LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
 
Search this Thread
Old 02-12-2014, 07:30 PM   #1
rmcsteve
LQ Newbie
 
Registered: Feb 2014
Posts: 5

Rep: Reputation: Disabled
How to make home server share internet to other computers


hi I'm trying to get my home server to share internet to the other computers at home. i want it to be my "router" in that i want to install a wireless card in it and have all the wireless devices in my house use it to access the internet. I'm planing on making it a dns server and a media server, I'm also wanting to be able to block unauthorized computers for security if possible. thanks!!
 
Old 02-12-2014, 08:38 PM   #2
frankbell
Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Mageia, Mint
Posts: 8,688

Rep: Reputation: 1673Reputation: 1673Reputation: 1673Reputation: 1673Reputation: 1673Reputation: 1673Reputation: 1673Reputation: 1673Reputation: 1673Reputation: 1673Reputation: 1673
The Arch wiki is always an excellent resource. https://wiki.archlinux.org/index.php/router

If you do a web search for "[your distro] router" you should find a lot of stuff. For us to help you more, we'd need to what distro/version you are running and, ideally, what ethernet cards you have in it (you need at least two--one for the internet and one for the local network). You will also need a switch or a hub to connect other computers within your network to the router computer.

If you need wireless, you can achieve that with an access point, which is just a wireless transceiver that doesn't route and can be connected to the hub or switch with its own IP address. I quite happily used one for some time at my previous residence because I already had a non-wireless router.

I'd be inclined not to use the routing computer as a file and media server, if only because it's public-facing. I don't have a reason for it--it's probably just my inbred caution talking--but I'd want to research that more to make sure there are no implications for security or functionality.

Last edited by frankbell; 02-12-2014 at 08:41 PM.
 
Old 02-12-2014, 09:29 PM   #3
gotfw
Member
 
Registered: Jan 2007
Posts: 415

Rep: Reputation: 70
Yes, the Arch wiki rocks. For this task, however, you may want to give serious consideration to OpenBSD

http://www.openbsd.org


Espeically since you mentioned running a DNS server.
 
Old 02-14-2014, 09:33 AM   #4
rmcsteve
LQ Newbie
 
Registered: Feb 2014
Posts: 5

Original Poster
Rep: Reputation: Disabled
thanks guys, I'm going to get three 10/100/1000 cards and put two in the server and the other in my desktop computer because its the one i ssh in on or transfer media files from and right now its stuck at 10mbs speed which isn't bad but its not good either. i have ubuntu server 12.10 i think! is there any good security features i can get for it other then ufw??? is there any way i can make the ethernet computers one lan and the wireless computers another? none of them are networked together anyway but i could lock the computer ip's on one lan and then allow a few ip's on the wireless??
 
Old 02-14-2014, 08:53 PM   #5
frankbell
Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Mageia, Mint
Posts: 8,688

Rep: Reputation: 1673Reputation: 1673Reputation: 1673Reputation: 1673Reputation: 1673Reputation: 1673Reputation: 1673Reputation: 1673Reputation: 1673Reputation: 1673Reputation: 1673
ufw is a frontend for iptables, which is built into the kernel.

If there are any Windows machines, it would be wise have some way to scan traffic for malware.

To have two subnets (one for wireless and one for wired) you pretty much need two routers, one to form a subnet under the other one. It's probably not worth the effort unless you just want the practice.

Here's the clearest tutorial on subnetting I've ever seen. Don't let the HTML 3.0 look throw you; it used to be on some *.edu site and I think the author just took it with "as is" when he left, but it's clear and thorough.
 
Old 02-15-2014, 02:26 AM   #6
gotfw
Member
 
Registered: Jan 2007
Posts: 415

Rep: Reputation: 70
You've got the makings of a classic "3 legged" routing firewall here. Use the nics in your firewall to set up external (ext_if) and internal interfaces (int_if). The ext_if goes to your upstream router. Try to use static, routable IP's for these if you can, e.g. /30 subnet would give you 1 IP address for firewall ext_if and another for upstream WAN access point. Then NAT the firewall's int_if to e.g. a 10.0.0.0/28 subnet (assuming a 16 port switch here, adjust as necessary to suit). Then hopefully you can also stick a wireless card into that router/firewall. Depending on how centrally this box is located, you may consider external atenna. Or use a 3rd nic to a dedicated wap set up in bridging mode. In either case, call that wifi_if and NAT that to another subnet, e.g. 10.0.1.0/28. Take it another step futher and consider setting up radius server on the wifi_if. Configure DHCP server on firewall/router to dole out IP address from respective subnets on wifi_if and int_if. Now you've got 3 zones: internal eth, internal wifi, and external that you can use to set up trust relationships.

