kpzani

This post is intended to help some of the people on the Chat forums.
To use Linux as a router you need two nics. we will call them ethX and ethN, where X is external and N is internal - yours will be called eth0 and eth1. if you have a PPP connection like ADSL just ignore the bits about ethX.

ethN should be physically cabled into th LAN and have a sensible IP address - off a nonroutable range such as 192.168.10.1 (255.255.255.0). Cable this up and set all other pcs on the lan to have similar ips (192.168.10.2) and the same subnet. Make sure you can ping some other the other computers and they can ping you.

Now ethX is more complicated. Unplug ethN and plug in ethX - this should be cabled into some internet connectivity device. a cable modem or ADSL modem. Unless you have purchased a static IP from your ISP set this device to obtain all its inforation (IP address etc) from DHCP.

Activate the NIC and check that you can surf the net. try pinging www.google.com.
(if you use a ppp connection then check you can dial out and surf the web).

At this point we know that both our nics are fully functional and the two halves of the router work. ie. we can connect to the pcs on the lan - and we can talk to the internet. now to connect these things together.

Now we are going to use firestarter instead of the standard iptables - as its pretty much the same thing and firestarter has a pretty GUI.
Download and install firestarter - http://firestarter.sourceforge.net/

Now you need to disable iptables - in fedora i select system settings \ server settings \ services from the main menu. then remove the tick next to iptables and click save - now it won't run on boot. and with iptables selected click stop - to terminate the daemon.
your distro may have other methods of starting and stopping daemons.

Run firestarter - from command line or from the GUI.
If the wizard hasn't launched then start it.
Follow the wizard through and finish.
1.click forward
2. choose extX or PPP0 click forward
3. Enable NAT - choose extN - auto detect settings click forward
4. the rest of the defaults should be fine.

the firewall should now work. (click start)
using your favourite text editor check that the file /etc/sysctl.conf contains the line
net.ipv4.ip_forward=1 and that it is not commented out. This will activate ip routing - allows data to be sent across your NICs. Most distros seem to have this on by default but just in case....

Now using the service manager (or however you like) set the firestarter daemon to start on boot (Tick it & Save).

And you're done.
Now on each of your other clients set the default gateway address = ip addess of ethN e.g. 192.168.10.1. and set the dns server addresses = the ones from your isp.

Or set dns server address = ethN and install BIND on your system. The default BIND configuration will work out of the box and provides a caching only nameserver setup.

If you have any questions please post them here. But can you make sure that you have tried to isolate the problem and post details of your problem solving quest.

good luck

Kris

__________________
No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

loft306

Hey kpzani ... did anyone ever tell u should write tut's this is the easiest tut that i have ever read thanks for putting it up for all of us.

And i should have the net up in a day or 2.....depending on how long i sleep! (48 hours eyes open... lol what u can do when u have a real chair)
and thnx again for the other thing.

__________________
~Mike ~~~ Forum Rules
Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. ~ Linus Torvalds
http://loft306.org

kpzani

Among other things I'm an IT trainer. so I have some experience of writing help files and manuals.
<JACK type="all trades">kpzani</JACK>

__________________
No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

loft306

That last part resembles me to!

__________________
~Mike ~~~ Forum Rules
Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. ~ Linus Torvalds
http://loft306.org

loft306

Ok i got me a lan and a wan and almost everything pings everything...one lin box dosnt ping the win box....but ill get that.... and i cant ping the wan from the lan yet (xcept the box that is the router ofcourse)my only Q is what machine dose bind get installed on...is it the router or the clients?..... i'm thinking the router...but i'll wait for the ansawer. thnx

__________________
~Mike ~~~ Forum Rules
Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. ~ Linus Torvalds
http://loft306.org

Opnosforatou

Depends I run my BIND on my firewall/router/webserver/DHCP server.

__________________
---[ MS09-99896 - Vulnerability in All MS Windows OS ; Using Windows Could Allow Remote Code Execution. ]---
Hardware: Asus P4P800, 1GB, P4-3Ghz, Asus V9950, Maxtor ATA HD\'s, 3Com GBit lan, Audigy ZS Plat.

loft306

Ok i got bind on the router box but im at a loss on how to config the named.conf...do i just uncomment the first couple of lines it says to uncomment.....and change nothing ...or do i have to put the ip of the internal nic somewhere?

Still looking for a readme.....

• options {
  directory "/var/bind";
  
  // uncomment the following lines to turn on DNS forwarding,
  // and change the forwarind ip address(es) :
  //forward first;
  // forwarders {
  // 123.123.123.123
  // 123,123.123.123;
  // };
  
  listen-on-v6 { none; };
  listen-on { 127.0.0.1; };
  
  // to allow only specific hosts to use the DNS server:
  //allow-query {
  // 127.0.0.1;
  //};
  
  // if you have problems and are behind a firewall:
  //query-source address * port 53;
  pid-file "/var/run/named/named.pid";
  };
  
  zone "." IN {
  type hint;
  file "named.ca";
  };
  
  zone "localhost" IN {
  type master;
  file "pri/localhost.zone";
  allow-update { none; };
  notify no;
  };
  
  zone "127.in-addr.arpa" IN {
  type master;
  file "pri/127.zone";
  allow-update { none; };
  notify no;
  };
  

is the area in red the area that i uncomment and put the lan nic's ip adress? or do i have to change the listen on? ......im just lost!

__________________
~Mike ~~~ Forum Rules
Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. ~ Linus Torvalds
http://loft306.org

kpzani

your bind config should look something like this:
so along with this you will need a valid key file in /etc/rndc.key - DUNNO WHAT THIS DOES

named.custom =

/var/named/lnamed.ca
contains a list of all the root servers you can change this if you like to point to root.hints or whatever it is called in your distro.

/var/named/named.local
/var/named/localhost.zone
If you need help with specific parts of this then post back. for what you're doing you don't need to understand it. so don't worry about it.

__________________
No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

nomar

Just to note:

Only in Redhat/Fedora you need to disable the iptables service.

This service sets some iptable rules (or so I believe) in order to act as a firewall.

If you run another distro, you only need disable any other firewall service that you are already running.

Hope this helps.

Nice how-to otherwise Mr Zani.

__________________
\"One World, One Web, One Program.\" -- Advertisement for Internet Explorer.
\"Ein Volk, Ein Reich, Ein Fuehrer.\" -- Adolf Hitler.

loft306

ok i got the bind con figured on my gentoo box i added the section in to the named.conf


named.conf



and created this file /etc/bind/taz.fwd and placed this in it it is my zone file

taz.fwd



taz being the name of my box/domain and we have a fully functional bind dns server

__________________
~Mike ~~~ Forum Rules
Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. ~ Linus Torvalds
http://loft306.org