Setup Netwok Diagram.
Linux Server:
eth0 ( External Interface )
eth1 ( Internal Netwok Interface) ( 192.168.1.X series )
Step 1. Enable ip nat in linux kernel.
"echo '1' > /proc/sys/net/ipv4/ip_forward"
Step 2. Assign IP address to eth0 and eth1
-------------------------------------------------------
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=xxx.xxx.xxx.xxx
NETMASK=255.255.255.xxx
GATEWAY=xxx.xxx.xxx.xxx
TYPE=Ethernet
BOOTPROTO=static
HWADDR=00:11:5B:F6:E2:5D
-------------------------------------------------------
-------------------------------------------------------
/etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=192.168.1.1
NETMASK=255.255.255.0
TYPE=Ethernet
BOOTPROTO=static
HWADDR=00:29:5X:FG:32:8S
-------------------------------------------------------
"service network restart"
Step 3. Set iptable commands.
"iptables -F"
"iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE"
"iptables --append FORWARD --in-interface eth1 -j ACCEPT"
Step 4. Add the above entries to /etc/rc.local file.
/etc/rc.local
/sbin/iptables -F 2>/dev/null
/sbin/iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE 2>/dev/null
/sbin/iptables --append FORWARD --in-interface eth1 -j ACCEPT 2>/dev/null
========================================================================
Linux Server:
eth0 ( External Interface )
eth1 ( Internal Netwok Interface) ( 192.168.1.X series )
Step 1. Enable ip nat in linux kernel.
"echo '1' > /proc/sys/net/ipv4/ip_forward"
Step 2. Assign IP address to eth0 and eth1
-------------------------------------------------------
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=xxx.xxx.xxx.xxx
NETMASK=255.255.255.xxx
GATEWAY=xxx.xxx.xxx.xxx
TYPE=Ethernet
BOOTPROTO=static
HWADDR=00:11:5B:F6:E2:5D
-------------------------------------------------------
-------------------------------------------------------
/etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=192.168.1.1
NETMASK=255.255.255.0
TYPE=Ethernet
BOOTPROTO=static
HWADDR=00:29:5X:FG:32:8S
-------------------------------------------------------
"service network restart"
Step 3. Set iptable commands.
"iptables -F"
"iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE"
"iptables --append FORWARD --in-interface eth1 -j ACCEPT"
Step 4. Add the above entries to /etc/rc.local file.
/etc/rc.local
/sbin/iptables -F 2>/dev/null
/sbin/iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE 2>/dev/null
/sbin/iptables --append FORWARD --in-interface eth1 -j ACCEPT 2>/dev/null
========================================================================
man, this is by no means complete! you have to tell dhcp to only listen on you internal device (eth1 in your case).
ReplyDeletealso, how do you hard-code you external ip address on eth0??? when you have dynamic ip from your ISP?
another issue is that i have no way to know this from "my ISP": GATEWAY=xxx.xxx.xxx.xxx
You need to have static IP to setup your router.
ReplyDeleteOr else you have to use some services like DynDns which is not recomended to setup a stable network.
Reddragon.. Sorry, but a router does not require a static address, not a dyndns. And there is nothing unstable about DynDNS.. Used it for years and NEVER had any issues.
ReplyDeleteits not working for me i am tryed in DSL Linux server internet where shared from server to client but rules is not working what can i do ? how to block ? my client xp machine where bypassed ...:( pls mail me solution klppraveen@gmail.com
ReplyDeleteThis is a very useful information about Secure Internet Gateway
ReplyDelete