Jump to content





Recent Status Updates

  • Photo
      16 Apr
    Kadence

    If you're reading this, you're on my profile and I know you're on my profile because I'm probably viewing yours.

    Show comments (6)
  • Photo
      10 Apr
    Poe

    Finally (and hopefully) i'm getting a team together that knows a little of this and a little of that; and maybe all my open source projects that are half written can begin to be released. :)

View All Updates
Photo
- - - - -

Configuring your linux server as a Router


  • Please log in to reply
2 replies to this topic

#1 imported_Affix

imported_Affix

    CC Newcomer

  • Just Joined
  • PipPip
  • 11 posts

Posted 27 February 2009 - 07:28 AM

Four this Tutorial you will need 2 NIC's (network Interface cards) Configured and working properly with your linux distro. You will also need IPTABLES installed on your system.

Please note the following IP config I will be using

Replace xx.xx.xx.xx with your WAN IP
Replace yy.yy.yy.yy with your LAN IP
(i.e. 192.168.0.0/16, 172.16.0.0/12)


WAN = eth0 with public IP xx.xx.xx.xx
LAN = eth1 with private IP yy.yy.yy.yy/ 255.255.0.0

First you nee dto install the NIC's Into your linux system. Once you have done this you will need to verify they are installed correctly. To do this type the following command

[root@yourRouter ~]# ls /etc/sysconfig/network-scripts/ifcfg-eth* | wc -l
If you have the NIC's Installed correcly the output of this command will be 2.

Now we must give eth0 [The Primary Ethernet Card] An external WAN IP. This will be provided to you by your ISP.

To do this type the following command

[root@yourRouter ~]#  vi /etc/sysconfig/network-scripts/ifcfg-eth0
You must make the file look similar to the configuration I have shown below

DEVICE=eth0
BOOTPROTO=none
BROADCAST=xx.xx.xx.255    # Optional Entry
HWADDR=00:50:BA:88:72:D4    # Optional Entry
IPADDR=xx.xx.xx.xx
NETMASK=255.255.255.0    # Provided by the ISP
NETWORK=xx.xx.xx.0       # Optional
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
GATEWAY=xx.xx.xx.1    # Provided by the ISP
Now we have configured the eth0 card we must configure eth1 to have an INTERNAL IP Address. To do this type the following

[root@yourRouter ~]#  vi /etc/sysconfig/network-scripts/ifcfg-eth1
Similar to above make the configuration look like the one below

BOOTPROTO=none
PEERDNS=yes
HWADDR=00:50:8B:CF:9C:05    # Optional 
TYPE=Ethernet
IPV6INIT=no
DEVICE=eth1
NETMASK=255.255.0.0        # Specify based on your requirement
BROADCAST=""
IPADDR=192.168.2.1        # Gateway of the LAN
NETWORK=192.168.0.0        # Optional
USERCTL=no
ONBOOT=yes
Now we need to configure the host file to tell the Router that it will be providing Network Address Translation [NAT]

[root@yourRouter ~]# vi /etc/hosts
Your hosts file should look like this

127.0.0.1       nat localhost.localdomain   localhost
Now we configure the gateway by editing /etc/sysconfig/network to do this use the vi command

[root@yourRouter ~]# vi /etc/sysconfig/network
You should make it similar to this :
NETWORKING=yes
    HOSTNAME=nat
    GATEWAY=xx.xx.xx.1    # Internet Gateway, provided by the ISP
Now we need to configure the Resolver to do it use the vi command like so

[root@yourRouter ~]# vi /etc/resolv.conf
Make that file like the one below. these IP's may differ from yours.

nameserver 203.145.184.13      # Primary DNS Server provided by the ISP
    nameserver 202.56.250.5        # Secondary DNS Server provided by the ISP

Now we must clean up our iptables.

Start off by flushing them

[root@yourRouter ~]# iptables --flush
[root@yourRouter ~]# iptables --table nat --flush
[root]@yourRouter ~]# iptables --delete-chain

Now we need to delete all the chains not in the default filter and the NAT

[root@yourRouter ~]# iptables --table nat --delete-chain

Now we need to configure IPTABLES to allow routing

to do this type

[root@yourRouter ~]# iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE[root@yourRouter ~]# iptables --append FORWARD --in-interface eth1 -j ACCEPT


Now we need to enable packet forwarding by the Kenrel


[root@yourRouter ~]# echo 1 > /proc/sys/net/ipv4/ip_forward


Now we can apply our new configuration


[root@yourRouter ~]# service iptables restart


Now ping some places from your client and see if it works
  • 1

#2 Tor

Tor

    CC Devotee

  • Just Joined
  • PipPipPipPipPipPip
  • 448 posts

Posted 02 March 2009 - 12:00 PM

This is very cool and useful! No need to go out and buy a router if you already have a Linux box constantly running. Thanks!
  • 0

#3 whwmia

whwmia

    CC Newcomer

  • Just Joined
  • PipPip
  • 24 posts

Posted 11 October 2009 - 10:57 PM

This one is very very useful.Thanks a lot !
  • 0