Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've used distros like ClarkConnect in the past for my gateway needs but they've proved to be bloated and resource hogs (not to mention runing on RedHat) so I want to try and put one together myself using Slackware.
The box: P!!!-550MHz, 384MB RAM, 13GB HD, 2x 10/100 NICs
What do I need to do to get this to work, how minimal of a Slack install can I do and still be able to compile new apps and run apache, ftp and maybe a game server on occation with preferably no X.
What would be a good firewall to use as well for this application?
Any thing to get me started would be appreciated. Thanks
It shouldn't be too hard if you're already familiar with Slackware and the services you want to run. Just install a minimal Slackware (I think base only) and add packages as you find you need them. Use iptables for the firewall, but you're going to have to learn how to configure it by hand because every tool I know to help you create firewall scripts runs in X.
I did this a while back with Slackware 8.1, but I've moved to Smoothwall now since all I really wanted was a firewall.
No, if you install X, but leave the default runlevel at 3 (this is the default for Slackware), none of X Window's services will start. You'll have to log in and run startx to run X.
Ok, I think I'll do a fresh install of Slack on my box to get rid of what I don't need, wish there was an install option like on some distros for if you want to create a gateway/server so you don't have to look thru packages.
Distribution: Debian 3, 31r0, 4, slackware, DSL, RH8.0/7, MDK9/10, et al. Vista is cute but not Linux - I tried
Posts: 70
Rep:
Possibly a silly Q but do you need to route traffic to/from the internet or are you only wanting to allow web stuff out? If this is the case, then you could just use squid and not have to worry too much about forwarding. A tought anyway
Traffic from the whole internet.
I've got IP Masq going now but its still not working, I don't think eth1 is setup correctly because when I do an ifconfig I only get eth0 and lo. I can see it if I do an ifconfig -a but it doesn't show an address or mask or anything just the card itself so that would be concerning iptables I think but I have no experiance with that.
I can ping 192.168.1.2 from the gateway but can't ping 192.169.1.1 from the cliet behind it. I'm smashing my head against the wall here, I dunno what I'm doing wrong, it SHOULD work.
Location: Currently: Normal, IL @ ISU -- Typically: South of Chicago
Distribution: Currently: RH 9 && Slackware 9.1 =)
Posts: 50
Rep:
If you are just trying to use it as a gateway/router to just route internet for your LAN all you need to do is set iptables to NAT/MASQUARDE so that your LAN can get internet traffic. You'll then want to echo 1 > /proc/sys/net/ipv4/ip_forward . After doing that you'll want to set up your device's IP/SUB. You can use ifconfig for this..now you should pretty much have everything ready (Just check your route'n table to be sure that it's routing correctly to the right devices).
As for it being slackware I'm not really to sure how to set it to defaulty get the IP and such since I'm used to distros with /etc/sysconfig/network-scripts. However I do believe there is a file somewhere in the rc scripts to configure your network. If you cannot figure this you can just simply put all the commands you need to do in rc.local to run at boot time.
"If you are just trying to use it as a gateway/router to just route internet for your LAN all you need to do is set iptables to NAT/MASQUARDE so that your LAN can get internet traffic. "
I'm not really familiar with gnome, haven't been able to get it to even connect to the net so I'll probably stick to KDE, that firewall front end looks like its what I need though, too bad its not for KDE
Location: Currently: Normal, IL @ ISU -- Typically: South of Chicago
Distribution: Currently: RH 9 && Slackware 9.1 =)
Posts: 50
Rep:
Well first even if it is a GNOME type app (GTK) you can still run it in KDE as long as you have GTK installed properly.
Secondly, as to answer your question; you can go to http://www.netfilter.org/ and you can read the docs on how to properly setup up iptables for your network (I would strongly recommond reading the tutorials first and then the HOWTOs). There is also a list of iptable scripts at one of the links there...you'll have to look. I'd suggest you using them if you don't want to write your own (you'll have to edit them).
Just for reference I'm going to give you a few commands to get you started...I'm going to put # infront of comments. This way you can copy this into a file and load it to see how it works. WARNING: this is NOT to just be used as your firewall...this is not secure -- it's only a couple lines for masquarding and such for REFRENCE
This basically just cleans out the iptables in there right now and sets 'em up. This should be done before re-writing the rules (otherwise old rules will get in the way).....or you can use the -D to delete specific rules. I find commenting out the rules I don't want and then re-running this to be easier =).
Code:
# Turn on IP NAT
echo "1" > /proc/sys/net/ipv4/ip_forward
# This is for masq'n. Comment this out if you are going to use
# regular SNAT.
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
This turns on ip_forwarding to allow the computer to be used as a router. The other you don't have to be too worried about honestly. It _should_ work either way. However if you are having problems try setting it to either 1 or 0 and test. Be sure to re-run the scipt each time and restart network service.
Okay, and here is the ip routing command.
Code:
# Allow NAT on ppp0 to network.
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
NOTE: This is for a internet connection on ppp0 ...if you have broadband or such you'll more than likely want to change this to either eth0 or eth1 depending (the -o represents OUTGOING interface). Also this is for masquarding. if you have a static IP then you'll probably just want to use NAT instead. The tutorials/HOWTOs will explain that in detail.
Alright if you want to play around with iptables I might as well send you this command. This one will block SYN (computers trying to connect to you) however will allow ACK in which will allow computers you request to connect to you.
Code:
# DO NOT allow SYN -- ACK will get through however.
iptables -A INPUT -i ppp0 -p tcp --syn -j DROP
Originally posted by GeneralmP I'm not really familiar with gnome, haven't been able to get it to even connect to the net so I'll probably stick to KDE, that firewall front end looks like its what I need though, too bad its not for KDE
Hey! I don't use GNOME at all! I'm running it through KDE and it's really smooth. Actually you just need it to get you firewall up, then you can turn it off. Take a look at the preferences window "start firewall on program startup " and "stop firewall on program exit"
select the first one and turn the second off. Just open firestarter and close it. Your firewall will be up and running, although it is running really smoothly here under KDE.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.