May 24th, 2003, 12:36 PM
making your very own linux gateway for a private LAN
yes i know you can do this with windoze conectin sharing, but everyone feels like a challenge every now and then dont they??
how to make yourself a linux gateway for your LAN
a tutorial by MrLeachy for the people here at AntiOnline...
this tutorial assumes some basic knowledge of linux, assumes that you have your linux box at least set up properly and that you have read your documentation for your linux, have your NIC's installed and that you are using a dialup ISP (i havnt done this with broadband but i know RH8 supports PPPoE (ADSL), it also assumes that you are using RH8 or something that behaves similar to RH8 (most redhat versions)...
i worked out how to make this myself from going to tldp.org but i had to work some of this out for myself too and im attempting to simplify most of the mess that you otherwise have to go through to set this up, took me 4 months to sort mine out :-)
ok for starters fire up your linux box and login as root, what you want to do first is set up you rinternal network addresses, you want your linx box (eth0) to have address 192.168.0.1, with subnet 255.255.255.0 and your DNS server set to the one provided by your ISP, they do give these addresses out, trust me here ive got them with no trouble at all :-)
make sure you also configure your windoze (or other linux boxes, sorry havnt tried it with another *nix box, just windoze) to access the 'net through your gateway, so you set your NIC ip addy to be 192.168.0.2 (thats what i use), with the same subnet and set the gateway to be 192.168.0.1 (the linux box),
 also make sure in your windoze settings, to put in the primary and secondary DNS entries, if you have previously connected to the net with your dialup account, you can find these in the /etc/resolv.conf file, the entries will appear as:
you also need to enable IP forwarding on your linux box by changing one of the config files located at /etc/sysconfig/network, you want to change the FORWARD_IPV4 line from false to true so that ip forwarding is enabled, you now want to grab a copy of the rc.firewall script that goes with your kernel version (likely to be 2.4.xx)..
that can be grabbed from here:
its the first one on the page, you'll need to edit it to reflect your system config, things such as your intinf and extinf will need to be changed, you will also need to change where the iptables files are as well for redhat users
for the stronger ruleset, you need to change your /etc/ppp/ip-up script
just type this at the comand line (without the quotes)
"ln -s /etc/rc.d/rc.firewall /etc/ppp/ip-up"
what this does is update the script setting when you get a new external IP, only if your ip is dynamically assigned
after you have got your firewall, copy it to the /etc/rc.d/ folder, then make a reference to your new firewall script in your rc.local file, which is also located in the rc.d folder
echo "Loading the rc.firewall ruleset.. "
edit your rc.local file and add those 2 lines in there somewhere, then reboot and make sure you see 'Loading the rc.firewall ruleset' without any errors so youre sure that the firewall actually loads on startup :-)
now if everything goes smoothly and your system boots without any errors, try and dial into your ISP, this should work and you should get a connection, make sure you have your other box booted up, if you have a firewall on the other boxes, TURN THEM OFF!! this had me stumped for 3 months because of that 1 little thing
now to test and make sure you have connectivity between your 2 boxes with your firewall, ping each box from the other (gateway --> windoze, windoze --> gateway and check each boxes locahost as well ie 127.0.0.1), if those all work you are all set so far, if not check everything to make sure you have got everything all set up properly, if not PM me and i can see if i can sort you out (i cant get at my linux box atm so cant verify that this is all correct but i will ASAP), if this all works, try and ping some outside site on the net from the linux box and the windoze box, if this all works you are all set to network with your gateway
the only reason that i actually did this myself with my own systems is that:
1 - saves phone costs from crashes
2 - can share the connection without having to loan your PC to other people
3 - can install software on windoze and reboot without having to dial again
4 - get to try out a cool new o/s
5 - get bragging rights about having a gateway and knowing how to use linux to all you non-IT friends
any question or queries or things i may have missed, PM me and i'll sort it out, yes i did do a search for tutes like this and didnt find any, if someone has written one before PM me and i'll remove it when the delete threat thing is working again....
May 24th, 2003, 12:50 PM
Some need a beginners guide..
some need a dummies guide
others need an Idiots Guide..
BUT I need a complete Whinduz Moron's guide..
An now to translate.. mate thanks for the extra info, bookmarked for my next *nix install..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
May 25th, 2003, 05:46 PM
I use this script myself, it works very well. You can easily portforward through your gateway to, using that script.
What I dont understand is why you say you have to turn any Firewalls on your win32 machine off?
I use the same script and I am firewalled both on my RH8 Gateway box and my windows box (Sygate) and it works lika a charm.
Other than that, good tutorial, Im looking forward for more
.sig - There never was a .sig?
I own a Schneider EuroPC with MS-Dos 3.3 and it works.