MohReh
asked on
Configure a linux box as a gateway/router
Hello,
We have at home a small LAN of 20 computers. All the computers have local IPs like 192.168.0.x. We also have internet through a fiber optic and a media convertor. The media convertor is connected to the linux box. The linux box is runnig RedHat 9.0 and has 2 network cards installed. One for the internet and one for the LAN. The ISP gave us 1 external IP for the linux box: 62.231.4.4 and a class of 16 external IPs for the computers that will be connected to the internet: 82.77.0.x. Not all the computers will be connected to the internet, just 6 of us want internet. We must confgure the linux box as a router/gateway and maybe as a DHCP server to provide external IPs to the 6 computers that will be connected to the internet and local IPs to the other computers. The selection could be made by the MAC address of each computer. The problem is that we want to keep our LAN and we want to be able to play games on LAN on all the computers in the LAN. So all the computers should be able to communicate with each other, but only 6 of them be able to access the internet using the external IPs provided by the ISP. We also want a script for the linux box to configure the intenet bandwitdh allowed by each computer separately. Example: 5 computers to have a maximum of 32 kb/s each and 1 computer only have a maximum of 4 kb/s. The bandwitdh must be allocated dynamicly to the computers. I mean the maximum speed of the internet in the server is 32 kb/s. If only one computer is surfing the internet he should be able to use all the bandwitdh of 32 kb/s. But if a second computer wants to surf the internet too, the bandwidth should be splited in 2, 16 kb for each computer and so on if another computer joins or leaves on the internet. If you don't understand something please ask me. Thank you very much for your help.
We have at home a small LAN of 20 computers. All the computers have local IPs like 192.168.0.x. We also have internet through a fiber optic and a media convertor. The media convertor is connected to the linux box. The linux box is runnig RedHat 9.0 and has 2 network cards installed. One for the internet and one for the LAN. The ISP gave us 1 external IP for the linux box: 62.231.4.4 and a class of 16 external IPs for the computers that will be connected to the internet: 82.77.0.x. Not all the computers will be connected to the internet, just 6 of us want internet. We must confgure the linux box as a router/gateway and maybe as a DHCP server to provide external IPs to the 6 computers that will be connected to the internet and local IPs to the other computers. The selection could be made by the MAC address of each computer. The problem is that we want to keep our LAN and we want to be able to play games on LAN on all the computers in the LAN. So all the computers should be able to communicate with each other, but only 6 of them be able to access the internet using the external IPs provided by the ISP. We also want a script for the linux box to configure the intenet bandwitdh allowed by each computer separately. Example: 5 computers to have a maximum of 32 kb/s each and 1 computer only have a maximum of 4 kb/s. The bandwitdh must be allocated dynamicly to the computers. I mean the maximum speed of the internet in the server is 32 kb/s. If only one computer is surfing the internet he should be able to use all the bandwitdh of 32 kb/s. But if a second computer wants to surf the internet too, the bandwidth should be splited in 2, 16 kb for each computer and so on if another computer joins or leaves on the internet. If you don't understand something please ask me. Thank you very much for your help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for the answers.
wesly_chen, I need some sort of autentification method to use for the computers that will be conected to the internet. I don't want the other users from my LAN to steal internet just by adding an IP to the gateway. Maybe I could use a password or the MAC address of the nic?
pjedmond, I will read the scripts and see what I can do.
wesly_chen, I need some sort of autentification method to use for the computers that will be conected to the internet. I don't want the other users from my LAN to steal internet just by adding an IP to the gateway. Maybe I could use a password or the MAC address of the nic?
pjedmond, I will read the scripts and see what I can do.
ASKER
wesly_chen, if I use this method will I be able to use the external IPs on the computers connected to the internet?
