Notices

Overclockers Forums > Software > Alternative Operating Systems
Alternative Operating Systems Linux, Mac, Unix Operating Systems and Applications
Forum Jump

need help with iptables/routing/firewall and other things

Post Reply New Thread Subscribe Search this Thread
 
 
Thread Tools
Old 01-06-04, 03:52 PM Thread Starter   #1
fiji
Member

 
fiji's Avatar 

Join Date: Jul 2002
Location: berlin

 
need help with iptables/routing/firewall and other things


i just received some xtra NIc cards for my server

so i want to turn it into a router/firewall and dhcp server
(oh btw i want to put all this on my existing gentoo setup)
i want to set it up so

eth0 -- i get the line in from my cable modem

eth1 -- goes to the switch, all the computers will connect to the switch and will get IP from the dhcp server and route the internet connection through it


well basically i have no clue where to start

i know i need to add some modules to my kernel

but i dont know what software besides that i need, and how to configure it


--thanks alot

__________________
---AthlonIIx4 4GBDDR3 NV9800GT---

running Win7x64
fiji is offline   QUOTE Thanks
Old 01-06-04, 04:05 PM   #2
Titan386
Senior Member

 
Titan386's Avatar 

Join Date: Jun 2002

 
Check out the following:
http://tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html
http://tldp.org/HOWTO/DHCP/index.html

Using those documents, I was able to get a "router" / DHCP server up and running. Good luck
Titan386 is offline   QUOTE Thanks
Old 01-06-04, 04:13 PM   #3
Arkaine23
Captain Random
Senior Evil Genius


 
Arkaine23's Avatar 

Join Date: Nov 2001
Location: Woodlands, Tx

10 Year Badge
 
Sounds like you want it to run NAT, filter packets, and be a DHCP server.

That's a nice project to learn networking. I did the same on an openBSD server.

__________________
Folding.for.team.32.as.OC3d!
i5 3570 @ 4.5 | 8GB | SSD | 5-disk Raid 0 | 660 Ti
Folding User Stats
Arkaine23 is offline Folding Profile Heatware Profile   QUOTE Thanks
Old 01-06-04, 04:51 PM   #4
TC
Senior Seti Addict

 
TC's Avatar 

Join Date: Jan 2001
Location: Denver, CO

10 Year Badge
 
I would highly recommend you NOT try to learn on a production box. One silly little mistake with netfilter can leave your a** hanging out in the cyber breeze. I'd recommend you setup a basic machine and load something like Clark Connect Home, or if you want a lot of flexibility get a home license for Astaro Security Linux. Then practice netfilter behind your firewall until you get a grip on it. It's not something you can pick up over night.

__________________
My Heatware
TC is offline   QUOTE Thanks
Old 01-07-04, 09:54 AM   #5
moorcito
Member

 
moorcito's Avatar 

Join Date: Sep 2002
Location: Chicago, IL

 
Another doc you might want to read is the Network Administrator's Guide, NAG. Get it here (tldp.org). That along with the doc Titan posted should give you everything you want to know.
moorcito is offline   QUOTE Thanks
Old 01-07-04, 04:41 PM Thread Starter   #6
fiji
Member

 
fiji's Avatar 

Join Date: Jul 2002
Location: berlin

 
thanks guys, i gotta read over all that


its quite a read, along with what my english teacher has been giving me (crime and punishment sooo boring )

__________________
---AthlonIIx4 4GBDDR3 NV9800GT---

running Win7x64
fiji is offline   QUOTE Thanks
Old 01-07-04, 11:04 PM   #7
ookabooka
Member

 
ookabooka's Avatar 

Join Date: Sep 2002
Location: root@ localhost.localdomain

 
check out monmotha's scrips (google it). He has written a lot of scripts that use iptables to set up a firewall. I use it because then I don't need to learn the flags and such for the actual iptables command. If you want to learn how iptables works, don't use it. If you want something "more" user friendly, use his scripts. They are well documented so you u could use them to learn as well. On gentoo you will need to emerge dhcpd and emerge iptables. Then you will have to make sure that your kernel has support for iptables either built in or in a module. Its somewhere in the networking section i thinik :P I run a similar setup here, except I abandoned the dhcp for static addresses, I just never really needed the dhcp. There will be limitations on what you can do with the firewall/router though. Basically, every computer on your private net will look like one giant computer to the outside world, since u only have 1 ip for multiple computers, this can cause problems if you want to run a game server on one of your nodes, or with some p2p software (edonkey2k). IPv6 could change all of this, where each person could be given their own subnet. . . but no one wants to implement it

