Solved

how to configure Linux as router

Posted on 2013-06-12
13
531 Views
Last Modified: 2013-06-20
I'm trying to set up a linux host as a router. I'm following the instruction at http://www.cyberciti.biz/tips/linux-as-router-for-dsl-t1-line-etc.html which assured me it would be a 2-minute process, but after 2 minutes, I'm stuck. Here's what I did so far, per the instructions:

The setup:

I am running Slackware distro, kernel  2.6.24.5

I currently have two NIC cards in this computer: eth0 is currently connected to a D-Link router (which, in turn, is connected to the ISP's cable modem), and eth1 is currently not connected to anything, but will be the LAN connection.

eth0 is configured in /etc/rc.d/rc.inet1.conf for DHCP.

STEPS SO FAR:

I connected eth0 to the cable mode and reset the NIC:

$ /etc/rc.d.rc.inet1 eth0_restart

That worked fine, eth0 got an IP. Then, I created the file /etc/sysctl.conf and added one line:

 net.ipv4.ip_forward = 1

Then the iptables commands for IP forwarding and Masquerading:

$ iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
$ iptables --append FORWARD --in-interface eth1 -j ACCEPT

Here's where I'm stuck. How to I configure eth1 in /etc/rc.d/rc.inet1.conf? I want to give it a static IP for the LAN, but what do I put in for gateway and DNS? Won't specifying a gateway confuse eth0?

# Config information for eth1:
IPADDR[1]="192.168.0.1"
NETMASK[1]=""
USE_DHCP[1]=""
DHCP_HOSTNAME[1]=""

# Default gateway IP address:
GATEWAY="???"

Do I use /etc/resolv.conf for DNS servers? Start named? Can I somehow specify eth0's IP as the gateway?

I'm CONFUSED!
0
Comment
Question by:jmarkfoley
  • 5
  • 5
  • 2
  • +1
13 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 39243611
Eth0 is the gateway. IP of the dlink.  Make sure you do not double NAT the same segment.
I.e. eth0 must to be on the 192.168.0.0/24
Resolv.conf should point to the DNS server either local if you configure named as a caching server locally.

Post the output of netstat -rn.
Do you have DHCP configured to allocate IPs on the eth1 network?
0
 
LVL 88

Expert Comment

by:rindi
ID: 39243716
Personally I'd recommend using a distro that is built with being a gateway already from the onset. For example Zentyal has this built-in, but also turnkey, ClearOS and others have this function already available. The advantage is that all these distro's have good management tools included which makes configuration very easy and straight forward.

http://distrowatch.com/table.php?distribution=zentyal
0
 
LVL 16

Expert Comment

by:vivigatt
ID: 39244297
Check this (outdated but still very relevant and instructive) article:

https://wiki.archlinux.org/index.php/Router
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 1

Author Comment

by:jmarkfoley
ID: 39246670
I've got it sort-of working -- in fact, I'm using it as my router to post this comment -- but I still have still issues. I had a 2nd NIC that wouldn't play well in the computer (Linksys EtherFast 10/100 LNE100TX). I forget what error I was getting, something about a "tulip". I swapped out the card for one that worked, but then had to remove my /etc/udev/70-persistent-net.rules and reboot because udev was renaming my eth0 to eth2! Sheesh! My problem is some error messages I get when running `dhcpd -d eth0`. First, the messages, then I'll post the config:

When I started dhcpd I got:

Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 0 leases to leases file.
Listening on LPF/eth0/00:50:da:28:3b:06/192.168.0/24
Sending on   LPF/eth0/00:50:da:28:3b:06/192.168.0/24
Sending on   Socket/fallback/fallback-net

I assume these are normal start up messages. I then connected my WIN9 laptop for which I created a DHCP reservation for 192.168.0.102 (I think). When it connected I got:

Dynamic and static leases present for 192.168.0.102.
Remove host delcaration rover or remove 192.168.0.102
from the dynamic address pool for 192.168.0/24
DHCPREQUEST for 192.168.0.102 from 44:1e:a1:c8:e8:9b via eth0
DHCPACK on 192.168.0.102 to 44:1e:a1:c8:e8:9b via eth0
DHCPINFORM from 192.168.0.102 via eth0: not authoritative for subnet 192.168.0.0
If this DHCP server is authoritative for that subnet,
please write an 'authoritative;' directive either in the
subnet declaration or in some scope that encolses the
subnet declaration - for example, write it at the top
of the dhcpd.conf file.
DHCPINFORM from 192.168.0.102 via eth0: not authoritative for subnet 192.168.0.0

Not sure what all this means, but my guess is that I should not designate reserved IPs within my DHCP range (192.168.0.100 - 192.168.0.199). Also, not sure what the 'authoritative;' directive is all about.

Next, I connected my wife's laptop for which I did *NOT* make a reservation. I got:

if PC-de-Daniela.alluneedizluv.local IN A rrset doesn't exist add PC-de-Daniela.alluneedizluv.local 21600 IN A 192.168.0.101: DNS format error.
DHCPREQUEST for 192.168.0.101 from 00:13:77:d6:aa:2a via eth0
DHCPACK on 192.168.0.101 to 00:13:77:d6:aa:2a  (PC-de-Daniela) via eth0
DHCPINFORM from 192.168.0.101 via eth0: not authoritative for subnet 192.168.0.0
DHCPINFORM from 192.168.0.101 via eth0: not authoritative for subnet 192.168.0.0
if PC-de-Daniela.alluneedizluv.local IN A rrset doesn't exist add PC-de-Daniela.alluneedizluv.local 21600 IN A 192.168.0.101: timed out.

The messages DHCPREQUEST, DHCPACK, DHCPINFORM, DHCPINFORM repeat themselves about every half hour (something to do with lease time?). I can't even guess what these messages are about other than something to do with DNS ... which I'm not running. Despite all these messages, both laptops appear to have connected w/o any apparent problem on the laptop end. Nevertheless, I don't want to simply ignore them.

How do I fix these?

Configuration:

/etc/dhcpd.conf:
option domain-name "alluneedizluv.local";

ddns-update-style ad-hoc;

subnet 192.168.0.0 netmask 255.255.255.0 {
    option routers 192.168.0.1;
    range 192.168.0.100 192.168.0.199;
    option domain-name-servers 209.18.47.61, 209.18.47.62;  # from my ISP
}

host rover {
  hardware ethernet 44:1E:A1:C8:E8:9B;
  fixed-address 192.168.0.102;
}

/etc/rc.d/rc.inet1.conf:
# Config information for eth0:
# This is the LAN interface and is the add-in card
IPADDR[0]="192.168.0.1"
NETMASK[0]="255.255.255.0"
USE_DHCP[0]=""
DHCP_HOSTNAME[0]=""

# Config information for eth1:
# This is the Internet interface and is the built-in NIC
IPADDR[1]=""
NETMASK[1]=""
USE_DHCP[1]="yes"
DHCP_HOSTNAME[1]=""
GATEWAY=""

I've specified no default gateway.

/etc/rc.d/rc.firewall:
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT

/etc/resolv.conf:
# Generated by dhcpcd for interface eth1
search columbus.rr.com
nameserver 209.18.47.61
nameserver 209.18.47.62

With the above, do I even need the option domain-name-servers in dhcpd.conf?

arnold, the netstat -rn info:

$ netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
76.181.64.0     0.0.0.0         255.255.224.0   U         0 0          0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         76.181.64.1     0.0.0.0         UG        0 0          0 eth1

Open in new window

vivigatt, I will also check out your link for clues.

So, what am I doing wrong?

Thanks
0
 
LVL 77

Expert Comment

by:arnold
ID: 39247399
The non-authoritative and the timeout deals with the DNS.
You should setup a local caching + authoritative for 0.168.192.in-addr.arpa zone where your DHCP server will register the IPs it allocates. And your internal domain alluneedizluv.local.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39247876
according to my research, the "not authoritative for subnet" can be handled by putting the directive 'authoritative;' at the beginning of my /etc/dhcpd.conf file.

