IPTABLES. Now we use Staff to Remote Desktop - For Client (staff) and Students are the same because we have allowed rule in IPTABLES. - So now let to remote with the same step above. - Now staff and Students successes with Remote Desktop. 6. Allow Client Join Domain with AD - Client can join domain according to rule in IPTABLES allow or not - In IPTABLES we need may port to working with Domain (AD) to join such as:
TCP: 88,135,139,636,1025,1026 UDP: 88,135,445,389,636 - We use with Allow client Join domain. Now I configure two options it easy to change option later NOTE: some IPTABLES it use not the same those port some use less and other use more then it. 1. Testing Client Join Domain a. Now we testing with Student - Make sure that Client (students) successful with nslookup (DNS) and IP address of Range. - Student IP address rang: 172.16.2.20 up - Go to my computer Properties Computer Name Change. - When we join domain it need authentication (User name & Password) of Server. - It will success if correct with authentication user - When we success please restart this computer and then login user in Active Directory (AD). - Go to server to view user in Active Directory in server. - AD in server (Windows) created user (ad.staff and ad.student)
- Now client (ad.student) in Domain (pnc.com) log in with computer name students that have been joined domain.
- Now client (ad.student) has been successful with join domain. b. Testing with staff join domain - We do the same step ask step above, with IP address and DNS for nslookup. - Ask the same step above it need authentication user name and Password - Then restart this system to successful with join domain (AD) by across IPTABLES. - Ask picture below staff successes with join domain in (AD)