Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a couple of questions pertaining to Network and Firewall setup.
I'm going to be building a firewall soon and I would like to know how to configure the PC's behind the firewall so they can have internet access (like what IP's to give them etc) I'm pretty new to the whole networking idea (especially with linux). There is one catch though when I return to school in the fall they only assign 2 IP addresses and I have three computers (firewall, laptop and desktop). How do I get around this? I don't have a router to put behind the firewall only a hub. Essentially I want to set my network up like the following (sorry about diagram but spacing doesn't work):
Firewall ----> Hub -----> Desktop, Laptop
Like I mentioned above I don't know how to configure the PC's to get access through the firewall especially since I'm limited with IP addresses. I've heard people mention a "gateway" but I wouldn't know how to set one up. I've also heard of having a firewall / router so I could get more IP's but I don't know how to set that up either. Thanks for the help!
You use IP masquerading to have multiple machines using a single IP address - Linux does it very well. My entire home Network (up to four PCs) all access the net thru a single router with just one WAN-side IP.
Depending on what you want to do with your firewall, a simple one is to use iptables to block ALL incoming traffic other than replies to your outgoing requests - this'll make it impossible for anybody to get access to your machine while still allowing you to chat & browse the web unrestricted.
That would probably be the easiest way to connect more PCs than you have IP numbers, yes.
I don't have my current firewall config available, but a simple & effective ruleset is something like:
Code:
#Set the default policy to "Drop everthing"
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -P OUTPUT DROP
#Allow traffic out & allow replies back in:
iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#Allow your computer to talk to itself:
iptables -A OUTPUT -j ACCEPT -o lo
iptables -A INPUT -j ACCEPT -i lo
You can improve it further to allow only specific traffic out, such as only allowing outbound requests to port 80 so only web traffic is allowed, but this is a good place to begin. . .
For the PC to access internet, you have to configure their:
1/ IP address, say 192.168.0.1, 192.168.0.2...
2/ Netmask, say 255.255.255.0 (every PC/router/firewall on the same network MUST have the same netmask, it's used to know what part of the IP address is used to address the subnet and what part is used to identify each host)
3/ Gateway, the IP address of the network adapter of the firewall that is on the same subnet as the PCs (so NOT the IP given by your provider).
4/ DNS, the IP addresses of nameservers provided to you by your provider (unless you have your own DNS server)
you can easily configure all this by right-clicking on your network adapter icon and select options, or configuration (just don't remember at the moment) under windows... under linux, that will depend on your distro, but this is usually well documented on internet.
that was for the PC. I'll had 2 things to what proposed oneandoneis2 for the firewall config:
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d ! 192.168.0.0/24 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
the first line will configure masquerading, which enables NAT (network address translation) in iptables: every packet coming from your LAN and going to internet will use your public IP address.
the second line enables packet forwarding from an interface to another: if the /proc/sys/net/ipv4/ip_forward file countains 0, then packets cannot be transfered from a network adapter to another.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.