Linux as default gateway

Dear Expert,

My company uses linux as a default gateway for the internet. This means all the internet routing is done thru linux. Since i am a beginner @ linx, can you pls guide on how to make linux a default gateway for the internet. Right now i use ppp0 software for connecting to the internet.

Tx. In advance

Sachin Doke
sachindokeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gabriel OrozcoSolution ArchitectCommented:
sachindoke

I do not understad your question.

you are telling your company is using linux as gateway for internet, but then you ask how to do it.

is that right?

if you want to make your linux your default gateway to internet, you must
a) have two network cards. the one connected to the internet where your connection (ppp0) gets connected, and the other connected to your Local Network.
b) on the Local Network interfase, you need to have a fixed ip, like 192.168.0.1. if you already have one, please post that info here.
  - for that we need to know the output of these commands:
    ifconfig
    route -n
    (when you are connected to the internet on the linux box)

if you have these, we can post you a firewall script crafted to your linux box so you can get internet from your linux box.

regards

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lee W, MVPTechnology and Business Process AdvisorCommented:
I use linux as my router (using NAT) - IPTables for routing purposes.  See: http://www.netfilter.org/
GinEricCommented:
sachindoke,

Redimido is steering you in the right direction.

I would like to add some advice though.

First, if you're using ppp you're on a dialup; I would talk somebody into at least DSL.

When you have DSL, you can go direct ATM instead of the rather lame Windows ideas of PPPoE.  ATM is direct to the DSLAM and works much faster and is more Linux oriented, as are nearly all telephone companies.

By saying the Linux server is the gateway, you've actually said it's the router because the word gateway means router [you can check that with various RFC's].  But if you mean it's the first box connected directly to your Internet Service Provider, it's more proper to say your Linux Server is the Frontend.  Therefore, you have a frontended system setup, as opposed to your connection going to a router box first.

When you front end, your server controls all Internet and Intranet activity.  You do, indeed, need two NIC's.  One on the Public IP Address, and the other on an Intranet IP Address, often called a Private Address.  You can then either use filters, or, you can take that second NIC right out to a router box [like a Linksys, Cisco, whatever] and from there to your Intranet computers, your internal machines on your private network or LAN.  The Linux Server connects directly to the Internet [WAN] and then connects via the other NIC to the LAN.

The Linux Server then controls who can get to and from the Internet from the Intranet, and vice versa.

You can use all of these netfilters, etc., although most use sufficient built in defaults that your Intranet will be very secure from the start.

You will have to name your two NIC cards and add or uncomment lines in /etc/rc.d/rc.modules such as these [these are my two NIC's, yours will most likely be different]:

/sbin/modprobe ne irq=10 io=0x320 # LinkSys NE2000 at 0x320

and

/sbin/modprobe 3c59x

the first is for a Linksys Ether16 and the second is for a common 3c59x [3COM].

the first shows that some cards need the irq and io defined.  while the 3com has a Linux driver that is already present.  You may also need to do some reading on how to configure your Ethernet cards.

This all depends on your connection and speed, as ppp is not DSL is not ATM.  ppp is far too slow for such server configurations.  About ten years ago it sufficed that all one normally had might be a 56k dialup, but that is not true any longer.  You should at least have DSL or a T1, which, regardless of what others say, are the same thing, but the T1 costs a lot more for an old name.

You also want the output of :

ifconfig -a

which will show the NIC's, if they are there and preloaded.  Basically, all of the files in /etc/rc.d/ are there to start [or stop] your system initialization.  rc.inet1 will call rc.inet1.conf for referencing which and how many NIC cards to initialize, and so on.

rc stands for "run control" and most names are similar; rc.inet1 would be "run control Internet" and rc.inetd would be "run control internet daemons."

Not all distributions are aware of this early nomenclature, and some have departed drastically from it, thus leaving many in the lurch in trying to understand their own Linux distribution.

Indeed, your files may be in a completely different directory; my distribution is Slackware because it adheres to the origins that are in Unix and System V.

Also in that directory you will find your firewall rc, and all the others.  It is there that these various filters and ipchains are controlled.

Usually, as I've said, they are setup to very good default values.

As a beginner, you have a lot of reading to do, even though you're asking good questions, you will need to know the terminology to express your questions more accurately.

Basically, you will have to configure your Linux Server with the ISP assigned IP Address, then assign an IP and mask for the internal network, as suggested by Redimido, you can choose any in 192.168.x.x but routers should be reserved for addresses ending in .1 and you cannot use .255 which is the broadcast address for that segment.

So, you have from 192.168.x.2 to 192.168.x.254 for your address range of IP's that can be assigned by static or DHCP to your internal machines.  Normally, we avoid 192.168.0.x and 192.168.255.X as they tend to resemble base router and broadcast addresses too often and can be confusing, or, cause errors if they are mistyped.

So, you might want to set your second NIC as something like 192.168.2.101 and the router it is connected to as 192.168.2.1  You see?  The routers remain 192.168.x.1 while the box is 100 plus 1, a quick way to identify connections and cables without confusion; "101 is always connect to 1, the router."

If you have more than one router, you will also want to use the internal mask of 255.255.0.0 which enables all IP Addresses internally from 192.168.0.0 through 192.168.255.255 [which, remember, is itself a broadcast address and not assigned to any machine or router].  That is more than enough IP Addresses for your internal network and I doubt that you'll run out of them.

Linux should automatically find any and all machines on your internal network within that range if you set the mask that way.  The mask makes your network a Class C network and you don't have worry so much about the .x. in 192.168.x.#

rc.inet2 will call the firewall rules [as well as other stuff], but you do indeed have to have the script rc.firewall

I keep a file in /etc/rc.d/ called callers.c which describes what script calls what other scripts and in what order, why, why effect it has, etc..  It's a good idea to keep your own notes in a similar manner as you go along.

Tell us more and we'll go from there.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.