LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-15-2011, 11:36 AM   #1
gpaxs
LQ Newbie
 
Registered: Jun 2011
Posts: 2

Rep: Reputation: Disabled
How to configure centos 5.4 to work as a router and firewall on its own


Hi,can anyone pls guide me step by step on how to setup centos to act as router and firewall at our office i just installed the os now i dont know where to go from here i have all the isp adresses,dns and gateway any assistance will be greatly appreciated coz am really interested in learning linux thanxs



iused some instructions on this site http://wiki.centos.org/HowTos/Network/IPTables and when i try the /sysctl.config on my terminal now i get the message permission denied

Last edited by gpaxs; 06-16-2011 at 02:55 AM. Reason: am locked out
 
Old 06-15-2011, 11:45 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
There's really very little to it. You turn it into a "router" by going into /etc/sysctl.conf and setting the parameter "net.ipv4.ip_forward = 1" and reboot (you can do it without rebooting, but let's not confuse things).

as for the firewall side, the standard firewall settings live in /etc/sysconfig/iptables. you can edit that file directly or use system-config-firewall

To most people routing also implicitly means natting, so IF that's the case, then you'd need to enable ip masquerading for nat. The best way for you to achieve this is probably to add a few lines that say:

Code:
iptables -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -o eth0 -j MASQUERADE
(which means, in order of commands, traffic about to leave the system that is from the 192.168.122.0/24 subnet that is not going to that subnet and is going out of interface eth0 should be masqueraded to the address of the eth0 interface itself)

updating the subnets and interface appropriately. You can make this permanent by running "service iptables save"

That's really the basics of it. You should be comfortable with what you're doing before it goes into service though, there are so many ways you could possibly be at risk if you don't know what you're doing.

Last edited by acid_kewpie; 06-16-2011 at 01:27 AM.
 
Old 06-15-2011, 08:09 PM   #3
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
Great advice from acid_kewpie as always
I'd just add that you'll probably want to bookmark and read the Admin HOWTO Guide here http://www.linuxtopia.org/online_boo...ion/index.html
 
Old 06-16-2011, 07:20 AM   #4
gpaxs
LQ Newbie
 
Registered: Jun 2011
Posts: 2

Original Poster
Rep: Reputation: Disabled
Thumbs up thank you

Quote:
Originally Posted by acid_kewpie View Post
There's really very little to it. You turn it into a "router" by going into /etc/sysctl.conf and setting the parameter "net.ipv4.ip_forward = 1" and reboot (you can do it without rebooting, but let's not confuse things).

as for the firewall side, the standard firewall settings live in /etc/sysconfig/iptables. you can edit that file directly or use system-config-firewall

To most people routing also implicitly means natting, so IF that's the case, then you'd need to enable ip masquerading for nat. The best way for you to achieve this is probably to add a few lines that say:

Code:
iptables -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -o eth0 -j MASQUERADE
(which means, in order of commands, traffic about to leave the system that is from the 192.168.122.0/24 subnet that is not going to that subnet and is going out of interface eth0 should be masqueraded to the address of the eth0 interface itself)

updating the subnets and interface appropriately. You can make this permanent by running "service iptables save"

That's really the basics of it. You should be comfortable with what you're doing before it goes into service though, there are so many ways you could possibly be at risk if you don't know what you're doing.
well i was used to windows bt itrust i can work with this as well only with guidance am a quick learner i just realised at terminal when i type /etc/sysctl/config it it says access denied i dont know what am doing wrong even after i installed the os afresh. thanks a bunch for your time and please assist me atleast setup this one server.
 
Old 06-16-2011, 09:36 PM   #5
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
You definitely need to read that link I supplied. Also, this is a great tutorial http://rute.2038bug.com/index.html.gz

acid_kewpie said
Code:
/etc/sysctl.conf
but you used
Code:
/etc/sysctl/config
Note the difference. Also, it's a file not a program, so you can't type that as a cmd. It's a file that needs editing.
Also, at this level you'll need to be the root (aka admin) user, not a normal user.
 
Old 06-16-2011, 10:25 PM   #6
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 16,818

Rep: Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408
well the very first thing is to upgrade to THE ONLY SUPPORTED version CentOS 5.6
5.4 will NEVER get updates

hopefully you have let yum auto do this but????
if not
Code:
su -
yum upgrade
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How To Install And Configure Advanced Policy Firewall (APF) On CentOS 5.3 LXer Syndicated Linux News 0 09-18-2009 10:40 AM
any one know how to configure wi-fi in netgear wireless adsl firewall router dg834g? Md.Abul Quashem Linux - Networking 2 11-11-2008 03:01 AM
How to configure Firewall/router without aliasing toraghun Linux - Networking 13 06-27-2006 02:22 AM
Configure rh9 as a firewall and router for my windows webserver iel Linux - Networking 1 03-15-2004 03:07 AM
how to configure a linux firewall behind my cisco router totfc Linux - Security 0 06-02-2002 12:04 AM


All times are GMT -5. The time now is 10:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration