Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a network of about 60 workstations. Currently, I am using a linux computer as firewall/proxy/gateway for connecting with the outside world. i have been using squid for proxy and iptables for firewalls. the problem is now i have to include a router into my network plus i am about to get a DSL line as backup link to the internet (currently its wireless). i was thinking of setting up a bridging gateway so that i can still use my firewall and the packets don't go directly to the router. i am considering a linux box with 3 NIC's to do the job. I am a little confused as to how to setup this box so that i get the following setup
internet-->router-->firewall-->internal network and viceversa.
I have read the mini dsl+bridge+gateway howto but am still not sure how it all works..
any help is appericiated.
aham .. well 1st of all your questions not clear .. you want to manage your network using linux firewall or router ? for just internet connectivity perpose using router so you may enable NAT in router and plug in behind linux or else you want manage your network using router then you must be use brige-utiliy then your linux work as transparent gateway and your client using your router gateway
Dear abakali,
this is what i want->"or else you want manage your network using router then you must be use brige-utiliy then your linux work as transparent gateway and your client using your router gateway"
ok then try out simple iptables NATing firewall and put your linux gateway ip in client machine ..
This is a how-to about sharing the internet via a linux box to the rest of your internal network.
In windows this is know as ICS (Internet Connection Sharing).
In linux it is called NAT (Network Address Translation).
1. On the linux box (that is directly connected to the internet, and is supposed to do the internet sharing), start a terminal. Run the command su and then type the root password to become root.
2. Open the file /etc/rc.d/rc.local in your favorite text editor and add this on a new line at the bottom
/etc/rc.d/rc.ipmasq and save the file.
3. Then, create a new file called rc.ipmasq in the /etc/rc.d/ directory and open this file in a text editor and add these lines
#!/bin/sh
IPTABLES=/sbin/iptables
#All The lines below are NAT routing
# flush any old rules
$IPTABLES -F -t nat
# turn on NAT (IP masquerading for outgoing packets)
$IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE
This script assumes that eth0 is the ethernet adaptor connected to the internet (say, thru a DSL/cable modem). Change it depending on your configuration (eth1, eth2 and so on). If the connection to the internet is not thru an ethernet device (as in the case of ordinary dialup or USB modem), you have to use ppp0 (or ppp1, ppp2 and so on).
The network connections to the internet and intranet should already be up (how to do that is outside the scope of this document).
4. Make this script file executable by running chmod 755 /etc/rc.d/rc.ipmasq
5. Then run the command /etc/rc.d/rc.ipmasq to enable the internet sharing.
6. Now you can stop being root by running exit
The above script will work after the following have been already done:
Set up the network on all the computers in the LAN. Make sure every computer can be reached from another computer by "ping".
On each client computer, set the gateway to the internal IP address of the linux computer that is connected directly to the internet. Under DNS put in the primary and/or secondary DNS IP addresses of your ISP (Internet Service Provider).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.