LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-22-2008, 09:37 AM   #1
bdutta
LQ Newbie
 
Registered: Aug 2008
Posts: 8

Rep: Reputation: 0
Need advice on Network setup, for a small SOHO type setup


Hi,

I'd like to achieve the following type of setup:

ISP(ADSL router)----eth0[GatewayBox]eth1----[Switch]

...[Switch]
/|\
[PC1] [PC2] [PC3]

*) ISP doesn't give be static-IP, but only dynamic-IP.

I've 4 Linux boxes here.
1) GatewayBox (running CentOS4.6),
eth0: gets DHCP IP from ISP
eth1: IP=192.168.10.1 (statically configured)
2) PC1 [running CentOS4.6], IP=192.168.10.11
3) PC2 [running CentOS4.4], IP=192.168.10.12
4) PC3 [running CentOS4.6], IP=192.168.10.13

I want to achieve the following:
a) Enable DynamicDNS (dynDNS based) for the GatewayBox, s.t. I can reach it from anywhere in the internet.
b) Use "ssh" to get to PC1,PC2,PC3 via GatewayBox from anywhere in the internet.
c) Reach external HTTP/HTTPS site from PC1,PC2,PC3 -- however, this is only desirable, not a must have. Must-have are (a) & (b).

I guess, I need to setup a Gateway with port-forwarding, using "iptables", however, dunno how to proceed ! The Netfilter and "iptables" documentation seems a bit daunting, and most examples are for "Firewall" type application only.

Since, my ADSL router itself has an inbuilt Firewall, so I don't need to enable Firewall feature on the GatewayBox.

Need help/advice in achieving the above.

thanks & regards,
bani

PS> Actually, I also want to replicate the exact same setup also inside a corporate setup, s.t. the ISP-router is to be replaced by a DHCP based connection on corporate LAN... and it's already secure.

Last edited by bdutta; 08-22-2008 at 09:40 AM.
 
Old 08-22-2008, 11:25 AM   #2
David1357
Senior Member
 
Registered: Aug 2007
Location: South Carolina, U.S.A.
Distribution: Ubuntu, Fedora Core, Red Hat, SUSE, Gentoo, DSL, coLinux, uClinux
Posts: 1,300
Blog Entries: 1

Rep: Reputation: 107Reputation: 107
Quote:
Originally Posted by bdutta View Post
I guess, I need to setup a Gateway with port-forwarding, using "iptables", however, dunno how to proceed ! The Netfilter and "iptables" documentation seems a bit daunting, and most examples are for "Firewall" type application only.
Here is a link to a HOWTO on using netfilter to create a gateway:
http://www.yolinux.com/TUTORIALS/Lin...rkGateway.html
 
Old 08-22-2008, 11:40 AM   #3
bdutta
LQ Newbie
 
Registered: Aug 2008
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by David1357 View Post
Here is a link to a HOWTO on using netfilter to create a gateway:
http://www.yolinux.com/TUTORIALS/Lin...rkGateway.html
Thanks for the link, David.

I did go through that link, but the part where I got stuck was, how do I do the gateway config, if eth0 doesn't have a static IP, but only one given by DHCP !
 
Old 08-22-2008, 12:13 PM   #4
David1357
Senior Member
 
Registered: Aug 2007
Location: South Carolina, U.S.A.
Distribution: Ubuntu, Fedora Core, Red Hat, SUSE, Gentoo, DSL, coLinux, uClinux
Posts: 1,300
Blog Entries: 1

Rep: Reputation: 107Reputation: 107
Quote:
Originally Posted by bdutta View Post
Thanks for the link, David.
Anytime.
Quote:
Originally Posted by bdutta View Post
I did go through that link, but the part where I got stuck was, how do I do the gateway config, if eth0 doesn't have a static IP, but only one given by DHCP !
I reckon you need a bit of scripting to parse the IP address out of the result of "ifconfig eth0" and use it to re-create your iptables definitions.

This will strip out the IP address of eth0:
Code:
ifconfig eth0 | grep "inet addr" | cut -d ':' -f 2 | cut -d ' ' -f 1
You could use it in your ipchains setup like this:
Code:
#!/bin/sh
GATEWAY=$(ifconfig eth0 | grep "inet addr" | cut -d ':' -f 2 | cut -d ' ' -f 1)
ipchains -F forward                                - Flush rules
ipchains -P forward DENY                           - Default set to deny packet forwarding
ipchains -A forward -s $GATEWAY/24 -j MASQ     - Use IP address of gateway for private network
ipchains -A forward -i eth1 -j MASQ                - Sets up external internet connection
echo 1 > /proc/sys/net/ipv4/ip_forward
This assumes you need to use ipchains. If you can use iptables, it is a non-issue.

