Routage NAT à plusieurs sous-réseaux

Interfaces

/etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# DHCP config for ens4
auto ens4
iface ens4 inet dhcp
post-up iptables-restore < /etc/iptables-rules.save

auto ens5
iface ens5 inet static
	address 10.0.0.1
	netmask 255.255.255.0
auto ens6
iface ens6 inet static
	address 10.0.1.1
	netmask 255.255.255.0
auto ens7
iface ens7 inet static
	address 10.0.2.1
	netmask 255.255.255.0

Pare-feu

/etc/iptables-rules.save

# Generated by iptables-save v1.8.9 (nf_tables) on Tue Oct 14 14:25:57 2025
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o ens4 -j MASQUERADE
COMMIT
# Completed on Tue Oct 14 14:25:57 2025

Kea DHCP

/etc/kea/kea-dhcp4.conf

{
  "Dhcp4": {
    "interfaces-config": {
      "interfaces": [
        "ens5",
        "ens6",
        "ens7"
      ]
    },
    "control-socket": {
      "socket-type": "unix",
      "socket-name": "/run/kea/kea4-ctrl-socket"
    },
    "lease-database": {
      // Memfile is the simplest and easiest backend to use. It's an in-memory
      // C++ database that stores its state in CSV file.
      "type": "memfile",
      "lfc-interval": 3600
    },
    "expired-leases-processing": {
      "reclaim-timer-wait-time": 10,
      "flush-reclaimed-timer-wait-time": 25,
      "hold-reclaimed-time": 3600,
      "max-reclaim-leases": 100,
      "max-reclaim-time": 250,
      "unwarned-reclaim-cycles": 5
    },
    "renew-timer": 900,
    "rebind-timer": 1800,
    "valid-lifetime": 3600,
    "option-data": [
      {
        "name": "domain-name-servers",
        "data": "9.9.9.9"
      },
      {
        "code": 15,
        "data": "example.org"
      },
      {
        "name": "domain-search",
        "data": "mydomain.example.com, example.com"
      },
      {
        "name": "boot-file-name",
        "data": "EST5EDT4\\,M3.2.0/02:00\\,M11.1.0/02:00"
      },
      {
        "name": "default-ip-ttl",
        "data": "0xf0"
      }
    ],
    "subnet4": [
      {
        "subnet": "10.0.0.0/24",
        "pools": [
          {
            "pool": "10.0.0.100 - 10.0.0.200"
          }
        ],
        "option-data": [
          {
            // For each IPv4 subnet you most likely need to specify at
            // least one router.
            "name": "routers",
            "data": "10.0.0.1"
          }
        ],
        "reservations": [
        ]
        // You can add more subnets there.
      },
      {
        "subnet": "10.0.1.0/24",
        "pools": [
          {
            "pool": "10.0.1.100 - 10.0.1.200"
          }
        ],
        "option-data": [
          {
            // For each IPv4 subnet you most likely need to specify at
            // least one router.
            "name": "routers",
            "data": "10.0.1.1"
          }
        ],
        "reservations": [
        ]
        // You can add more subnets there.
      },
      {
        "subnet": "10.0.2.0/24",
        "pools": [
          {
            "pool": "10.0.2.100 - 10.0.2.200"
          }
        ],
        "option-data": [
          {
            // For each IPv4 subnet you most likely need to specify at
            // least one router.
            "name": "routers",
            "data": "10.0.2.1"
          }
        ],
        "reservations": [
        ]
        // You can add more subnets there.
      }
    ],
    "loggers": [
      {
        "name": "kea-dhcp4",
        "output_options": [
          {
            "output": "stdout",
            "pattern": "%-5p %m\n"
          }
        ],
        "severity": "INFO",
        "debuglevel": 0
      }
    ]
  }
}