LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 07-03-2004, 02:45 PM   #1
bmfmyth
Member
 
Registered: Jul 2004
Location: Upper Michigan
Distribution: RedHat 9
Posts: 31

Rep: Reputation: 15
Setting up Router/Default Gateway with Redhat 9.0 Tutorial


By: Brant Freidank (darkmyth at [H]ardForum) ( myth + admin at http://darkmyth.proboards27.com) (bmfmyth at linuxquestions.org)

First off you need to download these things

Redhat 9.0 distro disks one two and three:
http://linuxiso.org/distro.php?distro=7

You then need to burn these disks as an image. I use Nero 6.0 to do this. You can find a demo of Nero 6.0 at nero’s web-site.
http://www.nero.com/us/nero6-ultraedition.php

Nano- (editor program for text documents)
http://www.nano-editor.org/dist/v1.2...2.3-1.i386.rpm

Firestarter- (Easy setup firewall and NAT setup.)
http://prdownloads.sourceforge.net/f...6.rpm?download

Then select a mirror from that page that’s closest to you.

Dhp-3.0pl2 this is the dhcp server that you will config to give out ip’s to your lan network.
http://www.binarycode.org/isc/dhcp/dhcp-3.0pl2.tar.gz


During setup you’ll need to set eth0 as assign by dhcp and start at startup but eth1 you’ll just click start at startup. You then go down to the manual setting for the nic card setup as 10.0.0.1 netmask will be set when you hit enter to go down to the next line. Then put default the gateway as 10.0.0.1 and leave dns and everything below that blank.

Once you are done installing redhat 9.0 on your machine you must install the various programs above and create some files.

First you must install nano by doing this in a terminal

rpm –i nano-1.2.3-1.i386.rpm

Nano is then installed.

Then you must untar dhcp by doing this in a terminal

tar xzvf dhcp-3.0pl2.tar.gz

then cd into dhcp-3.0pl2 directory that is created

type in ./configure
then make
then make install
you now need to get out of the dhcp-3.0pl2 directory by typing this

cd ..

now you should be in a prompt with

root@localhost root#

Now you need to make a few files. You do this by the touch command in your terminal.

touch /etc/dhcpd.conf

you then need to make a directory. You do this by using the mkdir command in your terminal

mkdir /var/state/dhcp

you then make a text file in this directory while still in root

touch /var/state/dhcp/dhcpd.leases

Now you must configure your /etc/dhcpd.conf file.
You do this by using nano.

nano /etc/dhcpd.conf

when you are done editing the file press ctrl + x in order to exit and press y to save changes to the file

An example of the my /etc/dhcpd.conf file would be this. (My network is a class A network.)

#/etc/dhcpd.conf
ddns-update-style interim;

subnet 10.0.0.0 netmask 255.255.0.0 {
default-lease-time 63000;
max-lease-time 72000;
option routers 10.0.0.1;
option subnet-mask 255.255.0.0;
option domain-name-servers this is provided by your isp if there are more than one dns server separate by a comma;
range 10.0.0.2 10.0.0.253;
}







You now need to make the file /etc/sysconfig/iptables

You again use the touch command to do this.

touch /etc/sysconfig/iptables

once you have created this file you need to go into it and place your iptables rules.

Again nano into the file and enter the following data by using this command

nano /etc/sysconfig/iptables

when you are done editing the file press ctrl + x in order to exit and press y to save changes to the file

An example of my file is:

# iptables - configuration files for iptables in Red Hat Linux 8.0
#
# This is appropriate for protecting a single workstation.
#
# The script could be a lot more rigorous, e.g., only allow
# selected outbound ports, rather than allowing all outbound
# traffic, use REJECT rather than DROP, etc. However, the
# goal of this script was to provide some protection for ports
# while minimizing the number of checks made on each packet.
#
# This file should be owned by user root, group root.
# The permissions on this file should be set to 600.
#
# Edit lines as necessary, then uncomment (remove hash mark) the
# lines you wish to use.
#
# Although every precaution has been taken in the preparation of this
# file, the author assumes no responsibility for errors or omissions.
# Neither is any liability assumed for damages resulting from the use of
# the information contained herein.
#
# m-woo@uiuc.edu 9 Jan 2003
#
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]

## Drop all incoming fragments
-A INPUT -i eth0 -f -j DROP

## Drop outside packets with localhost address - anti-spoofing measure
-A INPUT -s 10.0.0.1/255.0.0.0 -i ! lo -j DROP

## Pass all locally-originating packets
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

## Accept ICMP ping echo request packets
## (this allows other people to ping your machine, among other things),
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

## Accept all traffic from a specific machine with IP x.x.x.x
## replace x.x.x.x with the desired IP, then uncomment the line.
-A INPUT -p tcp -m tcp --syn -s 10.0.0.0 -j ACCEPT