Last edited by David1357; 08-22-2008 at 12:20 PM. Reason: Added sample command for stripping out IP address
 
Old 08-23-2008, 06:26 AM   #5
bdutta
LQ Newbie
 
Registered: Aug 2008
Posts: 8

Original Poster
Rep: Reputation: 0
Thanks again, David. This is really helpful information.

Quote:
Originally Posted by David1357 View Post
This will strip out the IP address of eth0:
Code:
ifconfig eth0 | grep "inet addr" | cut -d ':' -f 2 | cut -d ' ' -f 1
My ISP uses a 12 hours DHCP lease refresh. While most of the time, I've seen that the lease extends, but sometimes, I've seen that the IP-address also changes for the new lease. I believe, the above snippet put in a script will then have to be wrapped into some kind of a cronjob run, periodically, checking change in IP-address as well, right ?

If so, this solution is fine, i.e. better than no solution, but I was hoping to find something which is a bit more seamless.

Quote:
Originally Posted by David1357 View Post
...
This assumes you need to use ipchains. If you can use iptables, it is a non-issue.
I use iptables, but I think I'd be able to convert it.

regards,
Banibrata

Last edited by bdutta; 08-23-2008 at 06:26 AM. Reason: corrected typo
 
Old 08-23-2008, 06:52 AM   #6
pinniped
Senior Member
 
Registered: May 2008
Location: planet earth
Distribution: Debian
Posts: 1,732

Rep: Reputation: 50
Maybe you could use the (already numerous and complicated) dhcp-options?

man dhcp-options
 
Old 08-24-2008, 12:24 AM   #7
bdutta
LQ Newbie
 
Registered: Aug 2008
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by pinniped View Post
Maybe you could use the (already numerous and complicated) dhcp-options?

man dhcp-options
Thanks for the tip, shall check it out.
 
Old 08-25-2008, 07:41 AM   #8
David1357
Senior Member
 
Registered: Aug 2007
Location: South Carolina, U.S.A.
Distribution: Ubuntu, Fedora Core, Red Hat, SUSE, Gentoo, DSL, coLinux, uClinux
Posts: 1,300
Blog Entries: 1

Rep: Reputation: 107Reputation: 107
Quote:
Originally Posted by bdutta View Post
If so, this solution is fine, i.e. better than no solution, but I was hoping to find something which is a bit more seamless.
Once I get a cron job set up, they appear seamless to me. I usually put some logging in the script that gets run so I can verify that the cron job ran at the scheduled time. Once I know it is working, I usually forget all about it.

I used a cron job to keep the wireless USB adapter connected to my MythTV box up and running by pinging the gateway once per minute. It ran for months without any problems. Then my wife switched to DirecTV and a DVR. Now the MythTV box is mothballed. MythTV got the last laugh, though: My wife says the DVR is harder to use and it definitely doesn't store as many "Murder, She Wrote" episodes.
 
Old 08-25-2008, 11:11 PM   #9
bdutta
LQ Newbie
 
Registered: Aug 2008
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by David1357 View Post
Once I get a cron job set up, they appear seamless to me. I usually put some logging in the script that gets run so I can verify that the cron job ran at the scheduled time. Once I know it is working, I usually forget all about it.

I used a cron job to keep the wireless USB adapter connected to my MythTV box up and running by pinging the gateway once per minute. It ran for months without any problems. Then my wife switched to DirecTV and a DVR. Now the MythTV box is mothballed. MythTV got the last laugh, though: My wife says the DVR is harder to use and it definitely doesn't store as many "Murder, She Wrote" episodes.
I did check out 'dhcp-options' and _boy_ are they many ! While it might have the more elegant solution, however - for the moment, I'd stick with the much more "quick yet functional" solution you proposed David.

Thanks to all who reponded on this thread.

cheers,
Banibrata
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Small network setup gneeot Linux - Networking 6 02-28-2006 05:32 PM
Advice needed for network setup. neocookie Linux - Networking 1 05-16-2005 04:49 AM
Network Setup Advice jayptr Linux - Networking 3 03-16-2004 11:21 AM
Trying to setup remote logins on small network armedguard Linux - Networking 13 12-11-2003 10:26 AM
Small network setup. HELP..... zaldyd Linux - Networking 0 07-15-2003 12:44 AM


All times are GMT -5. The time now is 07:20 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration