Linux gateway on a LAN and the rest of the boxes are XP

MR_UNO · 12-01-2004, 09:16 AM

Hi there, I have Mandrake 10.0 installed on my computer, and i'd like to turn it into the gateway of the lan at home, the rest of the computers are 3 that are running XP and 1 that is running win98se...

Thanks in advance!

m4dj4ck · 12-01-2004, 09:37 AM

basically, you need to have ip forwarding enable and iptables installed on your mandrake 10. For beginner, i would recommend firestarter. it's easy to setup. Others linux firewalls are shorewall, gshield and etc. If you want to build your own custom iptables script, then you should refer to iptables/netfilter website regardings the docs.(www.netfilter.org) Cheers!

MR_UNO · 12-01-2004, 09:47 AM

what about my IP address, should it be static? and the windows boxes IPs, what obut them???

ror · 12-01-2004, 09:48 AM

everything should be static unless you plan on running a dhcp server on your gateway (overkill for a small home network)

Parenthesis · 12-01-2004, 11:03 AM

Have a look here, www.fli4l.de, the one disk router, easy to configure, even for newbies, runs on a 486 with 16mb ram, hundreds of opt_packets available, very modular, so you can do what you want with it.
Boots from Floppy, CD, Hard Drive, or usb stick, or alternatively seeing as you can afford more than one computer, and assuming they are all yours you are not the poorest of souls, so just buy a hardware router

MR_UNO · 12-01-2004, 11:50 AM

i've just read on the firestarter page that i need two network cards on the gateway...
i only have one, is that a problem???

Parenthesis · 12-01-2004, 02:01 PM

Buy another network card

bdogg · 12-01-2004, 02:07 PM

TLDP - IP MASQUERADE

This will tell you all you need to know to get it going.

Get another network card and then start your homework.

ror · 12-01-2004, 03:16 PM

you only need 2 NICs if you're sharing a connection from one of them

MR_UNO · 12-01-2004, 05:20 PM

let me see if i get this right, the only way is to have 2 nics?
i can't believe it, i can do the very same thing with only one nic at WIN XP, there must be a way to do it with one nic at linux...

i don't know if this is relevant, but, my connection is adsl, and the modem is plugged in the switch, and i reach the modem through the switch...

bdogg · 12-01-2004, 11:30 PM

What exactly do you do with one nic in winxp? Internet connection sharing? How do you enable that with only one network connection?

You sure that that "switch" is not a router? What is the output of ipconfig /all in windowsxp when you have this setup where you can use winxp as a gateway and it only has one nic?

ror · 12-01-2004, 11:35 PM

If you're recieving the ADSL into to the switch you should want that as the gateway shouldn't you?

gani · 12-02-2004, 02:20 AM

Your modem could be with built-in internet sharing/NAT already but without firewall definitely.

I have tried this once in Slackware 10. Here is my script:

#!/bin/bash
#
# My Linux Box Simple Internet Sharing Script
#
# file: /etc/rc.d/rc.nat
#
#----------------------------------------------------------------------
# Don't forget to make this file executable by doing
# chmod 755 /etc/rc.d/rc.nat
#
# Then in your /etc/rc.d/rc.local script add this after the last line:
# . /etc/rc.d/rc.nat
#
# You may put a header comment to identify this.
#-----------------------------------------------------------------------
#
# eth0 = internal interface - (localnet) - This depends on your setup.
# eth1 = external interface - (DSL connected)
#
IPTABLES="/usr/sbin/iptables"
EXTIF="eth1" # To where my DSL is connected.
INTIF="eth0" # Connected to my local network.
#
echo ""
echo "Loading my INTERNET SHARER & rc.firewall ruleset....."
echo "My Box Internal Interface = $EXTIF"
echo "My Box External Interface = $INTIF"
echo "Clearing existing rules and setting default policy..."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
sleep 1
echo "FWD: Allow all connections OUT and ONLY existing and related ones IN..."
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
sleep 1
echo "Enabling IP NAT (MASQUERADING)...."
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
sleep 1
echo "Enabling IP FORWARDING...."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "Checking if IP FORWARDING is enabled = '`cat /proc/sys/net/ipv4/ip_forward`'"
#
if [ `cat /proc/sys/net/ipv4/ip_forward` = 1 ]; then
echo "It's enabled!..."
else
echo "IP forwarding is not enabled. Enable it now by typing 'echo 1 > /proc/sys/net/ipv4/ip_forward'"
echo "at the command line."
fi
#
echo ""
#
# End of my personal /etc/rc.d/rc.nat.

Just adjust the path since Slacware is a BSD style Linux.

This will be started each time you startup your box.

This is not yet secured since INPUT default policy is to accept. Search for howto on how to make this secured by creating default drop policy. I have tried one howto but it didn't work. And if you really want a highly secured firewall I would recommend OpenBSD instead - the one I'm using.