Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Your config does not look right. You seem to be assigning your router a static IP that overlaps with the DHCP range, which means some machine might be assigned it and you'll have two computers with the same IP (a no-no). Also, you seem to want to give your router an internal IP of 192.168.1.3 but in your DHCP config you tell other machines on the LAN that the router has 192.168.1.2, so they will not get the correct gateway. Finally I'm not sure where 192.168.1.1 is coming in as the gateway for this machine. The default gateway should be your ISP's default gateway, as this is an Internet facing machine.
You should understand DHCP is nothing but configuration helper for boxes on your LAN. Your router has to do NAT to pass internet to LAN, or at least you should run a proxy and DNS cache for this to work. Computers on LAN can be configured manually or using DHCP, it does not matter.
You actually are needing 2 diffrent things here a DHCP client and a DHCP server. The server would be needed to assign your computers on your network addresses and the client would be needed to obtain a net address for your cable modem. Also as mentioned before you would need to do NAT to get internet working on yoru internal computers. Look into iptables to do this pretty simply.
Why are you using the server as a NAT gateway/Firewall ?
...or was it with purpose you use the server as a Firewall ?
Is it not easier and better to buy a simple NAT gateways instead for $40 ? (e.g. Netgear)
What is the reason you have placed the server between Internet and your PC's ?
Or do you only get one dynamic IP-address from your ISP ?
If you don't have a nat router, you will need to configure a host with two nic interfaces. You will need to configure the firewall to masquerade IP addresses for the lan hosts. You will also need to run a dhcp server for the lan. The second NIC IP address will be supplied by the dhcp server as the gateway address of the LAN.
Like a previous poster stated, it would be easier to purchase a cable/dsl NAT router. It would also have a switch for the LAN which would give you better performance than a hub.
Yes, but if your ISP delivery 5 IP-addresses with DHCP (without any extra cost) why are you using a NAT ?
I try to identify the real problem....
May he want to protect his PC with a Firewall ?
Then it's even better to use a real firewall ( not onle a NAT) with e.g. protocol filtering.
/Uffe2
PS
My ISP delivery 5 IP address as default
Quote:
Originally Posted by jschiwal
If you don't have a nat router, you will need to configure a host with two nic interfaces. You will need to configure the firewall to masquerade IP addresses for the lan hosts. You will also need to run a dhcp server for the lan. The second NIC IP address will be supplied by the dhcp server as the gateway address of the LAN.
Like a previous poster stated, it would be easier to purchase a cable/dsl NAT router. It would also have a switch for the LAN which would give you better performance than a hub.
His first post implies a single dynamic IP address. He can post whether that isn't the case.
Also, a cable modem will only connect to a single device with a certain MAC address. If connecting it to another device it needs to be registered with the new device before getting internet access. If he want's do dedicate a host for a firewall rather than using a NAT router that is fine. If he want's to run proxy servers or an HID as well, more power to him.
First off all, let me to be thankful to all who have posted to help me in this journey.
I intent to do with cable modem and 2 nics to have local network and internet. Without more equipment.
But I need to know how to do it, so I will need a step by step or a little patient from someone who could explain to me something related with back posts.
I'm curious about and I probably could make some good questions and others probably not in the mood.
But in the first phase I just need to make connection from cable modem, configure a DHCP server (and probably a client for the internet) to get to go.
Then in the second phase I would like to have a firewall on the local network (with iptables or firestarter whatever the best scheme)and this would be in the same server.
That's the ideia that I have probably with some opinion I could change something but that's what I intented to do for now and to open the knowledge with linux.
If there is some step by step or if someone has the steps to do this (or the order that could be done) it would be a great help.
Sorry, I missed that you only have one public dynamic IP-address !
A solution:
1) Use your server as a NAT gateway.
2) Connect one NIC card to the modem (or Internet)
(defined as the NAT-servers WAN interface)
3) Connect the other NIC card to a switch with serveral Ethernet ports
(defined as the NAT-servers LAN interface)
4) Connect all other PC's to the switch
5) Install a DHCP-server and DHCP-client software on your server
5) The servers WAN interface should be defined as a DHCP-client
(the DHCP client should get one public IP-address
from the ISP with DHCP when the server start up)
6) The server LAN interface should be defined as a DHCP-server
(the DHCP-server on the LAN interface delivery
private IP-addresses to all your PC's)
(=>one unique private IP-address for each PC)
7) Configure the DHCP server (on your servers LAN interface)
7.1 Set a private IP-address of the servers LAN interface
(e.g. 192.168.0.100
7.2 Set a subnet mask (e.g. 255.255.255.0)
7.3 Definde a scope of private IP-address to your servers DHCP-server
(e.g. 192.168.0.10-192.168.0.99).
7.4 Set a default gateway to the LAN interfaces IP-address
(e.g. 192.168.0.100)
1) Use your server as a NAT gateway.Is there a way to define this ?
2) Connect one NIC card to the modem (or Internet)
(defined as the NAT-servers WAN interface) How could be define the NAT-servers as WAN interface ?Is it defined on the /etc/network/interfaces file ?
3) Connect the other NIC card to a switch with serveral Ethernet ports
(defined as the NAT-servers LAN interface) How could be define the NAT-servers LAN interface ? Is it defined on the /etc/network/interfaces file ?
4) Connect all other PC's to the switch Done
5) Install a DHCP-server and DHCP-client software on your server I think I can handle with this.
5) The servers WAN interface should be defined as a DHCP-client
(the DHCP client should get one public IP-address
from the ISP with DHCP when the server start up)So my problems start in here, this is defined on the dhcp or in other local ?
6) The server LAN interface should be defined as a DHCP-server
(the DHCP-server on the LAN interface delivery
private IP-addresses to all your PC's)
(=>one unique private IP-address for each PC)Ok here I think with this I could define where dhcp will work /usr/sbin/dhcp dev ethx (ethx belong to eth to define dhcp)
7) Configure the DHCP server (on your servers LAN interface)I think this is an introduction to the below points
7.1 Set a private IP-address of the servers LAN interface
(e.g. 192.168.0.100)
This could be defined like this auto eth1
iface eth1 inet static
address 192.168.0.101
netmask 255.255.255.0
gateway 192.168.0.100
7.2 Set a subnet mask (e.g. 255.255.255.0) Couldn't this be done in the above point ? if not where I could define it ?
7.3 Definde a scope of private IP-address to your servers DHCP-server
(e.g. 192.168.0.10-192.168.0.99).This could be probably defined on the dhcp (/etc/dhcp.conf) and must start with range 192.168.0.10 192.168.0.99
7.4 Set a default gateway to the LAN interfaces IP-address
(e.g. 192.168.0.100)This probably would be the same has the above point, if not, where it can be defined.
Thanks for your patient and once again thanks a lot
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.