I would really apreciate a step-by-step tutorial because I am not very good at this. Thanks
I would really apreciate a step-by-step tutorial because I am not very good at this. Thanks
/etc/hosts.allow
/etc/hosts.deny
Enter the ips to these files for the appropriate PCs to get the 'obvious' results:)
/etc/hosts.deny
Enter the ips to these files for the appropriate PCs to get the 'obvious' results:)
ASKER
Ok, but if I use the IP class of 192.168.0.x for all the computers, how can I use the external IPs when on internet? I don't want all the computers to use only one IP (IRC won't work on all of them). Or is there a way to setup in Linux an external IP for a local IP?
irc primarily used port 6667. You connect through the firewall from whichever PC to the ircd server. The return packets are returned by the firewall to the correct PC using NAT (masquerading), which makes your 192.168.0.x look like the external address to the ircd server.....*BUT* many ircd server insist that identd is running on the system connecting to it. This requires that you forward any incoming requests on port 113 to the system that is being used to connect to the ircd. This unfortunately limits you to being only ably to connect to the server from 1 system only within the internal network.
HTH:)
HTH:)
ASKER
Thanks but that's not very good. Let's try without NAT. Maybe I'll try domething else:
the computers connected to the internet will have external IPs: 82.77.4.x and the linux gateway
the remaining computers in the lan will have local IPs: 192.168.0.x and also the linux gateway
then I will setup a forwarding for the local IPs in the gateaway. This way we could see eachother in the network
The wondershaper script seems good and I think it is the best solution. The problem is that I don't know how to add the external IPs to the script and how to limit one ip or more to a certain speed of download. Thanks
the computers connected to the internet will have external IPs: 82.77.4.x and the linux gateway
the remaining computers in the lan will have local IPs: 192.168.0.x and also the linux gateway
then I will setup a forwarding for the local IPs in the gateaway. This way we could see eachother in the network
The wondershaper script seems good and I think it is the best solution. The problem is that I don't know how to add the external IPs to the script and how to limit one ip or more to a certain speed of download. Thanks
You have to use NAT if the external ip is transalated to an internal ip and there are multiple pcs on the internal net!
One possible approach to this would need you to add virtual ethernet adaptors. Basically each ethernet adaptoe is normally known as eth0, eth1 etc. In order to create virtual ethernet adaptor, you need to create eth0:1, eth0:2, eth0:3 etc
These virtual adaptors can all have there own seperate ip addresses, so you can have multiple ip addresses on the external and internal connections. By then routing via internal ip to the unique external ip associated with your irc client, you know that eth0:1 external ip connects to PC1, eth0:2 connects to PC2 etc.]
I'm sure that it could be done, but it strikes me as a very messy way to go about this.
HTH:)
One possible approach to this would need you to add virtual ethernet adaptors. Basically each ethernet adaptoe is normally known as eth0, eth1 etc. In order to create virtual ethernet adaptor, you need to create eth0:1, eth0:2, eth0:3 etc
These virtual adaptors can all have there own seperate ip addresses, so you can have multiple ip addresses on the external and internal connections. By then routing via internal ip to the unique external ip associated with your irc client, you know that eth0:1 external ip connects to PC1, eth0:2 connects to PC2 etc.]
I'm sure that it could be done, but it strikes me as a very messy way to go about this.
HTH:)
ASKER
OK, thanks for all the help.
You can use NAT on RedHat Linux 9 box.
As root on RH9, then
service iptabbles stop
--------------------------
# Load the NAT module
modprobe iptable_nat
# Allow masquerading
# Enable routing by modifying the ip_forward /proc filesystem file
# - Interface eth0 is the internet interface
# - Interface eth1 is the private network interface
iptables -A POSTROUTING -t nat -o eth0 -s 192.168.0.0/24 -d 0/0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forw
# Prior to masquerading, the packets are routed via the filter
# table's FORWARD chain.
# Allowed outbound: New, established and related connections
# Allowed inbound : Established and related connections
iptables -A FORWARD -t filter -i eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -t filter -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
--------------------------
service iptables start
Then set the default gateway on 6 of your PC to point to RH9's LAN IP address.
So 6 of your PCs can surf internet.
As for bandwidth controll, I haven't a solid solution for you.
Wesly