creating a linux-windows network

jaideep.dhok · 08-26-2006, 01:17 AM

Hi,
I am trying to setup a network between a linux PC (FC5) and a windows PC. My Linux PC is connected to the internet through a DSL router (pppoe on eth1). The windows machine is connected to eth0. Can some one please suggest how to access internet on the windows machine? Is there anything analogous to windows' Internet Connection Sharing? Any help is greatly appreciated.
Thanks and regards,
Jaideep

Micro420 · 08-26-2006, 12:03 PM

I've attempted this once but gave up. I may be doing it the hard way.

Your Linux box will need 2 network cards since that is the box to the internet. 1 to the WAN and 1 to the LAN. I assume you are using a CROSSOVER cable when you connect your Windows directly into the Linux network card. You will then have to set up your Linux box to act as a router and gateway for the Windows machine. I forget the name of the software I used, but it was a pain to set up, even though it was totally graphical and tried to simplify things for you.

k0balT · 08-26-2006, 03:22 PM

this is exactly what i want to do, for security and monitoring what goes in/out of windows
preferably on a live cd. i'm downloading a routing cd now..any suggestions would be welcome

jaideep.dhok · 08-26-2006, 03:37 PM

I tried to google for setting up a linux gateway, but most of the howtos talk about setting it on Debian. Do you know if any document is available for fedora core?
Thanks.

Micro420 · 08-26-2006, 09:03 PM

As I said, there was a software that was easy to use and was a GUI, but I can't recall the name.

It was easy to install on Ubuntu. I have never used Fedora Core, but I'm sure there's an RPM package for it. Again, I can't remeber the name!

Maybe someone else will remember it. Once you get it going, you can use this software to set up your linux box as a router/gateway/proxy server/dns/apache/etc ...

Anyone know what I'm talking about? It's not Squid and it's not IP Cop. It's something else ...

Donald E. Wolfe · 08-27-2006, 09:07 PM

**** NOTE: IF YOU DON'T HAVE A CURRENT BACKUP OF YOUR SYSTEM, OR
**** IF EDITING SYSTEM FILES MAKES YOU NERVOUS, DO NOT READ THIS POST.
**** THIS WORKED FOR ME, BUT (AS ALWAYS) YMMV

I ran my home network exactly this way for a couple of years before I broke down and bought a hardware firewall (that doubles as a DHCP server). I was running Red Hat 9 at the end, so my setup was probably similar to what you will wind up under Fedora. I never used a GUI, but the change was only four steps so that wasn't a big issue. I believe I used eth0 as my gateway to the world, and eth1 was my home LAN. Here are my notes:

1) Update /etc/hosts (add 192.168.x.y my_windows_machine)
2) Enable IP forwarding in /etc/sysctl.conf (set net.ipv4.ip_forward = 1)
3) Replace /etc/sysconfig/iptables with:
... # Firewall configuration to support IP-Masquerading
... *filter
... :INPUT ACCEPT [0:0]
... :FORWARD ACCEPT [0:0]
... :OUTPUT ACCEPT [0:0]
... #
... -A INPUT -i lo -j ACCEPT
... -A INPUT -i eth1 -j ACCEPT
... -A INPUT -p udp -m udp -s DNS.#1.ip.addr --sport 53 -d 0/0 -j ACCEPT
... -A INPUT -p udp -m udp -s DNS.#2.ip.addr --sport 53 -d 0/0 -j ACCEPT
... -A INPUT -p tcp -m tcp --syn -j DROP
... -A INPUT -p udp -m udp -j REJECT
... #
... -A FORWARD -i lo -j ACCEPT
... -A FORWARD -i eth1 -j ACCEPT
... -A FORWARD -p tcp -m tcp --syn -j DROP
... #
... # -A POSTROUTING -t nat -o eth0 -j MASQUERADE
... #
... COMMIT
4) Hack /etc/rc.d/init.d/iptables to fix nat table (since we can't do it
via /etc/sysconfig/iptables). At the end of the "start" function,
add:
... # Begin hack to implement masquerading
... echo -n $"Setting up masquerading in the nat table: "
... iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
... if [ $? -eq 0 ]; then
... success
... else
... failure
... fi
... echo
... # End hack