> You should setup a local caching ... for 0.168.192.in-addr.arpa zone

Do you mean running DNS (named) or are you talking about some configuration setting in dhcpd.conf?
0
 
LVL 77

Expert Comment

by:arnold
ID: 39248240
Yes, having bind's named or any other DNS service (tinydns) depending on your comfort level.
0
 
LVL 16

Accepted Solution

by:
vivigatt earned 250 total points
ID: 39248266
DHCPREQUEST, DHCPACK, DHCPINFORM, DHCPINFORM messages are perfectly OK. Actually this is how DHCP works.
If PC-de-Daniela/rover gets the correct IP config, you are all set.
I think that you may have some name conflict. Let me guess.
PC-de-Daniela is a Windows PC that has a Windows name "PC-de-Daniela".
So when sending its DHCP requests, it adds its hostname in the request.
This is not what you have in your dhcps.conf file, but this should not cause any issue

DHCP leases are renewed periodically. Actually, there is a "renewal" dialog that occurs when the leases half expired. You can increase the lease time if you want.
You can add "authoritative" for the subnet if your DHCP is actually the one and only for this subnet.
If you want the DHCP service to update the DNS records, you have to set the correct config. But this requires you to run a local DNS that you have total control off. It may not be actually needed.
If you have a local DNS, you can also configure the clients (PC-de-Daniela) to send DNS update requests when it gets an IP config. Yet, since the DNS addresses you provide are
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39259375
When I put the "authoritative" directive in the dhcpd.conf file I stopped getting the "not authoritative for subnet" messages, and I also stopped getting the "if PC-de-Daniela.alluneedizluv.local IN A rrset doesn't exist ... DNS format error." So, everything seems to be running just fine.

vivigatt: > DHCP leases are renewed periodically. Actually, there is a "renewal" dialog that occurs when the leases half expired. You can increase the lease time if you want.

Maybe this is too big a question for this posting, but what's the difference between max-lease-time and default-lease-time? What are the defaults if not set in dhcpd.conf? If I understand the logfile correctly, leases seem to be updated between 1 and 2 hours. This is a small, local network, so why not set lease times to e.g. a month or so?
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 250 total points
ID: 39259656
Includes a sample configuration as well as comments for some of the fields
http://www.dhcp.net/wordpress/?page_id=7

The short the default lease sets a time frame within which the client must renew the lease at the end of the period if not renewed the lease expires.
Max lease settings deals with whether you want a system to be forced to get a new IP.  This deals with rotating the IPs in use by a system.
The lease time duration deals with DHCP related network traffic.  Set it too low and all your systems will be spending time obtaining/renewing IP leases.  usually 3600 is the minimum duration and two weeks is the maximum.  The draw back deals with once an IP is allocated, it is marked as unavailable by the DHCP for the duration of the lease.  If you have many systems rotating in and out, and you set the lease time to a month, after 254 unique systems rotated in, any new system will not be allocated an IP as there will be no available IPs in the DHCP pool.

In a LAN the lease time should be one day.
a week or two weeks are used often on the ISP provider side for DSL, FIOS, type of connections.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39262832
OK, I think that deals with my general router issues. Thanks. I've changed the default lease time to 1 day, as you suggested. Everything seems to be working just fine on the wired LAN

you wrote:
>The short the default lease sets a time frame within which the client must renew the lease at the end of the period if not renewed the lease expires.

I have a different question on a Linux DHCP *client* in a Windows domain and it seems to have to do with the Linux client not renewing the lease. Check out http://www.experts-exchange.com/Networking/Linux_Networking/Q_28162381.html and see if you can help me on that one.

Also, I don't know if you know anything about wireless, but I've added a wireless card into this mix that I want to be an access point. I've got it semi-configured -- client devices can see the SSID  and can connect -- but no Internet access happening. Check out http://www.experts-exchange.com/Networking/Linux_Networking/Q_28162388.html if this is in your baliwick.
0
 
LVL 77

Expert Comment

by:arnold
ID: 39262953
Regarding the wireless, what IPs are assigning there? If you are assigning the same IP as the wired side your issue would be what IP the wireless niC has as well as what iptables rules are set on the NIC, I.e. does a wireless traffic passes without impediment through the wireless NIC to the outside.

If you are using a different block of IPs, you have to make sure that your iptables NAT rules route traffic correctly between the wireless NIC and the outside.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39263044
I think I may have an issue with the iptables, but I'm no iptables guru so I'm not sure. Check out http://www.experts-exchange.com/Networking/Linux_Networking/Q_28162388.html. All the IP assignment, hostapd, etc. info is listed. I need to get that one fixed asap as I'm being bugged to toss out this linux server idea and by a linksys or something.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question