Results 1 to 10 of 10
  1. #1
    Member fiji's Avatar
    Join Date
    Jul 2002
    Location
    berlin

    need help with iptables/routing/firewall and other things

    i just received some xtra NIc cards for my server

    so i want to turn it into a router/firewall and dhcp server
    (oh btw i want to put all this on my existing gentoo setup)
    i want to set it up so

    eth0 -- i get the line in from my cable modem

    eth1 -- goes to the switch, all the computers will connect to the switch and will get IP from the dhcp server and route the internet connection through it


    well basically i have no clue where to start

    i know i need to add some modules to my kernel

    but i dont know what software besides that i need, and how to configure it


    --thanks alot
    ---AthlonIIx4 4GBDDR3 NV9800GT---

    running Win7x64

  2. #2
    Senior Member Titan386's Avatar
    Join Date
    Jun 2002
    Check out the following:
    http://tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html
    http://tldp.org/HOWTO/DHCP/index.html

    Using those documents, I was able to get a "router" / DHCP server up and running. Good luck

  3. #3
    Captain Random
    Senior Evil Genius

    Arkaine23's Avatar
    10 Year Badge
    Join Date
    Nov 2001
    Location
    Woodlands, Tx
    Folding Profile Heatware Profile
    Sounds like you want it to run NAT, filter packets, and be a DHCP server.

    That's a nice project to learn networking. I did the same on an openBSD server.
    Folding.for.team.32.as.OC3d!
    i5 3570 @ 4.5 | 8GB | SSD | 5-disk Raid 0 | 660 Ti
    Folding User Stats

  4. #4
    Senior Seti Addict TC's Avatar
    10 Year Badge
    Join Date
    Jan 2001
    Location
    Denver, CO
    I would highly recommend you NOT try to learn on a production box. One silly little mistake with netfilter can leave your a** hanging out in the cyber breeze. I'd recommend you setup a basic machine and load something like Clark Connect Home, or if you want a lot of flexibility get a home license for Astaro Security Linux. Then practice netfilter behind your firewall until you get a grip on it. It's not something you can pick up over night.

  5. #5
    Member moorcito's Avatar
    Join Date
    Sep 2002
    Location
    Chicago, IL
    Another doc you might want to read is the Network Administrator's Guide, NAG. Get it here (tldp.org). That along with the doc Titan posted should give you everything you want to know.

  6. #6
    Member fiji's Avatar
    Join Date
    Jul 2002
    Location
    berlin
    thanks guys, i gotta read over all that


    its quite a read, along with what my english teacher has been giving me (crime and punishment sooo boring )
    ---AthlonIIx4 4GBDDR3 NV9800GT---

    running Win7x64

  7. #7
    Member ookabooka's Avatar
    Join Date
    Sep 2002
    Location
    root@ localhost.localdomain
    check out monmotha's scrips (google it). He has written a lot of scripts that use iptables to set up a firewall. I use it because then I don't need to learn the flags and such for the actual iptables command. If you want to learn how iptables works, don't use it. If you want something "more" user friendly, use his scripts. They are well documented so you u could use them to learn as well. On gentoo you will need to emerge dhcpd and emerge iptables. Then you will have to make sure that your kernel has support for iptables either built in or in a module. Its somewhere in the networking section i thinik :P I run a similar setup here, except I abandoned the dhcp for static addresses, I just never really needed the dhcp. There will be limitations on what you can do with the firewall/router though. Basically, every computer on your private net will look like one giant computer to the outside world, since u only have 1 ip for multiple computers, this can cause problems if you want to run a game server on one of your nodes, or with some p2p software (edonkey2k). IPv6 could change all of this, where each person could be given their own subnet. . . but no one wants to implement it

    Linux motto:
    "Linux-give yourself a hard time "

    Microsoft motto:
    "Windows-You pay us, and give yourself a hard time "

    Obviously Linux > Windows

    From root (/) : mount -t proc proc proc
    "Listen to me boy, I've made a living out of being a failure, and you sir are not a failure!" -Mantis, Disney's A Bugs Life
    One minute he's washing grapes, the next minute he's eating them. . . I guess that's logical.

  8. #8
    Member fiji's Avatar
    Join Date
    Jul 2002
    Location
    berlin
    im a bit confused here

    is iptables just the firewall?

    or is it the NAT program as well?
    ---AthlonIIx4 4GBDDR3 NV9800GT---

    running Win7x64

  9. #9
    Member fiji's Avatar
    Join Date
    Jul 2002
    Location
    berlin
    ok well regardless of my previous post

    i think i have the things more or less set up--- but im wondering

    if eth0, is given a dhcp ip address from my cable modem

    what should i do for my eth1? its what all the other computers are goign to be connected to

    Code:
    
    # /etc/dhcpd.conf
    # (add your comments here)
    default-lease-time 600;
    max-lease-time 7200;
    option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.0.255;
    option routers 192.168.0.254;
    option domain-name-servers 192.168.0.1, 192.168.0.2;
    option domain-name "mydomain.org";
    ddns-update-style ad-hoc;
    
    subnet 192.168.0.0 netmask 255.255.255.0 {
       range 192.168.0.10 192.168.0.100;
       range 192.168.0.150 192.168.0.200;
    }

    http://tldp.org/HOWTO/IP-Masquerade-...FIREWALL-2.4.X

    and the config file for iptables is basically that default one, with just 1 change for the iptables binary location
    ---AthlonIIx4 4GBDDR3 NV9800GT---

    running Win7x64

  10. #10
    Member ookabooka's Avatar
    Join Date
    Sep 2002
    Location
    root@ localhost.localdomain
    iptables is a program that sets up the rules for your nat. the scripts are just an easier way of setting up the commands. IE you type in values for the variables which it then executes a series of iptables commands with those variables. For your local ip, you should use a private up range, like 192.168.1.0/24 or 192.168.0.0/24. Set up your gateway as 192.168.1.1 or 192.168.0.1 for whatever subnet you choose, because *.1 is the default for a gateway, in reality you could use whatever you wanted, so long as it was a prvate ip subnet( otherwise you risk security issues)


    EDIT: /24 means a subnet mask of 255.255.255.0 which means anything outside of 192.168.1.* needs to be routed through a gateway. Internet routers will throw out anything that has a destination of 192.168.1.* as this is a private ip range, and not on the internet. This adds another layer of security to your setup.

    edit #2: based on that config file there, it looks like your gonna use 192.168.0.* as your network subnet, with 192.168.0.1 as your gateway or 192.168.0.2, but i suggest .1 as it is the default for gateways
    Last edited by ookabooka; 01-08-04 at 11:35 PM.

    Linux motto:
    "Linux-give yourself a hard time "

    Microsoft motto:
    "Windows-You pay us, and give yourself a hard time "

    Obviously Linux > Windows

    From root (/) : mount -t proc proc proc
    "Listen to me boy, I've made a living out of being a failure, and you sir are not a failure!" -Mantis, Disney's A Bugs Life
    One minute he's washing grapes, the next minute he's eating them. . . I guess that's logical.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •