LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-28-2009, 05:57 AM   #1
TheSharkBait
LQ Newbie
 
Registered: Jan 2009
Posts: 6

Rep: Reputation: 0
Setting up a home gateway


For some time ive been interested in setting up my own gateway on the network but have had trouble trying to find adiquite information on doing so. Im currently using a dlink dsl-G604T, this is acting as my modem / router. I want to scrap the DLINK router/modem and incorperate my own gateway.

My connection type is PPPoA and im having trouble trying to wrap my head around this whole subject. Any simple iptables rule sets that will allow the flow of traffic through a box i have chosen to get me started would be a great help, or a point in the right direction of getting a gateway using PPPoA up and running

Thank you,

TheSharkBait.
 
Old 01-28-2009, 06:07 AM   #2
Agrouf
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: LFS
Posts: 1,591

Rep: Reputation: 79
You need a modem to do ATM and therefore PPPoA

Last edited by Agrouf; 01-28-2009 at 06:10 AM.
 
Old 01-28-2009, 06:34 AM   #3
TheSharkBait
LQ Newbie
 
Registered: Jan 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Ok, i will keep the dlink and have it forward all its traffic through the gateway / vise versa. Could you please elaborate abit more on the path i will need to follow on setting up this gateway.

Thank you
 
Old 01-28-2009, 06:41 AM   #4
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
What kinda gateway do you want to setup? Do you want it to work as a firewall? Or just something like proxy to share the internet?
Setting up a squid proxy seems a good option though. It works great and can firewall your network as well.
 
Old 01-28-2009, 06:56 AM   #5
TheSharkBait
LQ Newbie
 
Registered: Jan 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Im looking to setup a firewall with iptables and a squid proxy server on the gateway mate.
 
Old 01-28-2009, 06:59 AM   #6
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
Setting up squid has been covered in the forums a lot of times and bit of searching here on LQ should take you to threads that will cover everything that you want.

This one thread considers Ubuntu as server and squid as proxy server in transparent mode.

http://www.linuxquestions.org/questi...ubuntu-699966/

Hope this helps.
 
Old 01-28-2009, 07:16 AM   #7
TheSharkBait
LQ Newbie
 
Registered: Jan 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Thank you for the information.

What im having trouble doing is redirecting the input / output on the NIC interfaces and also adding routes on the other linux boxes to point at the gateway.
 
Old 01-28-2009, 07:18 AM   #8
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Posts: 3,366
Blog Entries: 33

Rep: Reputation: 216Reputation: 216Reputation: 216
Hi, I have my box set-up as a fw proxied gateway too.

A second machine connects to mine and accesses the www from there. Transparently.

I found these pages...

http://www.linuxhomenetworking.com/

very helpful.

See how you go, Glenn
 
Old 01-28-2009, 08:06 AM   #9
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
There is a link in the link that I gave you. It redirects to cyberciti. It should work for you and you would not need to add any routes at clients. Just add the ip address of the squid as the default gateway in client systems.
 
Old 01-28-2009, 04:20 PM   #10
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Posts: 3,366
Blog Entries: 33

Rep: Reputation: 216Reputation: 216Reputation: 216
Smile iptables and squid gateway

Quote:
Originally Posted by TheSharkBait View Post
Thank you for the information.

What im having trouble doing is redirecting the input / output on the NIC interfaces and also adding routes on the other linux boxes to point at the gateway.
the firewall script usually takes care of redirection and naming.

There is an on line iptable script generator you might like to try

http://easyfwgen.morizot.net/gen/ (I have not tried it lately...)

I use this modified fw script, and disable mandi, iptables service from starting

automatically and use this script instead to initialise the process.

/etc/rc.d/init.d/atomic.firewall (iptables)...
Code:
#!/bin/sh
#
# Atomic IPTables firewall script v1.2
#
# Simple but effective firewall written for
# the Atomic Uber Linux box guide,
# Issue 21, Oct 2002
#
# Updated May 2003 for bandwidth shaping
#
# Ashton Mills
# amills@iinet.com.au

# Environment variables, change these values accordingly

	EXT_IF=ppp0
	INT_IF=eth0
	INT_NET=192.168.0.0/24

	ANY=0.0.0.0/0

	IPTABLES=/sbin/iptables
	MODPROBE=/sbin/modprobe
.......................
......................."Middle part left out for space"
#
## --- OUTPUT CHAIN --- ##
#

	# Follows policy

#
## --- NAT --- ##
#

	# Enable masquerade

	$IPTABLES -A POSTROUTING -t nat -o $EXT_IF -j MASQUERADE

#
## -- Transparent proxy to Squid --- ##
#

	$IPTABLES -t nat -A PREROUTING -i $INT_IF -p tcp --dport 80 -j REDIRECT --to-port 3128
/etc/squid/squid.conf
Code:
http_port 192.168.0.2:3128 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir diskd /var/spool/squid 1024 16 256
cache_store_log none
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
half_closed_clients off
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443 563
acl SSL_ports port 873
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localnet
http_access allow localhost
http_reply_access allow all
icp_access allow all
visible_hostname GamesBox.GlennsPref.net
append_domain .GlennsPref.net
err_html_text squid@GamesBox.GlennsPref.net
deny_info ERR_CUSTOM_ACCESS_DENIED all
memory_pools off
coredump_dir /var/spool/squid
ie_refresh on
Hi I hope with these examples you will see squid needs iptables to direct traffic.

Iptables needs to know and separate internal and external devices.

I use squid 3, but the script is simillar, at the top, see the port address you error complained about..
.
http_port 192.168.0.2:3128 transparent

Hope that helps you get up and running.

Cheers, Glenn

Last edited by GlennsPref; 01-28-2009 at 04:29 PM. Reason: more info...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache Root/Home Directory and setting up FTP for home directories? Mankind75 Linux - Newbie 6 07-23-2006 03:37 PM
Home gateway + iptables kurrupt Linux - Security 2 08-08-2005 08:48 AM
Setting up a Home Network Gateway. Riddick Linux - Networking 2 06-16-2004 09:58 PM
Linux Home Gateway Problem Snabber Linux - Networking 8 07-28-2003 12:11 AM
Totally Frustrated Home Gateway Person Joe Kerrigan Linux - Networking 6 08-05-2002 12:04 PM


All times are GMT -5. The time now is 12:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration