Simple Debian Router including a DHCP Server
 

Hi there,

I'm a bit new to Debian/Linux and would like to setup a DSL Router on Debian for about 10 WinXP PCs.

I successfuly set up the PPPOE Connection to my Provider. Now I additionally need a DHCP Server running on Debian and I need to get it working that the other 10 WinXP Clients have access to the internet.

I'm sorry but I'm a little bit lost right now. What do I have to do to get this working?

Thanks a lot!

In addition to dhcp you need ip-masquerade and I would suggest a firewall as well. Do apt-get install dhcp ipmasq . You will need to ip-forward and the easiest way is to get a firewall with all this built in and I suggest a visit to;

http://www.linuxorbit.com/modules.ph...icle&artid=529

Nice, thanks dude!

No problem. Let us know how you go.

The script is telling me I'm using an old version of iptables or kernel.

I got the latest iptables installed via apt-get install iptables and I'm using Debian 3.0 r2.. what could be the prob?

Check the kernel version - uname -r

It`s Debian Woody 3.0 r1

uname -r:

2.2.20-idepci

There is an ipmasq howto on the ldp howto pages:

http://www.ibiblio.org/pub/Linux/doc...s/html_single/

It looks very daunting because at first sight it appears to be very long. However that's because it covers 2.0 2.2 and 2.4 kernels all at the same time, plus there's some troubleshooting stuff at the end padding it out somewhat.

The howto is actually very short, when you take this into account. I recommend it highly. If you don't need to recompile your kernel, it will only take you ten minutes. Even if you need to recompile, it tells you exactly what options you need.

It also includes a sample firewall, which is very good (as in secure).



DHCP is very very easy. You just need to apt-get install dhcp and configure it. You can do this by man dhcpd.conf or you can copy this one and modify it to your tastes (you must fill in your own dns servers here at the very least):


subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.2 192.168.1.60;
default-lease-time 86400;
max-lease-time 86400;
option routers 192.168.1.1;
option ip-forwarding on;
option broadcast-address 192.168.1.255;
option subnet-mask 255.255.255.0;
option domain-name-servers 1.2.3.4, 5.6.7.8;
}

The advantage of this config is it forwards the dns info to the clients, meaning no config is necessary on the clients except to select "obtain an IP address automatically"

Hope this helps, good luck, reetep.

Hey, thanks a lot ! DHCP is working fine now.

I visited http://www.ibiblio.org/pub/Linux/do...ts/html_single/ but there are quite a lot tutorials. Found one which includes IPMasq+Napster and one very long IP Masq tutor. Which one do you mean?

congratulations on your DHCP.

The ipmasq tutorial is called IP-Masquerade-HOWTO and the precise url is here:

http://www.ibiblio.org/pub/Linux/doc...ade-HOWTO.html

Yes it appears to be very long but look more carefully and read my explanation above - it is actually very short. Don't be put off; it's easy!

Good luck, and if you need help, you know where to come....

Allright, it's DSL dialup running over eth1.

eth0 is for the internal Lan


My rc.firewall-2.2 looks like that:
I created it in /etc/init.d/

My resolv.conf is
Or should that be the nameserver of the provider?

However if I try to execute rc.firewall-2.2 the following error occurs:
./rc.firewall-2.2
: Bad interpreter : No such file or directory


Btw. thanks a lot for all your help guys, I really appreciate it!

Ok good work, but I notice a few things amiss with your config.

Firstly in /etc/network/interfaces you need to finish your configuration of eth1. If you get your IP address from your ISP using DHCP, you need:

auto eth1
iface eth1 inet DHCP

If your ISP has given you a static IP address, you need to configure it in the same way as eth0.

Now for (some perhaps only potential) faults in your firewall:


1.check that this is correct for your system (eg do whereis ipchains):

IPCHAINS=/sbin/ipchains
#IPTABLES=/usr/local/sbin/ipchains
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe


2. This following section doesn't seem to match what you told us:

# NOTE: If this doesnt EXACTLY fit your configuration, you must
# change the EXTIF or INTIF variables above. For example:
#
# If you are a PPPoE or analog modem user:
#
# EXTIF="ppp0"
#
# ** Please change this to reflect your specific configuration **
#
EXTIF="ppp0"
INTIF="eth0"

I though you wanted:

EXTIF="eth1"
INTIF="eth0"


3.Did you write in this "150" ? I would have thought you wanted "24"

INTLAN="192.168.1.0/150"



4. Nota Bene:

# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this
# following option. This enables dynamic-ip address hacking in IP MASQ,
# making the life with Diald and similar programs much easier.
#
#echo " enabling DynamicAddr.."
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr

If you get your IP from your ISP using DHCP you will want to uncomment this.

And also the following:

# DHCP: For people who receive their external IP address from either DHCP or
# BOOTP such as ADSL or Cablemodem users, it is necessary to use the
# following before the deny command.
#
# This example is currently commented out.
#
#
#$IPCHAINS -A input -j ACCEPT -i $EXTIF -s 0/0 67 -d 0/0 68 -p udp




I'm not sure which line gave you an error. My first guess is there is no ppp0 device on your machine, so once you ammend that to eth1 you should be ok. Alternatively, maybe one of the files in /proc/... is missing (indicating that you don't have that appropriate option in the kernel). Did you check your kernel for compatibility as described in the first section of the HOWTO?



First off, I suggest you correct all of the above and try again.

PS you need to put the nameserver of your ISP in /etc/resolv.conf - not 192.168.1.1

1
Allright changed that.

2
I filled in ppp0 there because of their statement If you are a PPPoE or analog modem user: EXTIF="ppp0"
I got 2 nics installed, eth0 for internal eth1 is directly connected to the DSL Modem. It's PPPoE and I establish the connection via pon dsl-provider. Although I don't see a ppp0 connection in ifconfig after establishing the connection, just eth1.

Changed to eth1.

3
I raised DHCP and the value in the script to 150

4
Allright changed

Also adjusted resolv.conf to the IP of my ISP Nameserver.

I checked my kernel once again -> 2.2.20-idepci . That one should be compatible, isn't it? (Used the manual for 2.2.x Kernels)

However I'm still getting : Bad interpreter : No such file or directory
The sbin paths are all correct. ( Checked with locate )

It's strange.

I don't know. That's why I asked:

- that is to say the howto tells you how to test your kernel.




If you find you need a new kernel, don't be afraid if you haven't done it before - the HOWTO tells you exactly what options you need, and you can use your current config for the rest.

Just do

apt-get install kernel-source-of-your-choice
cd /usr/src/
tar xjvf kernel-source-blah-blah.bz2
rm linux (if it exists)
ln -s $(whatever the name of the new directory is) linux
cp /boot/config-2.2.20-idepci /usr/src/linux
cd linux
make menuconfig or make xconfig

and have a print out of the relevant section of the HOWTO to tell you how to fill in the relevent options.