Maybe I'm glossing over it a bit too much but you get the idea. There is a lot of info on the web to help you with the specifics. Especially since it's late here & I'm sleepy.

Last edited by gotfw; 02-15-2014 at 02:27 AM.
 
Old 02-15-2014, 10:22 AM   #7
gotfw
Member
 
Registered: Jan 2007
Posts: 415

Rep: Reputation: 70
P.S.; Here's an example using OBSD and pf

http://www.openbsd.org/faq/pf/example1.html

Add an additional stub for your wifi network. Adjust to suit if you want to use Linux and iptables, but when it comes to security sensitive stuff like firewall, I am of the opinion OBSD is the best way to go.
 
Old 02-15-2014, 07:15 PM   #8
jefro
Guru
 
Registered: Mar 2008
Posts: 12,496

Rep: Reputation: 1585Reputation: 1585Reputation: 1585Reputation: 1585Reputation: 1585Reputation: 1585Reputation: 1585Reputation: 1585Reputation: 1585Reputation: 1585Reputation: 1585
Similar thread might help. https://www.linuxquestions.org/quest...ng-4175494648/
 
Old 02-22-2014, 10:23 PM   #9
rmcsteve
LQ Newbie
 
Registered: Feb 2014
Posts: 5

Original Poster
Rep: Reputation: Disabled
ok i got the server up and sending out ip addressess but it wont connect to the internet when i type arp -a in the terminal it has <incomplete> on the eth0 and the wireless any ideas on whats wrong??
 
Old 02-22-2014, 11:30 PM   #10
psycroptic
Member
 
Registered: Aug 2011
Location: USA
Distribution: ArchLinux - 3.0 kernel
Posts: 308

Rep: Reputation: Disabled
yeah, we'll need a little more info than that mayne. start by giving the output of "ip addr show" & "iptables -nvxL", censoring the addresses if you want. and i'll echo that Archlinux router guide, it is quite succinct.

you said you're using ubuntu; i got NO idea what kinds of frontends/GUIs it has to "help" configure the routing settings, but all you should need to use is "iptables", and make sure you have enabled packet forwarding. and as far as blocking off wireless/wired clients, the easiest way to do that would be to have 3 NICs in the server; 1 going out to the internet, 1 to your wired LAN, and 1 to the wireless LAN, all with different subnets, and then use iptables to prevent forwarding from the wireless to the wired subnet.

iptables typically stores all of its settings in 1 file, iptables.rules, and is usually in /etc/iptables/, though your distro may put it somewhere else.

here's a basic version of an iptables.rules file, and it's very close to the rules i use on several small Linux-based router PCs. "external" is the interface to the modem, "internal" is the interface to LAN, and "internal" is connected to a 192.168.0.x/255.255.255.0 network:

Code:
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

-A POSTROUTING -s 192.168.0.0/24 -o external -j MASQUERADE

COMMIT

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i internal -j ACCEPT
-A INPUT -i lo -j ACCEPT

-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i internal -j ACCEPT
-A FORWARD -i lo -j ACCEPT

COMMIT
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do you share files between client and server computers? phuongbd Linux - Networking 6 08-09-2013 07:37 AM
Mount NAS in home network and share some contents on internet HellesAngel Linux - Server 3 11-30-2010 10:26 AM
Stream movies and music from home server to other computers on the network. bowbalitic Linux - Software 3 03-27-2010 03:37 PM
What is the best way to make two computers use the same internet connection? brynjarh Linux - Newbie 4 07-12-2004 09:39 AM
Home LAN/Internet Share? JustinS Linux - Newbie 10 11-12-2001 06:41 PM


All times are GMT -5. The time now is 01:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration