View previous topic :: View next topic |
Author |
Message |
jtmace Tux's lil' helper
Joined: 20 Jun 2002 Posts: 101
|
Posted: Sun Jun 30, 2002 10:56 pm Post subject: Making a Gentoo gateway box |
|
|
I have a gentoo box i am trying to make a gateway machine for the local computers to be able to access the internet through it.
I have read the howtos and even bought a book on linux firewalls with iptables, but i can get this darn thing up for nothing.. I know its on the server side (my client machines are properly configured).
Can anyone give me a quick and dirty overview of the setup. I'm not worried bout security or any advanced iptables funtions right now i just want to get ti up and running so clients will quit complaining
Can anyone please help??
Thanks
jtmace |
|
Back to top |
|
|
delta407 Bodhisattva
Joined: 23 Apr 2002 Posts: 2876 Location: Chicago, IL
|
Posted: Sun Jun 30, 2002 11:13 pm Post subject: |
|
|
Do you have a 'real' IP block? Do you want a router with packet filters? Would it be easier to use an HTTP proxy?
jtmace wrote: | Can anyone give me a quick and dirty overview of the setup. |
First, you have to give us a quick and dirty overview of your setup. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20521
|
Posted: Mon Jul 01, 2002 3:32 am Post subject: |
|
|
I've been toying with this idea. Haven't done much research yet (mainly cause the machine isn't
operational right now). Would be a P90 with small HD (or 2) and non bootable CD drive. It would
replace or assist my Linksys router (Firewall/dhcp server maybe other related functions, not sure
what else to include.). Was thinking about making a CD/bootdisk to install from, or do it via
network. Not sure which would be easier. In any case, I would want to compile stuff on my faster
machine. So, questions (opinions & recomendations wanted):
1) Install via network (from my main machine, not internet) or via CD containing all or most
necessary files?
2) Is it a viable option to mv all binaries of what I've already compiled. Change my CFLAGS to
work with a P90 and recompile for the P90. Then, return CFLAGS and original binaries to normal?
Hope that is clear enough. Also, I hope this is related enough to what jtmace was asking about.
Not trying to steal your thread. _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
delta407 Bodhisattva
Joined: 23 Apr 2002 Posts: 2876 Location: Chicago, IL
|
Posted: Mon Jul 01, 2002 4:01 am Post subject: |
|
|
Read my thing in this thread to get an idea of what I did to build my system on a faster box and move it onto a slower one, but yeah, Gentoo works fine as a gateway. (Experience, here... hee hee .) |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20521
|
Posted: Mon Jul 01, 2002 4:06 am Post subject: |
|
|
delta407 wrote: | Read my thing in this thread to get an idea of what I did to build my system on a faster box and move it onto a slower one, but yeah, Gentoo works fine as a gateway. (Experience, here... hee hee .) |
Thanks... bookmarked... will check it out. _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
pmj n00b
Joined: 06 Jun 2002 Posts: 27 Location: Newfoundland, Canada
|
Posted: Mon Jul 01, 2002 2:50 pm Post subject: |
|
|
/sbin/iptables -t filter -A FORWARD -i eth1 -o eth0 -s 192.168.0.0/24 -d ! 192.168.0.0/24 -j ACCEPT
/sbin/iptables -t filter -A FORWARD -i eth0 -o eth1 -s ! 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
/sbin/iptables -t filter -A FORWARD -j DROP
/sbin/iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -d ! 192.168.0.0/24 -j SNAT --to-source your.gateway.ip.address
echo 1 >/proc/sys/net/ipv4/ip_forward
change your.gateway.ip.address to whatever your ip addy is for the outside world, and that should work. [I can't remember where I found this, but I've been using it for ages, and has always worked for me!]
hope that helps, cheers. _________________ pmj / [a]orange |
|
Back to top |
|
|
hamletmun Tux's lil' helper
Joined: 13 Jun 2002 Posts: 111 Location: Buenos Aires, Argentina
|
Posted: Sat Jul 06, 2002 7:32 pm Post subject: HOWTO - Make your Internet Connection Sharing to work |
|
|
HOWTO - Make your Internet Connection Sharing to work
From ISP to GENTOO - (eth0:DHCP or STATIC IP)
From GENTOO to WINDOWS - (eth1:192.168.0.1)
1.
insmod your.nic.module (i.e. "insmod 3c59x") for both nics if differ
2.
if your ISP uses DHCP, "dhcpcd eth0"
if static, "ifconfig eth0 your.static.ip netmask 255.255.255.0 gateway your.isp.gateway"
Now is time to configure the connection sharing
this is just for kenels greater than 2.4.x with iptables
1.
insmod iptables_nat
2.
echo 1 >/proc/sys/net/ipv4/ip_forward
3.
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
(if your linux uses eth0 to connect your isp)
4.
In the Windows Machine:
192.168.0.1 in the gateway
numbers from your /etc/resolv.conf in DNS server |
|
Back to top |
|
|
jtmace Tux's lil' helper
Joined: 20 Jun 2002 Posts: 101
|
Posted: Tue Jul 30, 2002 2:51 pm Post subject: thx |
|
|
thanks for all the help people.. i havent tried it yet, but that was exactly what i needed.. I scoured the internet for days if not weeks looking for just a quick and dirty setup of a gateway and never could find anything that would take a rocket scientist to figure out..
once again thanks _________________ er.. |
|
Back to top |
|
|
fmalabre Guru
Joined: 19 Jun 2002 Posts: 376 Location: Chicago
|
Posted: Tue Jul 30, 2002 3:58 pm Post subject: |
|
|
I use pointclark for my gateway.
www.pointclark.net (i think...) |
|
Back to top |
|
|
WarMachine Apprentice
Joined: 15 Jul 2002 Posts: 181
|
Posted: Tue Jul 30, 2002 11:47 pm Post subject: |
|
|
I'm on the same project
here's the 'quick and dirty' description of my setup:
Gentoo 2.4.18 kernel machine as gateway, 2 NIC's; 1 to get the PPPoE connection from the ADSL, one to put it out to a 4-8 ethernet port hub or switch (not yet decided which exactly). Behind this will be 2 XP machines (definitely) possibly 1 or 2 more, but they would also be on the NT kernel (no 9x in this house! ) I'd like to keep XP's networking crap out of the way (ie. accept what the linux box gives it). I'd also like to set off 2 IP's to be assigned to the MAC addresses of each of the cards in the XP machine, and have any 'unlisted' MAC address start on a certain IP (probably 192.168.0.5)
I hope this isn't a dream :\
I'd be willing to help you along your project with whatever I can, I've already collected a nice number of good links for documentation, which I'll give to you if you want. |
|
Back to top |
|
|
fmalabre Guru
Joined: 19 Jun 2002 Posts: 376 Location: Chicago
|
Posted: Wed Jul 31, 2002 1:49 am Post subject: |
|
|
This is not a dream. It's the configuration I have at home now, except I don't have gentoo on my gateway because I use another distrib which offer me a free dynamic name. So, from the outside, I talk to my box with its name instead of an IP which keep changing when the connection changes anyway.
I have several clients, Gentoo, WinXP, Win2000.
It's completly transparent for the clients. All kind of software, chat, messenger, streaming, ... And everything is protected behind the gateway firewall.
By the way, when you do that, don't forget to disable telnet on your gateway in favor of ssh. As soon as you are plugged on the internet, use only known secure protocols.
Good luck for your project man!
Fred. |
|
Back to top |
|
|
insomniac Tux's lil' helper
Joined: 25 Jul 2002 Posts: 132 Location: Lund, Sweden
|
Posted: Wed Jul 31, 2002 11:49 am Post subject: |
|
|
fmalabre wrote: | This is not a dream. It's the configuration I have at home now, except I don't have gentoo on my gateway because I use another distrib which offer me a free dynamic name.
(snip)
Fred. |
Hmm.. sounds interesting - which distro is that (not that it isn't possible to do this with gentoo, but... ;-)) _________________ My next computer is also a Gentoo computer |
|
Back to top |
|
|
rizzo Retired Dev
Joined: 30 Apr 2002 Posts: 1067 Location: Manitowoc, WI, USA
|
Posted: Wed Jul 31, 2002 1:45 pm Post subject: |
|
|
fmalabre wrote: | I don't have gentoo on my gateway because I use another distrib which offer me a free dynamic name |
I don't see what a distribution has to do with dynamic naming. It's all about Dynamic DNS. I use http://zoneedit.com for my DNS. My gateway (redhat at the moment, gentoo when I get around to it) is on DSL, dynamic IP. When it gets a new IP it registeres with zoneedit, which drops the TTL to 300 and updates the DNS record. I keep using my regular domain name as usual. Doesn't matter if I'm using any particular distro of any particular OS.
Regarding the client machines: It really doesn't matter what OS you have on the machines behind the lan, assuming they support normal TCP/IP, which pretty much everything and anything does. I have Win2000, RedHat 7.2, and Gentoo 1.2 boxen on my LAN, btw. |
|
Back to top |
|
|
|