Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Making a Gentoo gateway box
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
jtmace
Tux's lil' helper
Tux's lil' helper


Joined: 20 Jun 2002
Posts: 101

PostPosted: Sun Jun 30, 2002 10:56 pm    Post subject: Making a Gentoo gateway box Reply with quote

I have a gentoo box i am trying to make a gateway machine for the local computers to be able to access the internet through it.

I have read the howtos and even bought a book on linux firewalls with iptables, but i can get this darn thing up for nothing.. I know its on the server side (my client machines are properly configured).

Can anyone give me a quick and dirty overview of the setup. I'm not worried bout security or any advanced iptables funtions right now i just want to get ti up and running so clients will quit complaining

Can anyone please help??

Thanks
jtmace
Back to top
View user's profile Send private message
delta407
Bodhisattva
Bodhisattva


Joined: 23 Apr 2002
Posts: 2876
Location: Chicago, IL

PostPosted: Sun Jun 30, 2002 11:13 pm    Post subject: Reply with quote

Do you have a 'real' IP block? Do you want a router with packet filters? Would it be easier to use an HTTP proxy?

jtmace wrote:
Can anyone give me a quick and dirty overview of the setup.

First, you have to give us a quick and dirty overview of your setup.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20521

PostPosted: Mon Jul 01, 2002 3:32 am    Post subject: Reply with quote

I've been toying with this idea. Haven't done much research yet (mainly cause the machine isn't
operational right now). Would be a P90 with small HD (or 2) and non bootable CD drive. It would
replace or assist my Linksys router (Firewall/dhcp server maybe other related functions, not sure
what else to include.). Was thinking about making a CD/bootdisk to install from, or do it via
network. Not sure which would be easier. In any case, I would want to compile stuff on my faster
machine. So, questions (opinions & recomendations wanted):

1) Install via network (from my main machine, not internet) or via CD containing all or most
necessary files?
2) Is it a viable option to mv all binaries of what I've already compiled. Change my CFLAGS to
work with a P90 and recompile for the P90. Then, return CFLAGS and original binaries to normal?

Hope that is clear enough. Also, I hope this is related enough to what jtmace was asking about.
Not trying to steal your thread.
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
delta407
Bodhisattva
Bodhisattva


Joined: 23 Apr 2002
Posts: 2876
Location: Chicago, IL

PostPosted: Mon Jul 01, 2002 4:01 am    Post subject: Reply with quote

Read my thing in this thread to get an idea of what I did to build my system on a faster box and move it onto a slower one, but yeah, Gentoo works fine as a gateway. (Experience, here... hee hee ;).)
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20521

PostPosted: Mon Jul 01, 2002 4:06 am    Post subject: Reply with quote

delta407 wrote:
Read my thing in this thread to get an idea of what I did to build my system on a faster box and move it onto a slower one, but yeah, Gentoo works fine as a gateway. (Experience, here... hee hee ;).)

Thanks... bookmarked... will check it out.
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
pmj
n00b
n00b


Joined: 06 Jun 2002
Posts: 27
Location: Newfoundland, Canada

PostPosted: Mon Jul 01, 2002 2:50 pm    Post subject: Reply with quote

/sbin/iptables -t filter -A FORWARD -i eth1 -o eth0 -s 192.168.0.0/24 -d ! 192.168.0.0/24 -j ACCEPT
/sbin/iptables -t filter -A FORWARD -i eth0 -o eth1 -s ! 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
/sbin/iptables -t filter -A FORWARD -j DROP
/sbin/iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -d ! 192.168.0.0/24 -j SNAT --to-source your.gateway.ip.address
echo 1 >/proc/sys/net/ipv4/ip_forward

change your.gateway.ip.address to whatever your ip addy is for the outside world, and that should work. [I can't remember where I found this, but I've been using it for ages, and has always worked for me!]

hope that helps, cheers.
_________________
pmj / [a]orange
Back to top
View user's profile Send private message
hamletmun
Tux's lil' helper
Tux's lil' helper


Joined: 13 Jun 2002
Posts: 111
Location: Buenos Aires, Argentina

PostPosted: Sat Jul 06, 2002 7:32 pm    Post subject: HOWTO - Make your Internet Connection Sharing to work Reply with quote

HOWTO - Make your Internet Connection Sharing to work

From ISP to GENTOO - (eth0:DHCP or STATIC IP)
From GENTOO to WINDOWS - (eth1:192.168.0.1)

1.
insmod your.nic.module (i.e. "insmod 3c59x") for both nics if differ

2.
if your ISP uses DHCP, "dhcpcd eth0"
if static, "ifconfig eth0 your.static.ip netmask 255.255.255.0 gateway your.isp.gateway"



