• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

need help with iptables/routing/firewall and other things

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

fiji

Member
Joined
Jul 14, 2002
Location
berlin
i just received some xtra NIc cards for my server

so i want to turn it into a router/firewall and dhcp server
(oh btw i want to put all this on my existing gentoo setup)
i want to set it up so

eth0 -- i get the line in from my cable modem

eth1 -- goes to the switch, all the computers will connect to the switch and will get IP from the dhcp server and route the internet connection through it


well basically i have no clue where to start

i know i need to add some modules to my kernel

but i dont know what software besides that i need, and how to configure it


--thanks alot
 
Sounds like you want it to run NAT, filter packets, and be a DHCP server.

That's a nice project to learn networking. I did the same on an openBSD server.
 
I would highly recommend you NOT try to learn on a production box. One silly little mistake with netfilter can leave your a** hanging out in the cyber breeze. I'd recommend you setup a basic machine and load something like Clark Connect Home, or if you want a lot of flexibility get a home license for Astaro Security Linux. Then practice netfilter behind your firewall until you get a grip on it. It's not something you can pick up over night.
 
Another doc you might want to read is the Network Administrator's Guide, NAG. Get it here (tldp.org). That along with the doc Titan posted should give you everything you want to know.
 
thanks guys, i gotta read over all that


its quite a read, along with what my english teacher has been giving me (crime and punishment :( sooo boring )
 
check out monmotha's scrips (google it). He has written a lot of scripts that use iptables to set up a firewall. I use it because then I don't need to learn the flags and such for the actual iptables command. If you want to learn how iptables works, don't use it. If you want something "more" user friendly, use his scripts. They are well documented so you u could use them to learn as well. On gentoo you will need to emerge dhcpd and emerge iptables. Then you will have to make sure that your kernel has support for iptables either built in or in a module. Its somewhere in the networking section i thinik :p I run a similar setup here, except I abandoned the dhcp for static addresses, I just never really needed the dhcp. There will be limitations on what you can do with the firewall/router though. Basically, every computer on your private net will look like one giant computer to the outside world, since u only have 1 ip for multiple computers, this can cause problems if you want to run a game server on one of your nodes, or with some p2p software (edonkey2k). IPv6 could change all of this, where each person could be given their own subnet. . . but no one wants to implement it :)
 
im a bit confused here

is iptables just the firewall?

or is it the NAT program as well?
 
ok well regardless of my previous post

i think i have the things more or less set up--- but im wondering

if eth0, is given a dhcp ip address from my cable modem

what should i do for my eth1? its what all the other computers are goign to be connected to

Code:
# /etc/dhcpd.conf
# (add your comments here)
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.254;
option domain-name-servers 192.168.0.1, 192.168.0.2;
option domain-name "mydomain.org";
ddns-update-style ad-hoc;

subnet 192.168.0.0 netmask 255.255.255.0 {
   range 192.168.0.10 192.168.0.100;
   range 192.168.0.150 192.168.0.200;
}


http://tldp.org/HOWTO/IP-Masquerade-HOWTO/firewall-examples.html#RC.FIREWALL-2.4.X

and the config file for iptables is basically that default one, with just 1 change for the iptables binary location
 
iptables is a program that sets up the rules for your nat. the scripts are just an easier way of setting up the commands. IE you type in values for the variables which it then executes a series of iptables commands with those variables. For your local ip, you should use a private up range, like 192.168.1.0/24 or 192.168.0.0/24. Set up your gateway as 192.168.1.1 or 192.168.0.1 for whatever subnet you choose, because *.1 is the default for a gateway, in reality you could use whatever you wanted, so long as it was a prvate ip subnet( otherwise you risk security issues)


EDIT: /24 means a subnet mask of 255.255.255.0 which means anything outside of 192.168.1.* needs to be routed through a gateway. Internet routers will throw out anything that has a destination of 192.168.1.* as this is a private ip range, and not on the internet. This adds another layer of security to your setup.

edit #2: based on that config file there, it looks like your gonna use 192.168.0.* as your network subnet, with 192.168.0.1 as your gateway or 192.168.0.2, but i suggest .1 as it is the default for gateways
 
Last edited:
Back