im in a good mood so rather than tell u to do a search, i'll give u a howto.
im going to assume your internet connection on eth0 works so im skipping all that:
Step 1. Stetting up eth1
a) Give eth1 and ip address, netmask and bcast address:
Code:
as root:
ifconfig eth1 10.10.10.1 netmask 255.255.255.0 broadcast 10.10.10.255
Step 2. Setting up IP routing
a) turn on IP forwarding
1. turn it on now
Code:
echo "1" > /proc/sys/net/ipv4/ip_forward
2. set it to always be on when u reboot
edit the file /etc/sysctl.conf
change the line that says
#net.ipv4.ip_forward = 0
to
net.ipv4.ip_forward = 1
b) add entry in routing table
route add -net 10.10.10.0 netmask 255.255.255.0 eth1
(this may be optional but it would come in handy if u added more NICs and networks
to your box).
Step 3. Setting up NATing (iptables and such)
i wont go deep into iptables here but you will want to learn them (ASAP!!!)
you should maybe make a script so what i'll do is make this next section
copy and pastable as a script and then i'll tell u what to do with it.
Code:
#!/bin/sh
### VARIABLES(CONSTANTS REALLY) #####
$IPTABLES="/sbin/iptables"
$NET_IFACE="eth0"
$LAN_IFACE="eth1"
$LAN_IP="10.10.10.1"
#NET_IP=" " # FILL THIS IN IF YOU KNOW IT AND SEE the NATing section
$LAN_ALL="10.10.10.0/24" #all computers in 10.10.10.X range behind the router
#### FLUSH TABLES ####
$IPTABLES -F INPUT
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
### POLICY SETTINGS ####
$IPTABLES -P INPUT DROP ## drop all incomming connections
$IPTABLES -P FORWARD DROP ## drop all forwarded packets
$IPTABLES -P OUTPUT ACCEPT ## accept all outgoing
#### INPUT ########
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -s $LAN_ALL -j ACCEPT
#### FORWARDING ######
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -d $LAN_ALL -j ACCEPT
#### NATING #########
$IPTABLES -A POSTROUTING -t nat -s $LAN_ALL -o $NET_IFACE -j MASQUERADE
#### OR IF YOU KNOW YOUR IP for eth0 and IT's PERMANENT USE THE FOLLOWIN BUT UCOMMENT IT AND COMMENT OUT THE ABOVE LINE
#$IPTABLES -A POSTROUTING -t nat -s $LAN_ALL -o $NET_IFACE -j SNAT --to $NET_IP
1. put this in a file called something like rc.firewall
2. edit any IP addresses and such
3. save the file and put it in /etc
4. open up the file /etc/rc.local and add the line:
sh /etc/rc.firewall
5. go ahead and run the script to get the rules going without having to reboot:
sh /etc/rc.firewall
Step 4. Setting up the Windows box (assuming win2k/XP if 98/ME let me know)
1. get to the control panel
in win 2k : Start->Settings->Control Panel
xp : Start->Control Panel (could be different if u have a classic menu setup)
in control panel look for network connections
(in xp u might have to click Network and Internet Connections -> Network Connections)
u should see an icon called Local Area Connection (or something similar).
RIGHT mouse click on it and click Properties at the bottom of the menu
in the scroll list in the middle, scroll down to Internet Protocol- TCP/IP and click on it to highlight it
Click the Properties button located below the scroll box (it becomes enabled when u highlight TCP/IP)
A box opens up:
for IP Address: 10.10.10.2 (2 can be anythign from 2-254, 0 is illegal and .1 is the router)
Netmask 255.255.255.0
Gateway: 10.10.10.1
DNS: you will have to get these from your ISP, one that works tho is 4.2.2.2 but u should really get these from your ISP and hard code those values here.
Close the the properties, close the Network Config box (close everything).
oh, make sure u have connected the linux box to the winbox via a CROSSOVER cable.
test out the connection and it should work.
if u have problems, click on start->run and type cmd
press enter and u will get a command prompt
c:\> ping 10.10.10.1 see if u get replies back
in linux:
#ping 10.10.10.2 (or whatever u set for the windows IP) see if u get replies back
let me know if something goes wrong.
also, there may be typos in this HOWTO so let me know if anythign goes wrong and my iptables rules really arent the best but i think it should be enough to get you going.
you could always try changing the default FORWARD policy to ACCEPT if u can ping but cant get an internet connection.