IP-Masquerade on Sarge with kernel 2.6

palano · 02-05-2005, 09:01 AM

Hi!
I'm a real newbie to linux, so I would really appreciate some help on this one.
I've just installed debian sarge with kernel 2.6 for the third time on the same computer in a month. The reason for this is that I get the IP-table part wrong every time. The computer is supposed to work as a server and a internet gateway.
I've tried to follow the tutorial at http://en.tldp.org/HOWTO/IP-Masquerade-HOWTO/ on howto set up my IP-masquerade but it doesn't cover the 2.6 kernel, and there seem to be a few differences.

To start with I still haven't figured out how to make the configuration of my network cards yet. I (obviously) have two cards in the computer. The one connected to my internet I want to configure with static network options. I even think I have to emulate an other MAC on this one. But for my internal network I want to set up the computer for running a DHCP-server. Where and how do I fix this?

The HOWTO says I should run the command "ls /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/" to se if my kernel uses IPTABLES as modules. If so is the case it should list a few files with names ending with .o In my case they all end with .ko I suppose this is the same thing, right?

The next problem I encounter is that when I shall create a file for the firewall rules i shall put it in /etc/rc.d/ On my system there is no such place. But I've got some rcX.d where X is a number from one to six. Is it in any of these I want my file?

The last thing that I see as a problem right now is that when I've got my firewall rules all right I want it to run every time I reboot. Unfortunatly I don't know in witch file I should add this. In the HOWTO there is examples of howto do this the radhat way and the slackware way. But niether of this seems to be the debian way.

I really hope this wasn't to much at the same time, 'couse I would really like to get this working.
/palano

TigerOC · 02-05-2005, 10:11 AM

As a newbie to Linux I highly recommend MonMotha's firewall/nat script with the detailed howto given here. I have used it for 2 years and it works really well. If you are not conecting a large number of boxes go for static addresses as it will make your life a lot easier.
The basics are that you need to put the first NIC (eth0) on the same subnet as the router if you are using adsl and the gateway is the router address for this box. The 2nd NIC (eth1) needs to be on a different subnet and the boxes behind this will use the the ip address of this card as the gateway. So to summarise the gateway for box 1 is the router ip address and the gateway for boxes behind box 1 is the ip address of eth1 to which they are connected. The configuration of the network in Debian is all contained in /etc/network/interfaces which make the system fairly staright forward.

palano · 02-05-2005, 03:25 PM

I'll look in to that MonMatha script.
Unfortunatly I have equipment in my network that won't work unless I have a DHCP-server so goning static isn't much of an option.
I've got a quite good picture on which networks settings I should use, I was just not sure where to put them.

basileus · 02-06-2005, 02:45 PM

To enable (simple) ip-masquerading install package "ipmasq". Debconf deals with the details. It also creates a firewall with no ports open. I suppose ports can be opened afterwards, although I haven't tried to do it myself.

The .ko -files are used in 2.6 kernels, .o -files in 2.4 kernels. They are effectively the same.

If you want to create a firewall, or any startup script, create it in /etc/init.d/scriptname and use "update-rc.d" to install it. Check man update-rc.d for info on how to do it.

The rcX.d directories contain only links to the init.d directory. The X represents one specific runlevel.

I hope you manage to set up a dhcp-server. I tried it myself today, but (without a good guide) too time consuming, so I quit

.