Linux Router HOWTO

Linux Router HOWTO

offline
  • Pridružio: 20 Apr 2003
  • Poruke: 2416
  • Gde živiš: NS

Introduction

This article has been written for the many people who have been troubled by attempting a routing solution with more capability than your common store bought router. The idea of creating a Linux machine just for the ability of routing is pretty common around the tech world, if you look closer on most your store bought routers, you might notice that they are even based off nix* in some flavor.

Requirements

· Linux flavored distro w/ iptables installed
· 2 Network cards
· DHCP Server installed (Optional)
· DNS Server installed (Optional)
· Beer

Pre-configuration

Before this article can even begin, common checks must be made. As simple as they may be, knowing that the fundamentals are working is a essential. RedHat 9.0 will be used as all examples, most file structures are the same, but may not truly be identical, if you cannot locate a peticular file, search about your nix* distro. Make sure you install with the firewall option disabled.

Assuming you have freshly installed your beautiful new nix*, with dhcp and dns. With a Configured Lan.

From your nix* console, ping a lan machine
If the above did not work, your going to need to read another article Wink
From your nix* console, ping yahoo.com

If the above worked, then were in great shape and its time to being configuring our little router.

Configuration

· DNS
Use the setup command to enable named to start on boot.
Now that we have the DNS server enabled, just need to start it with service named start.
Now if your router to use your own DNS, you may specify it in /etc/resolv.conf by
name server 127.0.0.1

· DHCP
Use the setup command to enable dhcpd to start on boot.

Edit /etc/sysconfig/dhcpd

Add DHCPARGS=ethX

Where ethX is the eth device number of your LAN NIC.
Default subnet used is 10.0.0.0/255.0.0.0

Edit /etc/dhcpd.conf

ddns-update-style ad-hoc;
option domain-name-servers x.x.x.x;
option routers x.x.x.x;
subnet 10.0.0.0 netmask 255.0.0.0 {
range 10.0.0.0 10.0.0.100;
}

· IP Tables
Now the final setup, the following is a string based on a default install, the following will allow all internal traffic out, but allow no traffic in, by determining from packet state.

First we must enable packet forwarding, edit /etc/sysctl.conf
Add net.ipv4.ip_forward=1

Now to build the table chains.

iptables -A INPUT -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP

iptables -A FORWARD -i eth1 -o eth0
iptables -A FORWARD -i eth0 -o eth1

iptables -P INPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -i ethX -j ACCEPT
iptables -A INPUT -i ethY -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o ethX -j MASQUERADE

Where:
ethX = LAN NIC
ethY = WAN NIC

Conclusion

I hope this article has been help to you viewers. The above article is just a simple router setup, with no dmz no virtual hosts. Complex configurations are highly reconmended for advanced users only.
Written by: Curtis Hacker

http://www.linuxquestions.org/questions/answers/23



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
offline
  • Data Center Engineer
  • Pridružio: 13 Avg 2004
  • Poruke: 3050
  • Gde živiš: Holandija

Fino ovo, samo sto tu posle ima namestanja oko firewall-a da ne propusta svo moguce djubre...u svakom slucaju hvala, bas cu ovim morati da se poigram sutra Wink



Ko je trenutno na forumu
 

Ukupno su 1038 korisnika na forumu :: 22 registrovanih, 5 sakrivenih i 1011 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Arsenije, darkangel, dragoljub11987, dzoni19, Georgius, GORDI, Kubovac, lord sir giga, mikrimaus, milimoj, MiroslavD, Nemanja.M, opt1, pedjolino76, Snorks, sol, Svileni, uruk, vobo, voja64, vukovi, wizzardone