__________________

Linux motto:
"Linux-give yourself a hard time "

Microsoft motto:
"Windows-You pay us, and give yourself a hard time "

Obviously Linux > Windows

From root (/) : mount -t proc proc proc
"Listen to me boy, I've made a living out of being a failure, and you sir are not a failure!" -Mantis, Disney's A Bugs Life
One minute he's washing grapes, the next minute he's eating them. . . I guess that's logical.
ookabooka is offline   QUOTE Thanks
Old 01-08-04, 02:13 PM Thread Starter   #8
fiji
Member

 
fiji's Avatar 

Join Date: Jul 2002
Location: berlin

 
im a bit confused here

is iptables just the firewall?

or is it the NAT program as well?

__________________
---AthlonIIx4 4GBDDR3 NV9800GT---

running Win7x64
fiji is offline   QUOTE Thanks
Old 01-08-04, 06:36 PM Thread Starter   #9
fiji
Member

 
fiji's Avatar 

Join Date: Jul 2002
Location: berlin

 
ok well regardless of my previous post

i think i have the things more or less set up--- but im wondering

if eth0, is given a dhcp ip address from my cable modem

what should i do for my eth1? its what all the other computers are goign to be connected to

Code:

# /etc/dhcpd.conf
# (add your comments here)
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.254;
option domain-name-servers 192.168.0.1, 192.168.0.2;
option domain-name "mydomain.org";
ddns-update-style ad-hoc;

subnet 192.168.0.0 netmask 255.255.255.0 {
   range 192.168.0.10 192.168.0.100;
   range 192.168.0.150 192.168.0.200;
}

http://tldp.org/HOWTO/IP-Masquerade-...FIREWALL-2.4.X

and the config file for iptables is basically that default one, with just 1 change for the iptables binary location

__________________
---AthlonIIx4 4GBDDR3 NV9800GT---

running Win7x64
fiji is offline   QUOTE Thanks
Old 01-08-04, 11:29 PM   #10
ookabooka
Member

 
ookabooka's Avatar 

Join Date: Sep 2002
Location: root@ localhost.localdomain

 
iptables is a program that sets up the rules for your nat. the scripts are just an easier way of setting up the commands. IE you type in values for the variables which it then executes a series of iptables commands with those variables. For your local ip, you should use a private up range, like 192.168.1.0/24 or 192.168.0.0/24. Set up your gateway as 192.168.1.1 or 192.168.0.1 for whatever subnet you choose, because *.1 is the default for a gateway, in reality you could use whatever you wanted, so long as it was a prvate ip subnet( otherwise you risk security issues)


EDIT: /24 means a subnet mask of 255.255.255.0 which means anything outside of 192.168.1.* needs to be routed through a gateway. Internet routers will throw out anything that has a destination of 192.168.1.* as this is a private ip range, and not on the internet. This adds another layer of security to your setup.

edit #2: based on that config file there, it looks like your gonna use 192.168.0.* as your network subnet, with 192.168.0.1 as your gateway or 192.168.0.2, but i suggest .1 as it is the default for gateways

__________________

Linux motto:
"Linux-give yourself a hard time "

Microsoft motto:
"Windows-You pay us, and give yourself a hard time "

Obviously Linux > Windows

From root (/) : mount -t proc proc proc
"Listen to me boy, I've made a living out of being a failure, and you sir are not a failure!" -Mantis, Disney's A Bugs Life
One minute he's washing grapes, the next minute he's eating them. . . I guess that's logical.

Last edited by ookabooka; 01-08-04 at 11:35 PM.
ookabooka is offline   QUOTE Thanks

Post Reply New Thread Subscribe


Overclockers Forums > Software > Alternative Operating Systems
Alternative Operating Systems Linux, Mac, Unix Operating Systems and Applications
Forum Jump

Thread Tools Search this Thread
Search this Thread:

Advanced Search


Mobile Skin
All times are GMT -5. The time now is 10:43 PM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
You can add these icons by updating your profile information to include your Heatware ID, Benching Profile ID or your Folding/SETI profile ID. Edit your profile!
X

Welcome to Overclockers.com

Create your username to jump into the discussion!

New members like you have made this the best community on the Internet since 1998!


(4 digit year)

Why Join Us?

  • Share experience
  • Max out your hardware
  • Best forum members anywhere
  • Customized forum experience

Already a member?