• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 443
  • Last Modified:

Linux routing

Hi ee.  I have one Linux box with two nic.  one is 192.168.0.1  for the internal network.  and second say, 10.0.0.2 connected to router for internet connection.  Please can someone tell how to setup routing so that the machines on the internal network can have internet access.  I also want a dns server running.   I want to be able to setup dhcp on this same machine and block internet access if need be.  I also want to have the internet connection firewalled.  Fedora core2 is the linux version installed.
0
aduhwale
Asked:
aduhwale
  • 4
  • 3
  • 2
  • +1
3 Solutions
 
jojuCommented:
webmin is the best answer.
http://www.webmin.com/

make a full installation of Fedora core2 and install webmin.
webmin has a nice GUI which enables you to confiure your system as gateway.

Thanx
Joju.
0
 
aduhwaleAuthor Commented:
Thanks Joju,  I have installed webmin.  But would you say it will allow a newbie to fully configure the pc to do the routing I asked above?  and do you have any pointers for me?
0
 
aduhwaleAuthor Commented:
Thanks Joju,  I have installed webmin.  But would you say it will allow a newbie to fully configure the pc to do the routing I asked above?  and do you have any pointers for me?
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
jojuCommented:
if eth1 is connected to router then

As a starting point you can add the following nat rule to allow internet access

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

and

echo "1" > /proc/sys/net/ipv4/ip_forward

and give client-systems gateway as 192.168.0.1.


Webmin has GUI for these and other services you require.

Thanx
Joju.
0
 
aduhwaleAuthor Commented:
ok, a little lost. here.  Eth0 is connected to lan. ,  Eth1 is connected to router.  Is this scenario reflecting what you said?
0
 
jojuCommented:
yes.. you can use the commands in my earlier post.
Thanx
Joju.
0
 
rindiCommented:
I sue shorewall to configure the firewall and nat. It slao has a webmin module, so you can configure it via webmin. I find it a lot easier to use than configuring iptables (with or without webmin).

http://shorewall.net

There are examples which you can use for your installation and the online docs have all the necessary info.

As DNS server I suggest using BIND. I  believe it should be included in the fedora core package, if not look at http://isc.org

Also Bind is configurable via webmin.

The same goes for DHCPD, same source (ISC) if it isn't already included in FC
0
 
Gabriel OrozcoSolution ArchitectCommented:
mmmhhh...

I would create a firewall and start dns services. that's what you need.

for dns, it is configured as a cache dns which is what you are asking for. to enable it, do this:
chkconfig --level 345 named on
--------------------------------------------------------------------------------------------
for the firewall, you can use this and then add to it as you need more:

#Activate IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

ipt="/usr/local/sbin/iptables"
# I suppose eth0 is your inside LAN connection to 192.168.0.1
# And eth1 is goind to Internet using 10.0.0.2
inside=eth0
outside=eth1

#Avoid Spoofing
for interface in /proc/sys/net/ipv4/conf/*/rp_filter; do
   /bin/echo "1" > ${interface}
done

# Avoid Floodings
$ipt -N FLOOD
$ipt -A FLOOD -m limit --limit 2/s --limit-burst 5 -j RETURN
$ipt -A FLOOD -j DROP

$ipt -F
$ipt -t nat -F
$ipt -t mangle -F
$ipt -P INPUT DROP
$ipt -P OUTPUT DROP
$ipt -P FORWARD DROP

$ipt -A INPUT -i lo -j ACCEPT
$ipt -A INPUT -i $inside -j ACCEPT
$ipt -A OUTPUT -i lo -j ACCEPT
$ipt -A OUTPUT -i $inside -j ACCEPT
$ipt -A FORWARD -i $inside -j ACCEPT

$ipt -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#Accept at least traffic to ssh into this host.
$ipt -A INPUT -p tcp --dport 22 -j ACCEPT
#now the nat thing.
$ipt -t nat -A POSTROUTING -o $outside -j MASQUERADE

$ipt -A INPUT -j FLOOD
$ipt -A INPUT -p tcp -j REJECT --reject-with tcp-reset
$ipt -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable

0
 
aduhwaleAuthor Commented:
Hi guys,  Thanks for your comments.  I am going to split the points as I have used ideas from all you as well as other questions i posted .  thanks
0
 
rindiCommented:
thanx too.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now