2 replies to this topic

[imported_Affix]

Four this Tutorial you will need 2 NIC's (network Interface cards) Configured and working properly with your linux distro. You will also need IPTABLES installed on your system.

Please note the following IP config I will be using

Replace xx.xx.xx.xx with your WAN IP
Replace yy.yy.yy.yy with your LAN IP
(i.e. 192.168.0.0/16, 172.16.0.0/12)


WAN = eth0 with public IP xx.xx.xx.xx
LAN = eth1 with private IP yy.yy.yy.yy/ 255.255.0.0

First you nee dto install the NIC's Into your linux system. Once you have done this you will need to verify they are installed correctly. To do this type the following command

[root@yourRouter ~]# ls /etc/sysconfig/network-scripts/ifcfg-eth* | wc -l

If you have the NIC's Installed correcly the output of this command will be 2.

Now we must give eth0 [The Primary Ethernet Card] An external WAN IP. This will be provided to you by your ISP.

To do this type the following command

[root@yourRouter ~]#  vi /etc/sysconfig/network-scripts/ifcfg-eth0

You must make the file look similar to the configuration I have shown below

DEVICE=eth0
BOOTPROTO=none
BROADCAST=xx.xx.xx.255    # Optional Entry
HWADDR=00:50:BA:88:72:D4    # Optional Entry
IPADDR=xx.xx.xx.xx
NETMASK=255.255.255.0    # Provided by the ISP
NETWORK=xx.xx.xx.0       # Optional
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
GATEWAY=xx.xx.xx.1    # Provided by the ISP

Now we have configured the eth0 card we must configure eth1 to have an INTERNAL IP Address. To do this type the following

[root@yourRouter ~]#  vi /etc/sysconfig/network-scripts/ifcfg-eth1

Similar to above make the configuration look like the one below

BOOTPROTO=none
PEERDNS=yes
HWADDR=00:50:8B:CF:9C:05    # Optional 
TYPE=Ethernet
IPV6INIT=no
DEVICE=eth1
NETMASK=255.255.0.0        # Specify based on your requirement
BROADCAST=""
IPADDR=192.168.2.1        # Gateway of the LAN
NETWORK=192.168.0.0        # Optional
USERCTL=no
ONBOOT=yes

Now we need to configure the host file to tell the Router that it will be providing Network Address Translation [NAT]

[root@yourRouter ~]# vi /etc/hosts

Your hosts file should look like this

127.0.0.1       nat localhost.localdomain   localhost

Now we configure the gateway by editing /etc/sysconfig/network to do this use the vi command

[root@yourRouter ~]# vi /etc/sysconfig/network

You should make it similar to this :

NETWORKING=yes
    HOSTNAME=nat
    GATEWAY=xx.xx.xx.1    # Internet Gateway, provided by the ISP

Now we need to configure the Resolver to do it use the vi command like so

[root@yourRouter ~]# vi /etc/resolv.conf

Make that file like the one below. these IP's may differ from yours.

nameserver 203.145.184.13      # Primary DNS Server provided by the ISP
    nameserver 202.56.250.5        # Secondary DNS Server provided by the ISP

Now we must clean up our iptables.

Start off by flushing them

[root@yourRouter ~]# iptables --flush
[root@yourRouter ~]# iptables --table nat --flush
[root]@yourRouter ~]# iptables --delete-chain

Now we need to delete all the chains not in the default filter and the NAT

[root@yourRouter ~]# iptables --table nat --delete-chain

Now we need to configure IPTABLES to allow routing

to do this type

[root@yourRouter ~]# iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE[root@yourRouter ~]# iptables --append FORWARD --in-interface eth1 -j ACCEPT

Now we need to enable packet forwarding by the Kenrel

[root@yourRouter ~]# echo 1 > /proc/sys/net/ipv4/ip_forward

Now we can apply our new configuration

[root@yourRouter ~]# service iptables restart

Now ping some places from your client and see if it works

[Tor]

This is very cool and useful! No need to go out and buy a router if you already have a Linux box constantly running. Thanks!

[whwmia]

This one is very very useful.Thanks a lot !