Linux box as router

[Fallen Angel]

Hi guys, could you help me finding a nice text about configuring my Linux box as router and also using NAT on it.

[debian]

www.artc.org/howto/
www.tldp.org/HOWTO/Adv-Routing-HOWTO/
http://www.ibiblio.org/pub/Linux/doc...ing-HOWTO.html
http://jukie.net/~bart/multicast/Lin...MiniHOWTO.html

[Fallen Angel]

Thanks

[azharalibuttar]

Hi,

1) Please configure the Fast Ethernet first like under given;

a) Assign Public IP address to the Fast Ethernet Card with the followings;

i) Eth0

ii) IP Address (61.5.156.1) change with your public IP address

iii) Net Mask (Provided by the Internet service provider) (255.255.255.24 change with your net mask

iv) Default Gateway (61.5.156.146) change with your Default Gateway

v) Preferred DNS (203.143.22.22) change with your preferred DNS

vi) Alt. DNS (203.153.240.10) Change with your alt. DNS

b) Create a virtual IP address on this Fast Ethernet Card

i) Copy and paste the configuration file of the eth0 with a new name eth0:0

c) Assign a private IP Address like you have assigned the other computers in your local area network

i) Eth0:0

ii) IP Address (192.168.1.10)

iii) Net mask (255.255.255.0)

iv) Default Gateway (leave this blank)

2) Creating forwarding rules with iptables:

# Delete and flush. Default table is “filter”. Others like “nat” must be explicitly stated.

3) iptables –flush – Flush all the rules in filter and nat tables

4) iptables –table nat –flush

5) iptables –delete-chain

# Delete all chains that are not in default filter and nat table

6) iptables –table nat –delete-chain

# Set up IP FORWARDing and Masquerading

7) iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE

8 ) iptables –append FORWARD –in-interface eth0 -j ACCEPT

9) echo 1 > /proc/sys/net/ipv4/ip_forward

# Enables packet forwarding by kernel

10) Create a route for internal packets:

11) route add -net 192.168.1.0 netmask 255.255.255.0 gw 61.5.156.146 dev eth0

# Change 61.5.156.146 with your Gateway IP Address

Configuring PCs on the office network:

All PC’s on the private office network should set their “gateway” to be the local private network IP address of the Linux gateway computer. 192.168.1.10 change with your own gateway

The DNS should be set to that of the ISP on the internet.

Or you can configure your own DNS server on this LINUX machine; I will try to explain that in a later post.

Configure the firewall to control the security.

First flush everything and then allow limited ports and IP Addresses

12) iptables -F

13) iptables -A INPUT -i lo -p all -j ACCEPT – Allow self access by loopback interface

14) iptables -A OUTPUT -o lo -p all -j ACCEPT

15) iptables -A INPUT -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT – Accept established connections

16) iptables -A INPUT -p tcp –tcp-option ! 2 -j REJECT –reject-with tcp-reset

17) iptables -A INPUT -p tcp -i eth0 –dport 21 -j ACCEPT – Open ftp port

1 iptables -A INPUT -p udp -i eth0 –dport 21 -j ACCEPT

19) iptables -A INPUT -p tcp -i eth0 –dport 22 -j ACCEPT – Open secure shell port

20) iptables -A INPUT -p udp -i eth0 –dport 22 -j ACCEPT

21) iptables -A INPUT -p tcp -i eth0 –dport 80 -j ACCEPT – Open HTTP port

22) iptables -A INPUT -p udp -i eth0 –dport 80 -j ACCEPT

23) iptables -A INPUT -p tcp –syn -s 192.168.10.0/24 –destination-port 139 -j ACCEPT – Accept local network Samba connection

24) iptables -A INPUT -p tcp –syn -s trancas –destination-port 139 -j ACCEPT

25) iptables -P INPUT DROP – Drop all other connection attempts. Only connections defined above are allowed.

26) alter the Linux kernel config file: /etc/sysctl.conf

Set the following value:

27) net.ipv4.ip_forward = 1

2 Service iptables save

Its a post from itoperationz web site.

Regards,
Azhar Ali