Tuesday, 10 May 2011

Linux Internet Gateway Server Setup

Setup Netwok Diagram.



Linux Server:

eth0 ( External Interface )
eth1 ( Internal Netwok Interface) ( 192.168.1.X series )

Step 1. Enable ip nat in linux kernel.

"echo '1' > /proc/sys/net/ipv4/ip_forward"

Step 2. Assign IP address to eth0 and eth1
-------------------------------------------------------
/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
ONBOOT=yes
IPADDR=xxx.xxx.xxx.xxx
NETMASK=255.255.255.xxx
GATEWAY=xxx.xxx.xxx.xxx
TYPE=Ethernet
BOOTPROTO=static
HWADDR=00:11:5B:F6:E2:5D
-------------------------------------------------------
-------------------------------------------------------
/etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1
ONBOOT=yes
IPADDR=192.168.1.1
NETMASK=255.255.255.0
TYPE=Ethernet
BOOTPROTO=static
HWADDR=00:29:5X:FG:32:8S
-------------------------------------------------------

"service network restart"

Step 3. Set iptable commands.

"iptables -F"
"iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE"
"iptables --append FORWARD --in-interface eth1 -j ACCEPT"

Step 4. Add the above entries to /etc/rc.local file.

/etc/rc.local

/sbin/iptables -F 2>/dev/null
/sbin/iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE 2>/dev/null
/sbin/iptables --append FORWARD --in-interface eth1 -j ACCEPT 2>/dev/null

========================================================================




4 comments:

  1. man, this is by no means complete! you have to tell dhcp to only listen on you internal device (eth1 in your case).

    also, how do you hard-code you external ip address on eth0??? when you have dynamic ip from your ISP?

    another issue is that i have no way to know this from "my ISP": GATEWAY=xxx.xxx.xxx.xxx

    ReplyDelete
  2. You need to have static IP to setup your router.
    Or else you have to use some services like DynDns which is not recomended to setup a stable network.

    ReplyDelete
  3. Reddragon.. Sorry, but a router does not require a static address, not a dyndns. And there is nothing unstable about DynDNS.. Used it for years and NEVER had any issues.

    ReplyDelete
  4. its not working for me i am tryed in DSL Linux server internet where shared from server to client but rules is not working what can i do ? how to block ? my client xp machine where bypassed ...:( pls mail me solution klppraveen@gmail.com

    ReplyDelete