|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Newbie: help with setting up gateway
|
Douglas,
This howto should get you going
http://newbiedoc.sourceforge.net/networking/homegateway.html
spefically, section 9.1.2 should be what you need.
Briefly, you should be looking at iptables (successor to ipchains) with NAT
and connection tracking. NAT takes care of forwarding the packets from your
network and getting them to the right place again. Connection tracking makes
setting up a firewall very easy. It only allows traffic in from the outside
that is related to traffic you initiated.
Some notes:
for NAT to work you need to
echo 1 > /proc/sys/net/ipv4/ip_forward
or set FORWARD_IPV4=true in /etc/sysconfig/network file for RH.
To save the iptables config after you get it working
/etc/init.d/iptables save
that way it will come up after a reboot.
After your setup, i recommend using
http://www.linux-sec.net/Audit/nmap.test.gwif.html
to scan your box and make sure there aren't any holes
russell
On Thursday 29 April 2004 11:13 am, Douglas Lentz wrote:
> Hi, all.
>
> The immediate question: I've got a Red Hat 9 box that I want to use as a
> gateway. How do I know if IP masquerading is installed? If it isn't,
> could you give me a tip as to how to do it? I've got a FAQ which
> references the ipchains program, but I don't see an ipchains in my RH
> distro.
>
> The bigger picture: A very small (3 box network). All boxes have non
> resolvable hobbyist IPs (192.168.1.1, 192.168.1.2, etc). The gateway box
> (RH 9) communicates with the internet fine now. However, I am using
> dial-up interface ppp0 (too broke for cable/dsl and I'm not in a hurry
> anyway) The modem hangs off the gateway box, of course.
>
> The ordinary host is a Windows 2000 box, used to to support stuff like a
> winprinter and my wife's company's web site, which is so IE specific
> that that it *requires* IE. The internal network is up; all boxes can
> ping each other by name. The gateway box is also a Samba server, and the
> Windows box can get to its share directory, no problem.
>
> So the high level goal, for the time being, is to be able to use IE on
> the the W2000 box. :-(
>
> Red Hat installs a lot of stuff automatically - maybe IP masqerading is
> there already. I don't know for sure.
>
> Here's a dump of my routing table when ppp0 is up
>
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> access-66.snjp. * 255.255.255.255 UH 0 0 0
> ppp0 192.168.1.0 * 255.255.255.0 U 0 0
> 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0
> 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0
> 0 lo default access-66.snjp. 0.0.0.0 UG 0 0
> 0 ppp0
>
>
> When I run ifconfig -a on the soon-to-be gateway box, I see that ppp0
> has been assigned 216.158.46.37 by my ISP. I've assigned 192.168.1.1 to
> eth0.
>
> I don't use DNS internally - instead, hosts files on each box for name
> resolution.
>
> The windows box has been told the gateway is 192.168.1.1, but no talkee.
> "Internet Connection Sharing" (which I gather is SOCKS) is not
> configured on the windows box.
>
> Thanks in advance, all.
>
>
>
>
>
>
>
> ___________________________________________________________________________
> Philadelphia Linux Users Group -- http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|