Hi,

I have a network of about 60 workstations. Currently, I am using a linux computer as firewall/proxy/gateway for connecting with the outside world. i have been using squid for proxy and iptables for firewalls. the problem is now i have to include a router into my network plus i am about to get a DSL line as backup link to the internet (currently its wireless). i was thinking of setting up a bridging gateway so that i can still use my firewall and the packets don't go directly to the router. i am considering a linux box with 3 NIC's to do the job. I am a little confused as to how to setup this box so that i get the following setup
internet-->router-->firewall-->internal network and viceversa.
I have read the mini dsl+bridge+gateway howto but am still not sure how it all works..
any help is appericiated.

aham .. well 1st of all your questions not clear .. you want to manage your network using linux firewall or router ? for just internet connectivity perpose using router so you may enable NAT in router and plug in behind linux or else you want manage your network using router then you must be use brige-utiliy then your linux work as transparent gateway and your client using your router gateway

Dear abakali,
this is what i want->"or else you want manage your network using router then you must be use brige-utiliy then your linux work as transparent gateway and your client using your router gateway"

i want all clients to go via my linux gateway.

ok then try out simple iptables NATing firewall and put your linux gateway ip in client machine ..
This is a how-to about sharing the internet via a linux box to the rest of your internal network.

In windows this is know as ICS (Internet Connection Sharing).
In linux it is called NAT (Network Address Translation).

1. On the linux box (that is directly connected to the internet, and is supposed to do the internet sharing), start a terminal. Run the command su and then type the root password to become root.

2. Open the file /etc/rc.d/rc.local in your favorite text editor and add this on a new line at the bottom
/etc/rc.d/rc.ipmasq and save the file.

3. Then, create a new file called rc.ipmasq in the /etc/rc.d/ directory and open this file in a text editor and add these lines



#!/bin/sh

IPTABLES=/sbin/iptables

#All The lines below are NAT routing

# flush any old rules
$IPTABLES -F -t nat

# turn on NAT (IP masquerading for outgoing packets)
$IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE

# enable IP forwarding (of incoming packets)
echo 1 > /proc/sys/net/ipv4/ip_forward



Save this file.

This script assumes that eth0 is the ethernet adaptor connected to the internet (say, thru a DSL/cable modem). Change it depending on your configuration (eth1, eth2 and so on). If the connection to the internet is not thru an ethernet device (as in the case of ordinary dialup or USB modem), you have to use ppp0 (or ppp1, ppp2 and so on).
The network connections to the internet and intranet should already be up (how to do that is outside the scope of this document).

4. Make this script file executable by running chmod 755 /etc/rc.d/rc.ipmasq

5. Then run the command /etc/rc.d/rc.ipmasq to enable the internet sharing.

6. Now you can stop being root by running exit

The above script will work after the following have been already done:

Set up the network on all the computers in the LAN. Make sure every computer can be reached from another computer by "ping".
On each client computer, set the gateway to the internal IP address of the linux computer that is connected directly to the internet. Under DNS put in the primary and/or secondary DNS IP addresses of your ISP (Internet Service Provider).

what about the dsl line? i want the dsl line to act as a backup connection if and when the wireless fails.