Find the answer to your Linux question:
Results 1 to 4 of 4
Hi guys, could you help me finding a nice text about configuring my Linux box as router and also using NAT on it....
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User
    Join Date
    Oct 2004
    Location
    Serbia&Montenegro
    Posts
    281

    Linux box as router


    Hi guys, could you help me finding a nice text about configuring my Linux box as router and also using NAT on it.
    Linux registered user #358842
    Human knowledge belongs to the world.

  2. #2

  3. #3
    Linux User
    Join Date
    Oct 2004
    Location
    Serbia&Montenegro
    Posts
    281
    Thanks
    Linux registered user #358842
    Human knowledge belongs to the world.

  4. #4
    Just Joined!
    Join Date
    Jul 2009
    Posts
    2

    Linux box as router

    Hi,

    1) Please configure the Fast Ethernet first like under given;

    a) Assign Public IP address to the Fast Ethernet Card with the followings;

    i) Eth0

    ii) IP Address (61.5.156.1) change with your public IP address

    iii) Net Mask (Provided by the Internet service provider) (255.255.255.24 change with your net mask

    iv) Default Gateway (61.5.156.146) change with your Default Gateway

    v) Preferred DNS (203.143.22.22) change with your preferred DNS

    vi) Alt. DNS (203.153.240.10) Change with your alt. DNS

    b) Create a virtual IP address on this Fast Ethernet Card

    i) Copy and paste the configuration file of the eth0 with a new name eth0:0

    c) Assign a private IP Address like you have assigned the other computers in your local area network

    i) Eth0:0

    ii) IP Address (192.168.1.10)

    iii) Net mask (255.255.255.0)

    iv) Default Gateway (leave this blank)

    2) Creating forwarding rules with iptables:

    # Delete and flush. Default table is “filter”. Others like “nat” must be explicitly stated.

    3) iptables –flush – Flush all the rules in filter and nat tables

    4) iptables –table nat –flush

    5) iptables –delete-chain

    # Delete all chains that are not in default filter and nat table

    6) iptables –table nat –delete-chain

    # Set up IP FORWARDing and Masquerading

    7) iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE

    8 ) iptables –append FORWARD –in-interface eth0 -j ACCEPT

    9) echo 1 > /proc/sys/net/ipv4/ip_forward

    # Enables packet forwarding by kernel

    10) Create a route for internal packets:

    11) route add -net 192.168.1.0 netmask 255.255.255.0 gw 61.5.156.146 dev eth0

    # Change 61.5.156.146 with your Gateway IP Address

    Configuring PCs on the office network:

    All PC’s on the private office network should set their “gateway” to be the local private network IP address of the Linux gateway computer. 192.168.1.10 change with your own gateway

    The DNS should be set to that of the ISP on the internet.

    Or you can configure your own DNS server on this LINUX machine; I will try to explain that in a later post.

    Configure the firewall to control the security.

    First flush everything and then allow limited ports and IP Addresses

    12) iptables -F

    13) iptables -A INPUT -i lo -p all -j ACCEPT – Allow self access by loopback interface

    14) iptables -A OUTPUT -o lo -p all -j ACCEPT

    15) iptables -A INPUT -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT – Accept established connections

    16) iptables -A INPUT -p tcp –tcp-option ! 2 -j REJECT –reject-with tcp-reset

    17) iptables -A INPUT -p tcp -i eth0 –dport 21 -j ACCEPT – Open ftp port

    1 iptables -A INPUT -p udp -i eth0 –dport 21 -j ACCEPT

    19) iptables -A INPUT -p tcp -i eth0 –dport 22 -j ACCEPT – Open secure shell port

    20) iptables -A INPUT -p udp -i eth0 –dport 22 -j ACCEPT

    21) iptables -A INPUT -p tcp -i eth0 –dport 80 -j ACCEPT – Open HTTP port

    22) iptables -A INPUT -p udp -i eth0 –dport 80 -j ACCEPT

    23) iptables -A INPUT -p tcp –syn -s 192.168.10.0/24 –destination-port 139 -j ACCEPT – Accept local network Samba connection

    24) iptables -A INPUT -p tcp –syn -s trancas –destination-port 139 -j ACCEPT

    25) iptables -P INPUT DROP – Drop all other connection attempts. Only connections defined above are allowed.

    26) alter the Linux kernel config file: /etc/sysctl.conf

    Set the following value:

    27) net.ipv4.ip_forward = 1

    2 Service iptables save

    Its a post from itoperationz web site.

    Regards,
    Azhar Ali

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •