Setting up a Linux gateway machine
 

Hello Sir,

I installed Linux Red Hat 7.1 on my physical gateway.
I can surf the Internet from the Linux.
I can not surf the Internet from the client connected to it.
I get replys when I ping LAN computers from the client.
Could u please tell me what to do?
Please be extremely specific; I am new to this operating system.

Thanks,

Inbar

Here is an excellent IPMasq resource:
http://ipmasq.cjb.net/

Specifically, this document will cover the 2.4 kernel in Redhat v7.1:
http://www.e-infomax.com/ipmasq/howt...tml/index.html

Its very detailed with step by step instructions. There is an offline copy that you can download and print at the above site.

Have fun.

KevinJ

I just found that site today while i was bored out of my mind from surfing the net, and i printed it and my boss caught me :). I just thought i would share it with you.

is it neccesary to use IP Masq in that instance, or can you just tell the machines behind the linux box to use the Linux host as the default gateway? Seems it should route the web traffic just fine that way.. and if not so, for what reasons?

It is necessary to use IPMasq if the clients behing the gateway are using private IP addresses. If there are "real" registered IP addys on clients.. then the gateway machine can simply act as router.

what you can do is also (if you are on dialup) to have it dial on demand so when you request an external site / ip then it connects for you

i think the app is called diald if im not mistaken and obtainable from freshmeat.

Hi guys,

Thanks for your kind help.

KevinJ, could u please tell me what to do if the clients' IPS are

not "real."

The tool, which u advised me to use is not helpful, since the client

IPS are not registered IPs.

Thanks,

Inbar

Actually, the links I posted above on IPMasq are exactly what you need.

I recommend using something with the 2.4 kernel as your OS. I use Redhat v7.0 with a 2.4 upgrade, but I am going to go to v7.1 with the new machine I am building.
Your gateway will need two interfaces: one modem and one nic, or two nics. One interface will connect to your ISP as normal, the other will connect to an internal network using something like the 192.168.x.x subnet.

The Linux machine will route packets between the Internet and your internal network. It will use IPMasq to translate the internal IP traffic into external IP traffic, and vice versa, for the clients inside.

At its simplest level, it will require minimal configuration of the iptables (one or two lines I think) and I believe a kernel recompile from a stock RHv7.1 install.

In addition, you will want to brush up on general security documentation to protect yourself from intrusion and DOS attacks. Just Keep It Simple and don't turn anything on you don't need and you should be fine.

KevinJ

Kevin,

Why would we require to do a build on the kernel? I can't think of any reason.

Cheers,

Antony

I am assuming you are using Windows as client.
Check your client DNS and Gateway settings. Gateway should point to your Linux box. You can use the same DNS you configured in the Linux box.

I don't know if the stuff you need for IPTables/IPmasq is included in the install kernel. As I said before, I am using an RHv7.0 install with a 2.4 kernel.. so I had to do one most certainly.

I have a couple of RHv7.1 boxes.. but they aren't acting as gateway. If the forwarding/firewall mechanisms are included in the default kernel.. then a recompile is not required.

OTH ....
1. I recommend everyone learn how to recompile a kernel. Its a great exercise.

2. Recompiling the default kernel to remove all the junk included that you will never use is probably a good idea in the first place.

Hi Kevinj,


After I checked with the system administrator, it turned out the clients' IPs are real IPs, not private IPs; these are real IPs provided by the ISP.
According to what u said above, the IPMASQ tool would have solved the problem mentioned above if the clients' IP were private.
Just tell me if I still need to use this tool if the clients' IPs are real IPs, provided by the ISP.
If I do not need this tool, maybe I am doin' somthing wrong with the client configuration as is mentioned above?

Thanks,

Inbar

Have you enabled IP forwarding on the gateway with Otherwise it doesn't matter wether your clients are setup right or not, the linux box ain't gonna forward traffic for you.

cheers

Jamie...

You cannot use IP masq if you have a real ip. So you have to set your box as a router. And I installed RH7.1 like 4 times now and i had to rebuild the kernel in order to do ip masq. www.ipmasq.cjb.net tells you everything step by step on how to get it working...

Well you can, you just don't need to.

cheers

Jamie...