I wan't to use my server as a router for me to connect to the internet when I'm at the servers location with my laptop. I don't want to mess anything up so I would like some help with it as it is a long time since I configured a router and that was on a BSD, never on Linux before.
So far two ethernet cards are installed in the system, et0 and eth0. The server connects to the internet with a PPPoE connection.
This is my current firewall(iptables) settings:
Code:
# Generated by iptables-save v1.3.5 on Sun May 6 19:37:56 2007
*filter
:INPUT ACCEPT [18676850:1350698484]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [20116489:2046243565]
-A INPUT -i tun0 -p udp -m udp --dport 445 -j ACCEPT
-A INPUT -i tun0 -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -i tun0 -p tcp -m tcp --dport 137:139 -j ACCEPT
-A INPUT -i tun0 -p udp -m udp --dport 137:139 -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i ppp0 -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -i ppp0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 113 -j ACCEPT
-A INPUT -i ppp0 -p udp -m udp --dport 113 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i ppp0 -p udp -m udp --dport 0:1023 -j LOG
-A INPUT -i ppp0 -p tcp -m tcp --dport 0:1023 -j LOG
-A INPUT -i ppp0 -p udp -m udp --dport 0:1023 -j DROP
-A INPUT -i ppp0 -p tcp -m tcp --dport 0:1023 -j DROP
-A INPUT -i ppp0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG
-A INPUT -i ppp0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
COMMIT
# Completed on Sun May 6 19:37:56 2007
ppp0 is the interface from pppoe connection and tun0 is the interface for OpenVPN.
I was thinking of configuring it like this:
Code:
*nat
:PREROUTING ACCEPT [127:7628]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [1:172]
-A PREROUTING -d 10.0.0.100 -p tcp -m tcp --dport 6881 -j DNAT
--to-destination 10.0.0.100:6881
-A POSTROUTING -s 10.0.0.100 -p tcp -m tcp --sport 6881 -j SNAT
--to-source 10.0.0.100:6881
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [300:34294]
:INPUT - [0:0]
-A INPUT -j INPUT
-A FORWARD -j INPUT
-A FORWARD -i eth1 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A FORWARD -i eth1 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p ah -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p ipv6-crypt -j ACCEPT
-A INPUT -p ipv6-auth -j ACCEPT
# And all other ports to accept
-A INPUT -i ppp0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 113 -j ACCEPT
-A INPUT -i ppp0 -p udp -m udp --dport 113 -j ACCEPT
-A INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
Where 10.0.0.100 would be my laptops IP. Would this work ok?
Also how would I then configure my Slackware 12 laptop. Because at home I use a WLAN connection to a router and then to the internet. And I would like my laptop to check eth0 if a cable is present it uses eth0 for the connection and if not it would use wlan0 interface to connect via WLAN.
