Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Linux routing

Posted on 2005-05-08
10
Medium Priority
?
441 Views
Last Modified: 2010-03-17
Hi ee.  I have one Linux box with two nic.  one is 192.168.0.1  for the internal network.  and second say, 10.0.0.2 connected to router for internet connection.  Please can someone tell how to setup routing so that the machines on the internal network can have internet access.  I also want a dns server running.   I want to be able to setup dhcp on this same machine and block internet access if need be.  I also want to have the internet connection firewalled.  Fedora core2 is the linux version installed.
0
Comment
Question by:aduhwale
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 3

Expert Comment

by:joju
ID: 13957350
webmin is the best answer.
http://www.webmin.com/

make a full installation of Fedora core2 and install webmin.
webmin has a nice GUI which enables you to confiure your system as gateway.

Thanx
Joju.
0
 
LVL 2

Author Comment

by:aduhwale
ID: 13957470
Thanks Joju,  I have installed webmin.  But would you say it will allow a newbie to fully configure the pc to do the routing I asked above?  and do you have any pointers for me?
0
 
LVL 2

Author Comment

by:aduhwale
ID: 13957503
Thanks Joju,  I have installed webmin.  But would you say it will allow a newbie to fully configure the pc to do the routing I asked above?  and do you have any pointers for me?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Assisted Solution

by:joju
joju earned 450 total points
ID: 13957519
if eth1 is connected to router then

As a starting point you can add the following nat rule to allow internet access

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

and

echo "1" > /proc/sys/net/ipv4/ip_forward

and give client-systems gateway as 192.168.0.1.


Webmin has GUI for these and other services you require.

Thanx
Joju.
0
 
LVL 2

Author Comment

by:aduhwale
ID: 13957900
ok, a little lost. here.  Eth0 is connected to lan. ,  Eth1 is connected to router.  Is this scenario reflecting what you said?
0
 
LVL 3

Expert Comment

by:joju
ID: 13957948
yes.. you can use the commands in my earlier post.
Thanx
Joju.
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 300 total points
ID: 13959149
I sue shorewall to configure the firewall and nat. It slao has a webmin module, so you can configure it via webmin. I find it a lot easier to use than configuring iptables (with or without webmin).

http://shorewall.net

There are examples which you can use for your installation and the online docs have all the necessary info.

As DNS server I suggest using BIND. I  believe it should be included in the fedora core package, if not look at http://isc.org

Also Bind is configurable via webmin.

The same goes for DHCPD, same source (ISC) if it isn't already included in FC
0
 
LVL 19

Accepted Solution

by:
Gabriel Orozco earned 750 total points
ID: 13959550
mmmhhh...

I would create a firewall and start dns services. that's what you need.

for dns, it is configured as a cache dns which is what you are asking for. to enable it, do this:
chkconfig --level 345 named on
--------------------------------------------------------------------------------------------
for the firewall, you can use this and then add to it as you need more:

#Activate IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

ipt="/usr/local/sbin/iptables"
# I suppose eth0 is your inside LAN connection to 192.168.0.1
# And eth1 is goind to Internet using 10.0.0.2
inside=eth0
outside=eth1

#Avoid Spoofing
for interface in /proc/sys/net/ipv4/conf/*/rp_filter; do
   /bin/echo "1" > ${interface}
done

# Avoid Floodings
$ipt -N FLOOD
$ipt -A FLOOD -m limit --limit 2/s --limit-burst 5 -j RETURN
$ipt -A FLOOD -j DROP

$ipt -F
$ipt -t nat -F
$ipt -t mangle -F
$ipt -P INPUT DROP
$ipt -P OUTPUT DROP
$ipt -P FORWARD DROP

$ipt -A INPUT -i lo -j ACCEPT
$ipt -A INPUT -i $inside -j ACCEPT
$ipt -A OUTPUT -i lo -j ACCEPT
$ipt -A OUTPUT -i $inside -j ACCEPT
$ipt -A FORWARD -i $inside -j ACCEPT

$ipt -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#Accept at least traffic to ssh into this host.
$ipt -A INPUT -p tcp --dport 22 -j ACCEPT
#now the nat thing.
$ipt -t nat -A POSTROUTING -o $outside -j MASQUERADE

$ipt -A INPUT -j FLOOD
$ipt -A INPUT -p tcp -j REJECT --reject-with tcp-reset
$ipt -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable

0
 
LVL 2

Author Comment

by:aduhwale
ID: 13984468
Hi guys,  Thanks for your comments.  I am going to split the points as I have used ideas from all you as well as other questions i posted .  thanks
0
 
LVL 88

Expert Comment

by:rindi
ID: 13985307
thanx too.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question