Configuring RH7.1 as a gateway to the internet

Posted on 2001-08-19
Medium Priority
Last Modified: 2010-03-18
I need to have my Linux box as a gateway to the internet, I have 2 nics in the Linux box and one in Win2000, how do I set up Linux to act as a gateway?
Question by:proximus
  • 4
  • 3
  • 2
  • +9
LVL 28

Expert Comment

ID: 6404574

What type of internet connection are you using?

Expert Comment

ID: 6404587
do you have a DSL connection or a cable modem?  In both cases, connect one of the NIC's on the Linux box to the DSL or cable modem box and follow the following direction:
-  on that interface, configure the appropriate IP address parameter (provided by your carrier or ISP - external address).
-  configure the external Linux interface to use the appropriate default gateway (as provided by your ISP or the DSL/cable box if there's an ip address on it).
-  configure the other NIC to use an internal address (same subnet as your Win2k box - ie: 192.168.1.x).
-  put the following lines into the end of /etc/rc.d/rc.local:
    /sbin/ipchains -F forward
    /sbin/ipchains -P forward DENY
    /sbin/ipchains -A forward -i eth0 -j MASQ
    echo "1" > /proc/sys/net/ipv4/ip_forward
-  configure your Win2k box to use the Linux internal interface as the default gateway.

you're done.

Expert Comment

ID: 6405082

Do you have a private IP network or a real IP one that is routed?

If you are talking about a gateway to a network it must be a routed IP network.

But if you are talking about getting to the Internet while haveing a private IP network, I can suggest that you use SQUID (a proxy server) for browsing the Internet and, as suggested by matt023, ipchains for masqurading telnets, ftps, and other connections.

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.


Accepted Solution

ifincham earned 1200 total points
ID: 6405687

Matt023 has pretty much said it all on the masquerading.. In case you need to know about the cabling side - If you only have two boxes, the simplest is to get a cat5 'crossover' cable and plug one end into the winbox nic and the other into the linux box nic. Otherwise, you could get a cheap hub but you'll then need two patch cables. On the ipchains command, the 'i eth0' bit would be the internet connected interface which could also be 'eth1' depending on which slot the cards are in.

You'd have something like this :


default gateway

redhat 7.1 (lan interface)


(configure via 'netcfg' or 'linuxconf')

Also, if you are using a 2.4 series kernel with iptables instead of ipchains the equivalent masquerade code would be :

# load nat module & set-up masquerading...
modprobe iptable_nat
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

Hope this helps
LVL 17

Expert Comment

ID: 6407434
Listening ( actually hoping proximus says he uses a normal modem ... ;) )

Author Comment

ID: 6407496
Thanks you guys sorry I've been away from my computer since I posted it, I have a cable modem, and all the cabling is set up properly just needed to know how to set up masquerading. Thanks

Author Comment

ID: 6407574
Oh and I'm using the 2.4 kernel,

Author Comment

ID: 6407575
Oh and I'm using the 2.4 kernel,

Author Comment

ID: 6407736
It seems that none of this seems to work, when I use ifincham's 2.4 code it seems that everything fails, and the last line tells me to upgrade iptables or my kernel, perhaps by default RH didn't use tables, but kept the chains, cause the chains give me no errors but it still doesn't work. So I'm going to give more info here. On gateway machine(linux) Using RH7.1(2.4 kernel), 2 3Com network cards, mototolla cable modem, static ip on both NIC's. The ip for the NIC connected to my Win2000 machine is, Subnet,, on my Windows machine the NIC's IP is, Subnet Now I want to be able to FTP, surf the web,etc... the usual stuff.

Expert Comment

ID: 6423502
*listening and learning*
LVL 14

Expert Comment

ID: 6428109
Please anyone can help with that question ?


Expert Comment

ID: 6441598
Personally, I think that using RedHat is overkill and more work than necessary for a gateway.

I use Freesco - http://www.freesco.org . It can run from a floppy disk in as little as a 386 with 6Mb, I currently use it as a dial-up gateway in a 486 with 16Mb RAM and an 80Mb HD. So you can use that an old, cheap machine for the job - in fact, quite a few people have one suitable just lying around...

Anyway, it is a firewall, router, with masquerading, etc. It has a small web server and a web admin/control panel.

Expert Comment

ID: 6441608
Problem is finding ISA NICs to work with that 386 :p

Expert Comment

ID: 6441628
Or even finding a 386, for that matter :)

Expert Comment

ID: 6441851
Those I have kicking around...I think, they might be old 486s?  I threw out most of that junk.
LVL 27

Expert Comment

by:Asta Cu
ID: 6931900
Hopefully you've already been helped with this question, but thought you'd appreciate knowing this.  It would be great if you could bring this question to a conclusion, awarding the experts above who helped you with points or a comment to them on your status today.

WindowsUpdate has new updates for .NET users; Details follow - Microsoft .NET Framework
The .NET Framework is a new feature of Windows. Applications built using the .NET Framework are more reliable and secure. You need to install the .NET Framework only if you have software that requires it.

For more information about the .NET Framework, see http://www.microsoft.com/net. (This site is in English.)

System Requirements
The .NET Framework can be installed on the following operating systems:
Windows 98
Windows 98 Second Edition (SE)
Windows Millennium Edition (Windows Me)
Windows NT 4.0® (Workstation or Server) with Service Pack 6.0a
Windows 2000 with the latest service pack installed (Professional, Server, Datacenter Server, or Advanced Server)
Windows XP (Home Edition and Professional)
You must be running Internet Explorer version 5.01 or later for all installations of the .NET Framework.

To install the .NET Framework, your computer must meet or exceed the following software and hardware requirements:

Software requirements for server operating systems:
MDAC 2.6
Hardware requirements:
For computers running only a .NET Framework application, Pentium 90 mHz CPU with 32 MB memory or the minimum CPU and RAM required by the operating system, whichever is higher.
For server operating systems, Pentium 133 mHz CPU with 128 MB memory or the minimum CPU and RAM required by the operating system, whichever is higher.
Recomended software:
MDAC 2.7 is recommended.
Recommended hardware: For computers running only a .NET Framework application, Pentium 90 MHz CPU with 96 MB memory or the minimum CPU and RAM required by the operating system, whichever is higher.
For server operating systems, Pentium 133 MHz CPU with 256 MB memory or the minimum CPU and RAM required by the operating system, whichever is higher.

How to use -> Restart your computer to complete the installation. No other action is required to run .NET Framework applications. If you are developing applications using the .NET Framework, you can use the command-line compilers or you can use a development environment, such as Visual Studio .NET, that supports using the .NET Framework.

How to uninstall
To uninstall the .NET Framework: Click Start, point to Settings, and then click Control Panel (In Windows XP, click Start and then click Control Panel.).
Click Add/Remove Programs.
Click Microsoft .NET Framework (English) v1.0.3705 and then click Change/Remove.
More here  http://www.microsoft.com/net/

The .NET topic is being considered for addition to our All Topics link soon, so this may interest you as well:

EXPERTS POINTS are waiting to be claimed here:  http://www.experts-exchange.com/commspt/Q.20277028.html



Expert Comment

ID: 9078699
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Expert Comment

ID: 9984938
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
Accept ifincham's comment as answer.
Please leave any comments here within the next seven days.


EE Cleanup Volunteer

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month15 days, 12 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question