Linux router/firewall box for shared Internet access from 3 separate LANs?

dan.patton · 07-25-2004, 02:12 PM

Hi all,

I'm looking to set up an old box as a router/firewall running Linux in some form. I've looked at Smoothwall but it doesn't seem to do exactly what I want. I want to set up 3 private subnets, all of which will use this box as their gateway for Internet access using NAT, and a basic firewall to prevent uninvited IP traffic entering any of the subnets. So the box will have 4 NICs, with the following IP addresses:

eth0: <public IP> --> Internet (via DSL modem)
eth1: 192.168.1.1 --> subnet #1 (192.168.1.0/24)
eth2: 192.168.2.1 --> subnet #2 (192.168.2.0/24)
eth3: 192.168.3.1 --> subnet #3 (192.168.3.0/24)

However, I don't want any IP traffic at all flowing from one subnet to another (they will be in 3 separate flats in the same building, the occupants of which do not know each other).

Ideally, I'd also like to have a DHCP server running on the box to give out appropriate IP addresses to machines on each subnet.

Smoothwall seems to be geared towards the idea of protecting a single internal LAN (the 'green' interface) from the Internet (the 'red' interface), rather than multiple Internal LANs from the Internet *and* from each other. Does anyone know of a free distro that would allow me to build this sort of setup easily?

Many thanks in advance

newpenguin · 07-25-2004, 02:34 PM

Quote:

Originally posted by dan.patton
Hi all,

I'm looking to set up an old box as a router/firewall running Linux in some form. I've looked at Smoothwall but it doesn't seem to do exactly what I want. I want to set up 3 private subnets, all of which will use this box as their gateway for Internet access using NAT, and a basic firewall to prevent uninvited IP traffic entering any of the subnets. So the box will have 4 NICs, with the following IP addresses:

eth0: <public IP> --> Internet (via DSL modem)
eth1: 192.168.1.1 --> subnet #1 (192.168.1.0/24)
eth2: 192.168.2.1 --> subnet #2 (192.168.2.0/24)
eth3: 192.168.3.1 --> subnet #3 (192.168.3.0/24)

iptables -t nat -A POSTROUTING -i eth1 -s 192.168.1.0/24
-o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -i eth2 -s 192.168.2.0/24
-o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -i eth3 -s 192.168.3.0/24
-o eth0 -j MASQUERADE

Quote:

However, I don't want any IP traffic at all flowing from one subnet to another (they will be in 3 separate flats in the same building, the occupants of which do not know each other).

iptables -A FORWARD -s 192.168.0.0/16 -d 192.168.0.0/16 -j DROP

Quote:

Ideally, I'd also like to have a DHCP server running on the box to give out appropriate IP addresses to machines on each subnet.

read dhcp howto or sample dhcp config files /usr/share/soc

Quote:

Smoothwall seems to be geared towards the idea of protecting a single internal LAN (the 'green' interface) from the Internet (the 'red' interface), rather than multiple Internal LANs from the Internet *and* from each other. Does anyone know of a free distro that would allow me to build this sort of setup easily?

u can use any distribution.

dan.patton · 07-26-2004, 04:34 AM

Many thanks newpenguin - as you can probably tell, I'm rather new to all this 'iptables' stuff...
Cheers,

newpenguin · 07-26-2004, 03:27 PM

if u asking about distribution then simply use slackware.

gabsik · 04-15-2006, 05:37 PM

iptables -t nat -A POSTROUTING -i eth1 -s 192.168.1.0/24
-o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -i eth2 -s 192.168.2.0/24
-o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -i eth3 -s 192.168.3.0/24
-o eth0 -j MASQUERADE

I have done with 1 postrouting on the main "everybody" out eth0 for all subnets .

iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/16 -j MASQUERADE ...

... just opinion !