Find the answer to your Linux question:
Page 1 of 4 1 2 3 4 LastLast
Results 1 to 10 of 38
This post is intended to help some of the people on the Chat forums. To use Linux as a router you need two nics. we will call them ethX and ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User
    Join Date
    Jan 2003
    Location
    Cardiff, Wales
    Posts
    478

    Firewall Router Answers


    This post is intended to help some of the people on the Chat forums.
    To use Linux as a router you need two nics. we will call them ethX and ethN, where X is external and N is internal - yours will be called eth0 and eth1. if you have a PPP connection like ADSL just ignore the bits about ethX.

    ethN should be physically cabled into th LAN and have a sensible IP address - off a nonroutable range such as 192.168.10.1 (255.255.255.0). Cable this up and set all other pcs on the lan to have similar ips (192.168.10.2) and the same subnet. Make sure you can ping some other the other computers and they can ping you.

    Now ethX is more complicated. Unplug ethN and plug in ethX - this should be cabled into some internet connectivity device. a cable modem or ADSL modem. Unless you have purchased a static IP from your ISP set this device to obtain all its inforation (IP address etc) from DHCP.

    Activate the NIC and check that you can surf the net. try pinging www.google.com.
    (if you use a ppp connection then check you can dial out and surf the web).

    At this point we know that both our nics are fully functional and the two halves of the router work. ie. we can connect to the pcs on the lan - and we can talk to the internet. now to connect these things together.

    Now we are going to use firestarter instead of the standard iptables - as its pretty much the same thing and firestarter has a pretty GUI.
    Download and install firestarter - http://firestarter.sourceforge.net/

    Now you need to disable iptables - in fedora i select system settings \ server settings \ services from the main menu. then remove the tick next to iptables and click save - now it won't run on boot. and with iptables selected click stop - to terminate the daemon.
    your distro may have other methods of starting and stopping daemons.

    Run firestarter - from command line or from the GUI.
    If the wizard hasn't launched then start it.
    Follow the wizard through and finish.
    1.click forward
    2. choose extX or PPP0 click forward
    3. Enable NAT - choose extN - auto detect settings click forward
    4. the rest of the defaults should be fine.

    the firewall should now work. (click start)
    using your favourite text editor check that the file /etc/sysctl.conf contains the line
    net.ipv4.ip_forward=1 and that it is not commented out. This will activate ip routing - allows data to be sent across your NICs. Most distros seem to have this on by default but just in case....

    Now using the service manager (or however you like) set the firestarter daemon to start on boot (Tick it & Save).

    And you're done.
    Now on each of your other clients set the default gateway address = ip addess of ethN e.g. 192.168.10.1. and set the dns server addresses = the ones from your isp.

    Or set dns server address = ethN and install BIND on your system. The default BIND configuration will work out of the box and provides a caching only nameserver setup.

    If you have any questions please post them here. But can you make sure that you have tried to isolate the problem and post details of your problem solving quest.

    good luck

    Kris
    No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

  2. #2
    Linux Guru loft306's Avatar
    Join Date
    Oct 2003
    Location
    The DairyLand
    Posts
    1,666
    Hey kpzani ... did anyone ever tell u should write tut's this is the easiest tut that i have ever read thanks for putting it up for all of us.

    And i should have the net up in a day or 2.....depending on how long i sleep! (48 hours eyes open... lol what u can do when u have a real chair)
    and thnx again for the other thing.
    ~Mike ~~~ Forum Rules
    Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. ~ Linus Torvalds
    http://loft306.org

  3. #3
    Linux User
    Join Date
    Jan 2003
    Location
    Cardiff, Wales
    Posts
    478

    IT trainer

    Among other things I'm an IT trainer. so I have some experience of writing help files and manuals.
    <JACK type="all trades">kpzani</JACK>
    No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

  4. #4
    Linux Guru loft306's Avatar
    Join Date
    Oct 2003
    Location
    The DairyLand
    Posts
    1,666

    Re: IT trainer

    <JACK type="all trades">kpzani</JACK>
    That last part resembles me to!
    ~Mike ~~~ Forum Rules
    Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. ~ Linus Torvalds
    http://loft306.org

  5. #5
    Linux Guru loft306's Avatar
    Join Date
    Oct 2003
    Location
    The DairyLand
    Posts
    1,666
    Ok i got me a lan and a wan and almost everything pings everything...one lin box dosnt ping the win box....but ill get that.... and i cant ping the wan from the lan yet (xcept the box that is the router ofcourse)my only Q is what machine dose bind get installed on...is it the router or the clients?..... i'm thinking the router...but i'll wait for the ansawer. thnx
    ~Mike ~~~ Forum Rules
    Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. ~ Linus Torvalds
    http://loft306.org

  6. #6
    Linux Enthusiast Opnosforatou's Avatar
    Join Date
    Dec 2003
    Location
    Vleuten, The Netherlands
    Posts
    552
    Depends I run my BIND on my firewall/router/webserver/DHCP server.
    ---[ MS09-99896 - Vulnerability in All MS Windows OS ; Using Windows Could Allow Remote Code Execution. ]---
    Hardware: Asus P4P800, 1GB, P4-3Ghz, Asus V9950, Maxtor ATA HD\'s, 3Com GBit lan, Audigy ZS Plat.

  7. #7
    Linux Guru loft306's Avatar
    Join Date
    Oct 2003
    Location
    The DairyLand
    Posts
    1,666
    Ok i got bind on the router box but im at a loss on how to config the named.conf...do i just uncomment the first couple of lines it says to uncomment.....and change nothing ...or do i have to put the ip of the internal nic somewhere?

    Still looking for a readme.....
    • options {
      directory "/var/bind";

      // uncomment the following lines to turn on DNS forwarding,
      // and change the forwarind ip address(es) :
      //forward first;
      // forwarders {
      // 123.123.123.123
      // 123,123.123.123;
      // };


      listen-on-v6 { none; };
      listen-on { 127.0.0.1; };

      // to allow only specific hosts to use the DNS server:
      //allow-query {
      // 127.0.0.1;
      //};

      // if you have problems and are behind a firewall:
      //query-source address * port 53;
      pid-file "/var/run/named/named.pid";
      };

      zone "." IN {
      type hint;
      file "named.ca";
      };

      zone "localhost" IN {
      type master;
      file "pri/localhost.zone";
      allow-update { none; };
      notify no;
      };

      zone "127.in-addr.arpa" IN {
      type master;
      file "pri/127.zone";
      allow-update { none; };
      notify no;
      };


    is the area in red the area that i uncomment and put the lan nic's ip adress? or do i have to change the listen on? ......im just lost!
    ~Mike ~~~ Forum Rules
    Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. ~ Linus Torvalds
    http://loft306.org

  8. #8
    Linux User
    Join Date
    Jan 2003
    Location
    Cardiff, Wales
    Posts
    478

    answers

    your bind config should look something like this:
    Code:
    // generated by named-bootconf.pl
    
    options &#123;
    	directory "/var/named";
    &#125;;
    
    controls &#123;
    	inet 127.0.0.1 allow &#123; localhost; &#125; keys &#123; rndckey; &#125;;
    &#125;;
    
    zone "." IN &#123;
    	type hint;
    	file "named.ca";
    &#125;;
    
    zone "localhost" IN &#123;
    	type master;
    	file "localhost.zone";
    	allow-update &#123; none; &#125;;
    &#125;;
    
    zone "0.0.127.in-addr.arpa" IN &#123;
    	type master;
    	file "named.local";
    	allow-update &#123; none; &#125;;
    &#125;;
    
    include "/etc/rndc.key";
    so along with this you will need a valid key file in /etc/rndc.key - DUNNO WHAT THIS DOES

    named.custom =

    Code:
    zone  "." &#123; 
    	type hint; 
    	file  "named.ca";
    &#125;;
    
    options &#123;
            directory "/var/named/";
    &#125;;
    /var/named/lnamed.ca
    contains a list of all the root servers you can change this if you like to point to root.hints or whatever it is called in your distro.