Now is time to configure the connection sharing
this is just for kenels greater than 2.4.x with iptables

1.
insmod iptables_nat

2.
echo 1 >/proc/sys/net/ipv4/ip_forward

3.
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
(if your linux uses eth0 to connect your isp)

4.
In the Windows Machine:

192.168.0.1 in the gateway
numbers from your /etc/resolv.conf in DNS server
Back to top
View user's profile Send private message
jtmace
Tux's lil' helper
Tux's lil' helper


Joined: 20 Jun 2002
Posts: 101

PostPosted: Tue Jul 30, 2002 2:51 pm    Post subject: thx Reply with quote

thanks for all the help people.. i havent tried it yet, but that was exactly what i needed.. I scoured the internet for days if not weeks looking for just a quick and dirty setup of a gateway and never could find anything that would take a rocket scientist to figure out..

once again thanks
_________________
er..
Back to top
View user's profile Send private message
fmalabre
Guru
Guru


Joined: 19 Jun 2002
Posts: 376
Location: Chicago

PostPosted: Tue Jul 30, 2002 3:58 pm    Post subject: Reply with quote

I use pointclark for my gateway.
www.pointclark.net (i think...)
Back to top
View user's profile Send private message
WarMachine
Apprentice
Apprentice


Joined: 15 Jul 2002
Posts: 181

PostPosted: Tue Jul 30, 2002 11:47 pm    Post subject: Reply with quote

I'm on the same project

here's the 'quick and dirty' description of my setup:
Gentoo 2.4.18 kernel machine as gateway, 2 NIC's; 1 to get the PPPoE connection from the ADSL, one to put it out to a 4-8 ethernet port hub or switch (not yet decided which exactly). Behind this will be 2 XP machines (definitely) possibly 1 or 2 more, but they would also be on the NT kernel (no 9x in this house! ;) ) I'd like to keep XP's networking crap out of the way (ie. accept what the linux box gives it). I'd also like to set off 2 IP's to be assigned to the MAC addresses of each of the cards in the XP machine, and have any 'unlisted' MAC address start on a certain IP (probably 192.168.0.5)

I hope this isn't a dream :\

I'd be willing to help you along your project with whatever I can, I've already collected a nice number of good links for documentation, which I'll give to you if you want.
Back to top
View user's profile Send private message
fmalabre
Guru
Guru


Joined: 19 Jun 2002
Posts: 376
Location: Chicago

PostPosted: Wed Jul 31, 2002 1:49 am    Post subject: Reply with quote

This is not a dream. It's the configuration I have at home now, except I don't have gentoo on my gateway because I use another distrib which offer me a free dynamic name. So, from the outside, I talk to my box with its name instead of an IP which keep changing when the connection changes anyway.
I have several clients, Gentoo, WinXP, Win2000.
It's completly transparent for the clients. All kind of software, chat, messenger, streaming, ... And everything is protected behind the gateway firewall.
By the way, when you do that, don't forget to disable telnet on your gateway in favor of ssh. As soon as you are plugged on the internet, use only known secure protocols.

Good luck for your project man!
Fred.
Back to top
View user's profile Send private message
insomniac
Tux's lil' helper
Tux's lil' helper


Joined: 25 Jul 2002
Posts: 132
Location: Lund, Sweden

PostPosted: Wed Jul 31, 2002 11:49 am    Post subject: Reply with quote

fmalabre wrote:
This is not a dream. It's the configuration I have at home now, except I don't have gentoo on my gateway because I use another distrib which offer me a free dynamic name.
(snip)
Fred.


Hmm.. sounds interesting - which distro is that (not that it isn't possible to do this with gentoo, but... ;-))
_________________
My next computer is also a Gentoo computer
Back to top
View user's profile Send private message
rizzo
Retired Dev
Retired Dev


Joined: 30 Apr 2002
Posts: 1067
Location: Manitowoc, WI, USA

PostPosted: Wed Jul 31, 2002 1:45 pm    Post subject: Reply with quote

fmalabre wrote:
I don't have gentoo on my gateway because I use another distrib which offer me a free dynamic name


I don't see what a distribution has to do with dynamic naming. It's all about Dynamic DNS. I use http://zoneedit.com for my DNS. My gateway (redhat at the moment, gentoo when I get around to it) is on DSL, dynamic IP. When it gets a new IP it registeres with zoneedit, which drops the TTL to 300 and updates the DNS record. I keep using my regular domain name as usual. Doesn't matter if I'm using any particular distro of any particular OS.

Regarding the client machines: It really doesn't matter what OS you have on the machines behind the lan, assuming they support normal TCP/IP, which pretty much everything and anything does. I have Win2000, RedHat 7.2, and Gentoo 1.2 boxen on my LAN, btw.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum