using linux as internet gateway

http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html

Example 1: Linux connected via PPP

This example uses a Linux computer connected to the internet using a dial-up line and modem (PPP). The Linux gateway is connected to the internal network using an ethernet card. The internal network consists of Windows PC's.

The Linux box must be configured for the private internal network and PPP for the dial-up connection. See the PPP tutorial to configure the dial-up connection. Use the ifconfig command to configure the private network. i.e. (as root)

   /sbin/ifconfig eth1 192.168.10.101 netmask 255.255.255.0 broadcast 192.168.10.255

This is often configured during install or can be configured using the Gnome tool neat (or the admin tool Linuxconf or netcfg for older Red Hat systems). System changes made with the ifconfig or route commands are NOT permanent and are lost upon system reboot. Permanent settings are held in configuration scripts executed during system boot. (i.e. /etc/sysconfig/...) See the YoLinux Networking tutorial for more information on assigning network addresses.

Run one of the following scripts on the Linux gateway computer:

iptables:

01 iptables --flush                         # Flush all the rules in filter and nat tables 02 iptables --table nat --flush 03 iptables --delete-chain                  # Delete all chains that are not in default filter and nat table 04 iptables --table nat --delete-chain 05   06 # Set up IP FORWARDing and Masquerading 07 iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE 08 iptables --append FORWARD --in-interface eth0 -j ACCEPT         # Assuming one NIC to local LAN 09   10 echo 1 > /proc/sys/net/ipv4/ip_forward    # Enables packet forwarding by kernel

ipchains:

1 #!/bin/sh 2 ipchains -F forward                                # Flush all previous rules and settings 3 ipchains -P forward DENY                           # Default set to deny packet forwarding 4 ipchains -A forward -s 192.168.10.0/24 -j MASQ     # Use IP address of gateway for private network 5 ipchains -A forward -i ppp0 -j MASQ                # Sets up external internet connection 6 echo 1 > /proc/sys/net/ipv4/ip_forward             # Enables packet forwarding by kernel

A PPP connection as described by the YoLinux PPP tutorial will create the PPP network connection as the default route.

---

Example 2: Linux connected via DSL, Cable, T1

High speed connections to the internet result in an ethernet connection to the gateway. Thus the gateway is required to possess two ethernet Network Interface Cards (NICs), one for the connection to the private internal network and another to the public internet. The ethernet cards are named eth and are numbered uniquely from 0 upward.

Use the ifconfig command to configure both network interfaces.

1 /sbin/ifconfig eth0 XXX.XXX.XXX.XXX netmask 255.255.255.0 broadcast XXX.XXX.XXX.255  # Internet 2 /sbin/ifconfig eth1 192.168.10.101 netmask 255.255.255.0 broadcast 192.168.10.255    # Private LAN

Also see notes on adding a second NIC.

This is often configured during install or can be configured using the Gnome tool neat (or the admin tool Linuxconf or netcfg for older Red Hat systems). System changes made with the ifconfig or route commands are NOT permanent and are lost upon system reboot. Permanent settings are held in configuration scripts executed during system boot. (i.e. /etc/sysconfig/...) See the YoLinux Networking tutorial for more information on assigning network addresses.

Run the appropriate script on the linux computer where eth0 is connected to the internet and eth1 is connected to a private LAN:

iptables:

01 # Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated. 02 iptables --flush            # Flush all the rules in filter and nat tables 03 iptables --table nat --flush 04 iptables --delete-chain     # Delete all chains that are not in default filter and nat table 05 iptables --table nat --delete-chain 06   07 # Set up IP FORWARDing and Masquerading 08 iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE 09 iptables --append FORWARD --in-interface eth1 -j ACCEPT 10   11 echo 1 > /proc/sys/net/ipv4/ip_forward             # Enables packet forwarding by kernel

ipchains:

view source print? 1 #!/bin/sh 2 ipchains -F forward                                # Flush rules 3 ipchains -P forward DENY                           # Default set to deny packet forwarding 4 ipchains -A forward -s 192.168.10.0/24 -j MASQ     # Use IP address of gateway for private network 5 ipchains -A forward -i eth1 -j MASQ                # Sets up external internet connection 6 echo 1 > /proc/sys/net/ipv4/ip_forward