    /var/named/named.local
    Code:
     $TTL	86400
    @       IN      SOA     localhost. root.localhost.  &#40;
                                          1997022700 ; Serial
                                          28800      ; Refresh
                                          14400      ; Retry
                                          3600000    ; Expire
                                          86400 &#41;    ; Minimum
                  IN      NS      localhost.
    
    1       IN      PTR     localhost.
    /var/named/localhost.zone
    Code:
     $TTL	86400
    $ORIGIN localhost.
    @			1D IN SOA	@ root &#40;
    					42		; serial &#40;d. adams&#41;
    					3H		; refresh
    					15M		; retry
    					1W		; expiry
    					1D &#41;		; minimum
    
    			1D IN NS	@
    			1D IN A		127.0.0.1
    If you need help with specific parts of this then post back. for what you're doing you don't need to understand it. so don't worry about it.
    No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

  9. #9
    Linux Newbie
    Join Date
    Apr 2003
    Location
    Pontypridd, Wales
    Posts
    104
    Just to note:

    Only in Redhat/Fedora you need to disable the iptables service.

    This service sets some iptable rules (or so I believe) in order to act as a firewall.

    If you run another distro, you only need disable any other firewall service that you are already running.

    Hope this helps.

    Nice how-to otherwise Mr Zani.
    \"One World, One Web, One Program.\" -- Advertisement for Internet Explorer.
    \"Ein Volk, Ein Reich, Ein Fuehrer.\" -- Adolf Hitler.

  10. #10
    Linux Guru loft306's Avatar
    Join Date
    Oct 2003
    Location
    The DairyLand
    Posts
    1,666
    ok i got the bind con figured on my gentoo box i added the section in to the named.conf
    Code:
    zone "taz" &#123;                             
    type master;
    file "/etc/bind/taz.fwd";
    &#125;;


    named.conf


    Code:
     tions &#123;
            directory "/var/bind";
    
            // uncomment the following lines to turn on DNS forwarding,
            // and change the forwarind ip address&#40;es&#41; &#58;
            //forward first;
             //forwarders &#123;
            //        192.168.10.1
            //      123.123.123.123;
            //&#125;;
    
            listen-on-v6 &#123; none; &#125;;
            //listen-on &#123; 127.0.0.1; &#125;;                   ##<--And i commented this out and the server worked 
    
            // to allow only specific hosts to use the DNS server&#58;
            //allow-query &#123;
            //      127.0.0.1;
            //&#125;;
    
            // if you have problems and are behind a firewall&#58;
            query-source address * port 53;
            pid-file "/var/run/named/named.pid";
    &#125;;
    
    
    zone "." IN &#123;
            type hint;
            file "named.ca";
    &#125;;
    
    zone "localhost" IN &#123;
            type master;
            file "pri/localhost.zone";
            allow-update &#123; none; &#125;;
            notify no;
    &#125;;
    
    zone "127.in-addr.arpa" IN &#123;
            type master;
            file "pri/127.zone";
            allow-update &#123; none; &#125;;
            notify no;
    &#125;;
    
    zone "taz" &#123;                             
    type master;
    file "/etc/bind/taz.fwd";
    &#125;;

    and created this file /etc/bind/taz.fwd and placed this in it it is my zone file

    taz.fwd



    Code:
    $ttl 38400
    taz. IN SOA ns.taz. karrot-x.karrot-x.net &#40;
    2003120301
    10800
    3600
    604800
    38400 &#41;
    taz. IN NS ns.taz.
    ns.taz. IN A 192.168.10.1
    taz. IN A 10.10.10.42
    ping.taz. IN A 10.10.10.42
    pong.taz. IN A 10.10.10.41
    www.taz. IN A 192.168.10.1
    ftp.taz. IN A 192.168.10.1
    taz being the name of my box/domain and we have a fully functional bind dns server
    ~Mike ~~~ Forum Rules
    Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. ~ Linus Torvalds
    http://loft306.org

Page 1 of 4 1 2 3 4 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •