?
Solved

Configure a linux box as a gateway/router

Posted on 2005-03-07
12
Medium Priority
?
260 Views
Last Modified: 2012-03-15
Hello,
We have at home a small LAN of 20 computers. All the computers have local IPs like 192.168.0.x.  We also have internet through a fiber optic and a media convertor. The media convertor is connected to the linux box. The linux box is runnig RedHat 9.0 and has 2 network cards installed. One for the internet and one for the LAN. The ISP gave us 1 external IP for the linux box: 62.231.4.4 and a class of 16 external IPs for the computers that will be connected to the internet: 82.77.0.x. Not all the computers will be connected to the internet, just 6 of us want internet. We must confgure the linux box as a router/gateway and maybe as a DHCP server to provide external IPs to the 6 computers that will be connected to the internet and local IPs to the other computers. The selection could be made by the MAC address of each computer. The problem is that we want to keep our LAN and we want to be able to play games on LAN on all the computers in the LAN. So all the computers should be able to communicate with each other, but only 6 of them be able to access the internet using the external IPs provided by the ISP. We also want a script for the linux box to configure the intenet bandwitdh allowed by each computer separately. Example: 5 computers to have a maximum of 32 kb/s each and 1 computer only have a maximum of 4 kb/s. The bandwitdh must be allocated dynamicly to the computers. I mean the maximum speed of the internet in the server is 32 kb/s. If only one computer is surfing the internet he should be able to use all the bandwitdh of 32 kb/s. But if a second computer wants to surf the internet too, the bandwidth should be splited in 2, 16 kb for each computer and so on if another computer joins or leaves on the internet. If you don't understand something please ask me. Thank you very much for your help.
0
Comment
Question by:MohReh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 38

Expert Comment

by:wesly_chen
ID: 13482319
Hi,

   You can use NAT on RedHat Linux 9 box.
As root on RH9, then
service iptabbles stop

-----------------------------------------------
# Load the NAT module
modprobe iptable_nat

# Allow masquerading
# Enable routing by modifying the ip_forward /proc filesystem file
# - Interface eth0 is the internet interface
# - Interface eth1 is the private network interface
iptables -A POSTROUTING -t nat -o eth0 -s 192.168.0.0/24 -d 0/0 -j MASQUERADE

echo 1 > /proc/sys/net/ipv4/ip_forward

# Prior to masquerading, the packets are routed via the filter
# table's FORWARD chain.
# Allowed outbound: New, established and related connections
# Allowed inbound : Established and related connections
iptables -A FORWARD -t filter -i eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -t filter -i eth0 -m state --state ESTABLISHED,RELATED     -j ACCEPT
---------------------------
service iptables start

Then set the default gateway on 6 of your PC to point to RH9's LAN IP address.
So 6 of your PCs can surf internet.

As for bandwidth controll, I haven't a solid solution for you.

Wesly
0
 
LVL 22

Accepted Solution

by:
pjedmond earned 1500 total points
ID: 13482674
This might be of interest:

http://www.linux.com/howtos/Traffic-Control-HOWTO/

and it includes references to various scripts that you'd need to 'tweak' to get exactly what you require. For example this one:

http://lartc.org/wondershaper/

Hope that helps:)

0
 
LVL 22

Expert Comment

by:pjedmond
ID: 13482679
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 

Author Comment

by:MohReh
ID: 13484931
Thank you for the answers.
wesly_chen, I need some sort of autentification method to use for the computers that will be conected to the internet. I don't want the other users from my LAN to steal internet just by adding an IP to the gateway. Maybe I could use a password or the MAC address of the nic?
pjedmond, I will read the scripts and see what I can do.
0
 

Author Comment

by:MohReh
ID: 13484984
wesly_chen, if I use this method will I be able to use the external IPs on the computers connected to the internet?
I would really apreciate a step-by-step tutorial because I am not very good at this. Thanks
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 13485014
/etc/hosts.allow
/etc/hosts.deny

Enter the ips to these files for the appropriate PCs to get the 'obvious' results:)
0
 

Author Comment

by:MohReh
ID: 13485180
Ok, but if I use the IP class of 192.168.0.x for all the computers, how can I use the external IPs when on internet? I don't want all the computers to use only one IP (IRC won't work on all of them). Or is there a way to setup in Linux an external IP for a local IP?
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 13485928
irc primarily used port 6667. You connect through the firewall from whichever PC to the ircd server. The return packets are returned by the firewall to the correct PC using NAT (masquerading), which makes your 192.168.0.x look like the external address to the ircd server.....*BUT* many ircd server insist that identd is running on the system connecting to it. This requires that you forward any incoming requests on port 113 to the system that is being used to connect to the ircd. This unfortunately limits you to being only ably to connect to the server from 1 system only within the internal network.

HTH:)
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 13485933
Here's a fairly comprehensive look ar irc and firewalling.:

http://www.ircle.com/firewallfaq.shtml
0
 

Author Comment

by:MohReh
ID: 13486288
Thanks but that's not very good. Let's try without NAT. Maybe I'll try domething else:
the computers connected to the internet will have external IPs: 82.77.4.x and the linux gateway
the remaining computers in the lan will have local IPs: 192.168.0.x and also the linux gateway
then I will setup a forwarding for the local IPs in the gateaway. This way we could see eachother in the network
The wondershaper script seems good and I think it is the best solution. The problem is that I don't know how to add the external IPs to the script and how to limit one ip or more to a certain speed of download. Thanks
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 13486660
You have to use NAT if the external ip is transalated to an internal ip and there are multiple pcs on the internal net!

One possible approach to this would need you to add virtual ethernet adaptors. Basically each ethernet adaptoe is normally known as eth0, eth1 etc. In order to create virtual ethernet adaptor, you need to create eth0:1, eth0:2, eth0:3 etc

These virtual adaptors can all have there own seperate ip addresses, so you can have multiple ip addresses on the external and internal connections. By then routing via internal ip to the unique external ip associated with your irc client, you know that eth0:1 external ip connects to PC1, eth0:2 connects to PC2 etc.]

I'm sure that it could be done, but it strikes me as a very messy way to go about this.

HTH:)
0
 

Author Comment

by:MohReh
ID: 13486771
OK, thanks for all the help.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question