Friday, October 25, 2013

using linux as internet gateway

http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html

Example 1: Linux connected via PPP
This example uses a Linux computer connected to the internet using a dial-up line and modem (PPP). The Linux gateway is connected to the internal network using an ethernet card. The internal network consists of Windows PC's.
The Linux box must be configured for the private internal network and PPP for the dial-up connection. See the PPP tutorial to configure the dial-up connection. Use the ifconfig command to configure the private network. i.e. (as root)
   /sbin/ifconfig eth1 192.168.10.101 netmask 255.255.255.0 broadcast 192.168.10.255
This is often configured during install or can be configured using the Gnome tool neat (or the admin tool Linuxconf or netcfg for older Red Hat systems). System changes made with the ifconfig or route commands are NOT permanent and are lost upon system reboot. Permanent settings are held in configuration scripts executed during system boot. (i.e. /etc/sysconfig/...) See the YoLinux Networking tutorial for more information on assigning network addresses.
Run one of the following scripts on the Linux gateway computer:

iptables:

01iptables --flush                         # Flush all the rules in filter and nat tables
02iptables --table nat --flush
03iptables --delete-chain                  # Delete all chains that are not in default filter and nat table
04iptables --table nat --delete-chain
05 
06# Set up IP FORWARDing and Masquerading
07iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
08iptables --append FORWARD --in-interface eth0 -j ACCEPT         # Assuming one NIC to local LAN
09 
10echo 1 > /proc/sys/net/ipv4/ip_forward    # Enables packet forwarding by kernel

ipchains:

1#!/bin/sh
2ipchains -F forward                                # Flush all previous rules and settings
3ipchains -P forward DENY                           # Default set to deny packet forwarding
4ipchains -A forward -s 192.168.10.0/24 -j MASQ     # Use IP address of gateway for private network
5ipchains -A forward -i ppp0 -j MASQ                # Sets up external internet connection
6echo 1 > /proc/sys/net/ipv4/ip_forward             # Enables packet forwarding by kernel
A PPP connection as described by the YoLinux PPP tutorial will create the PPP network connection as the default route.

Example 2: Linux connected via DSL, Cable, T1
High speed connections to the internet result in an ethernet connection to the gateway. Thus the gateway is required to possess two ethernet Network Interface Cards (NICs), one for the connection to the private internal network and another to the public internet. The ethernet cards are named eth and are numbered uniquely from 0 upward.
Use the ifconfig command to configure both network interfaces.
1/sbin/ifconfig eth0 XXX.XXX.XXX.XXX netmask 255.255.255.0 broadcast XXX.XXX.XXX.255  # Internet
2/sbin/ifconfig eth1 192.168.10.101 netmask 255.255.255.0 broadcast 192.168.10.255    # Private LAN
Also see notes on adding a second NIC.
This is often configured during install or can be configured using the Gnome tool neat (or the admin tool Linuxconf or netcfg for older Red Hat systems). System changes made with the ifconfig or route commands are NOT permanent and are lost upon system reboot. Permanent settings are held in configuration scripts executed during system boot. (i.e. /etc/sysconfig/...) See the YoLinux Networking tutorial for more information on assigning network addresses.
Run the appropriate script on the linux computer where eth0 is connected to the internet and eth1 is connected to a private LAN:

iptables:

01# Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
02iptables --flush            # Flush all the rules in filter and nat tables
03iptables --table nat --flush
04iptables --delete-chain     # Delete all chains that are not in default filter and nat table
05iptables --table nat --delete-chain
06 
07# Set up IP FORWARDing and Masquerading
08iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
09iptables --append FORWARD --in-interface eth1 -j ACCEPT
10 
11echo 1 > /proc/sys/net/ipv4/ip_forward             # Enables packet forwarding by kernel

ipchains:

1#!/bin/sh
2ipchains -F forward                                # Flush rules
3ipchains -P forward DENY                           # Default set to deny packet forwarding
4ipchains -A forward -s 192.168.10.0/24 -j MASQ     # Use IP address of gateway for private network
5ipchains -A forward -i eth1 -j MASQ                # Sets up external internet connection
6echo 1 > /proc/sys/net/ipv4/ip_forward

No comments:

Related Posts Plugin for WordPress, Blogger...