|
Introduction
This article has been written for the many people who have been troubled by attempting a routing solution with more capability than your common store bought router. The idea of creating a Linux machine just for the ability of routing is pretty common around the tech world, if you look closer on most your store bought routers, you might notice that they are even based off nix* in some flavor.
Requirements
· Linux flavored distro w/ iptables installed
· 2 Network cards
· DHCP Server installed (Optional)
· DNS Server installed (Optional)
· Beer
Pre-configuration
Before this article can even begin, common checks must be made. As simple as they may be, knowing that the fundamentals are working is a essential. RedHat 9.0 will be used as all examples, most file structures are the same, but may not truly be identical, if you cannot locate a peticular file, search about your nix* distro. Make sure you install with the firewall option disabled.
Assuming you have freshly installed your beautiful new nix*, with dhcp and dns. With a Configured Lan.
From your nix* console, ping a lan machine
If the above did not work, your going to need to read another article 
From your nix* console, ping yahoo.com
If the above worked, then were in great shape and its time to being configuring our little router.
Configuration
· DNS
Use the setup command to enable named to start on boot.
Now that we have the DNS server enabled, just need to start it with service named start.
Now if your router to use your own DNS, you may specify it in /etc/resolv.conf by
name server 127.0.0.1
· DHCP
Use the setup command to enable dhcpd to start on boot.
Edit /etc/sysconfig/dhcpd
Add DHCPARGS=ethX
Where ethX is the eth device number of your LAN NIC.
Default subnet used is 10.0.0.0/255.0.0.0
Edit /etc/dhcpd.conf
ddns-update-style ad-hoc;
option domain-name-servers x.x.x.x;
option routers x.x.x.x;
subnet 10.0.0.0 netmask 255.0.0.0 {
range 10.0.0.0 10.0.0.100;
}
· IP Tables
Now the final setup, the following is a string based on a default install, the following will allow all internal traffic out, but allow no traffic in, by determining from packet state.
First we must enable packet forwarding, edit /etc/sysctl.conf
Add net.ipv4.ip_forward=1
Now to build the table chains.
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP
iptables -A FORWARD -i eth1 -o eth0
iptables -A FORWARD -i eth0 -o eth1
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -i ethX -j ACCEPT
iptables -A INPUT -i ethY -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o ethX -j MASQUERADE
Where:
ethX = LAN NIC
ethY = WAN NIC
Conclusion
I hope this article has been help to you viewers. The above article is just a simple router setup, with no dmz no virtual hosts. Complex configurations are highly reconmended for advanced users only.
Written by: Curtis Hacker
http://www.linuxquestions.org/questions/answers/23
|