## Accept traffic on port p from a specific machine with IP x.x.x.x
## replace p with the desired port number, and replace x.x.x.x with
## the desired IP, then uncomment the line.
-A INPUT -p tcp -m tcp --syn -s 10.0.0.1 --dport 80 -j ACCEPT

## Accept all inbound ssh traffic
#-A INPUT -p tcp -m tcp --syn --dport 22 -j ACCEPT

## Accept all inbound identd
#-A INPUT -p tcp -m tcp --syn --dport 113 -j ACCEPT
## or you can reject and send back a TCP RST packet instead
#-A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset

## Allow all sendmail SMTP traffic
#-A INPUT -p tcp -m tcp --syn --dport 25 -j ACCEPT

## Allow all sendmail MSA traffic
#-A INPUT -p tcp -m tcp --syn --dport 587 -j ACCEPT

## Allow all web server access (port 80)
-A INPUT -p tcp -m tcp --syn --dport 80 -j ACCEPT

## Allow all secure web server access (port 443)
-A INPUT -p tcp -m tcp --syn --dport 443 -j ACCEPT

## Allow inbound established and related outside communication
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

## Drop outside initiated connections
-A INPUT -m state --state NEW -j REJECT

## Allow all outbound tcp, udp, icmp traffic with state
-A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p udp -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
COMMIT

You also need to add the line

echo 1 > /proc/sys/net/ipv4/ip_forward

to your /etc/rc.d/rc.local file

also hit enter twice after the above line and put

dhcpd

This will automatically start your dhcpd server for you on startup of your machine.

Now you need to install firestarter.

You do this using the rpm command

rpm –i firestarter-0.9.2-3.i386.rpm

Now go into your terminal and run the firestarter setup by typing firestarter and hitting enter.

Setup Guide:
1. A gui setup should pop up.
2. Click Forward
3. There should be two nics detected eth0 and eth1
4. Unclick start at dial out
5. But put a check in IP address assigned via DHCP
6. Then click forward
7. On the next screen click Enable Network Address Translation
8. Then set your internal device as eth1
9. Then click Specify internal network IP range manually
10. Internal network address range 10.0.0.1/8
11. Now click forward
12. Click Enable Public access to the following services:
13. Put a check in www, dns, dhcp, ftp, SSL web, Xwindows, NTP, and POP
14. Now click forward
15. On the next screen click Enable ToS filtering related to the following packets
16. Check everything on the left and then check throughput on the right
17. Now click forward
18. On the next screen click Enable ICMP filtering related to the following packets:
19. Check Echo, Traceroute, MS Traceroute, address masking, and Redirection
20. Now click forward
21. And click save
22. Once you save it and firestarter starts up go into the tab that says Rules.
23. Go to Open ports and double click. Add the ports 80, and 53
24. You can add more ports as you need later on by doing the same thing.

Now reboot your machine by going to your terminal and typing shutdown –r now

Once it reboots log in as root and then go to the redhat toolbar and click the redhat icon go up till you have your mouse over run program. A box will pop up and you need to type in firestarter to run the firestarter program.

Congratulations you have now setup a default gateway and router for your home network. The nic you setup as eth0 will have a strait through cat5 cable going from your cable modem to that nic card. You then Have a crossover cable going from your eth1 card to either your switch if you want to connect more than one computer or directly to the back of your computer if you want to just have one client for the time being, or for just testing purposes.





Comment:

Brant Freidank – Use this and distribute this tutorial to anyone you see fit. You can modify this tutorial to your needs if you wish. But please give credit where it is due for the tutorial.
 
Old 07-05-2004, 04:41 PM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
We would like to invite you to submit this to the LQ Wiki or the LQ Answers sections so that it remains in a prominent place..
 
Old 07-05-2004, 06:12 PM   #3
bmfmyth
Member
 
Registered: Jul 2004
Location: Upper Michigan
Distribution: RedHat 9
Posts: 31

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by peter_robb
We would like to invite you to submit this to the LQ Wiki or the LQ Answers sections so that it remains in a prominent place..

either would be fine. The one that is more frequented would be the best, so that it can be the most helpful. Do I need to post it into this area or will you move it?
 
Old 08-31-2004, 04:47 PM   #4
bmfmyth
Member
 
Registered: Jul 2004
Location: Upper Michigan
Distribution: RedHat 9
Posts: 31

Original Poster
Rep: Reputation: 15
sorry, I'll post it
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Some questions on Setting up a Router/Gateway Riddick Linux - Networking 2 09-27-2005 06:24 PM
Setting the default gateway permanently hcclnoodles Linux - Newbie 5 09-26-2005 05:15 AM
dhclient not setting default gateway - no WAN route kadissie Linux - Networking 2 03-10-2005 05:55 AM
setting my router as the default gateway TheOneAndOnlySM Linux - Networking 10 03-27-2004 07:12 PM
Setting default gateway from CLI? Pcghost Linux - Networking 1 03-20-2003 11:38 AM


All times are GMT -5. The time now is 12:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration