Gateway

Discussion in 'Linux Networking' started by Chris Rennert, Jun 25, 2003.

  1. Hello all,

    Here is what I want to accomplish. Currently I have a Linksys router
    connecting our lan to the internet through PPPoE. What I want to do is put
    a linux box between the router and the lan so I can do monitoring and put up
    a firewall. I have 2 ethernet cards in the linux box which is running
    Mandrake 9.1.
    I am sort of new to setting this type of thing up, and my budget here is $0,
    besides my time.
    I was wondering what would be the best approach to setting this up. I was
    thinking I could physically put the linux box between the router and lan and
    just forward all the data coming from the router and then have all the
    workstations use the linux box as a gateway to the router.
    I was hoping I would get a little insight on the best way to do this.
    Any help you could give me would definitely be appreciated.

    Thanks

    Chris
     
    Chris Rennert, Jun 25, 2003
    #1
    1. Advertisements

  2. Chris Rennert

    Wing Guest

    Wing, Jun 25, 2003
    #2
    1. Advertisements

  3. Chris Rennert

    no body Guest

    Here is what I want to accomplish. Currently I have a Linksys router
    Drop the router (it was a waste of money, sell it on ebay and get something
    out of it) and do pppoe on the linux box.
    use the linux box internal IP as the gateway for all the internal machines.
    Unless you have a hundred machines or so, I'd go with static IPs internal
    all the time. Gateway is 192.168.1.1, all other boxes start from there .2,
    ..3, etc... netmask of 255.255.255.0. Now that I think of it your internal
    boxes should already be set up with the linksys router as their gateway,
    probably similar to the scheme I just mentioned. Just set the linux box's
    internal address to the linksys' address and yank the linksys out of the
    way. If you're using dhcp internally now I'd change it to static first (and
    make sure it works) before you switch the boxes out. The reason I say that
    is you don't want to be fighting pppoe, dhcp, and iptables all at the same
    time unless you are HIGHLY familar with all of them (as in born and raised
    on it). You can always switch back to dhcp after the transition if you want
    to. A little extra work but for the uninitiated it's a good idea. At any
    rate you need to attack this thing in pieces, first linux to all internal
    boxes, then linux to the Internet, then the internal to the Internet.

    the pppoe client comes with an adsl-start script, and it's all pretty simple
    to set up, get the pppoe client and read the docs. I think you only have to
    plug the login name and pass in a text file (make sure you chmod 600 the
    file and chown root it). real easy. just make sure you put the adsl-start
    script call in your rc.local or whatever it is on your distro.

    So that gets the internal routing within itself, and your box connected to
    the outside. The only thing left is setting the box up to SNAT all outbound
    traffic. For this read up on iptables. search for iptables and how-to,
    it's pretty straight forward. I think the pppoe client even came with a
    basic iptables script that SNATed everything outbound. Very basic, no
    security, but a good start for someone who doesn't know.
    Get ready to learn. The nice thing with being able to drop the linux box in
    place of the linksys is you can start on a friday night and if you haven't
    got it working by monday morning you can just plug the cat 5's back into the
    linksys and your back running again.

    Don't run the linksys and linux together. It's just asking for another
    complication you don't need. Sell it to some loser on ebay that doesn't
    have the G2 to put together their own gateway from scrap.

    Which reminds me: "Education pays. If you don't think so, try ignorance for
    a while." - John Slick
     
    no body, Jun 27, 2003
    #3
  4. You want to set up the Linux machine the exact same way as you
    would any firewall, but you want to log the information you're
    interested in. You may need to set it up as a DHCP server as I
    don't think you'll be able to feed IPs from your router to your
    local LAN. It becomes the default GW for your local LAN and then
    forwards all packets to the router, which then does the rest of
    the hard work. Should be fairly simple assuming you know how to
    set the Linux box up as a firewall. It's similar to the process
    for setting it up to be your gateway box, except for the one
    extra step in going to the router rather than going straight to
    the net. You could alternatively remove the router from the
    equation and use the Linux box as both firewall and router. But
    there's nothing wrong with having the devices seperate. There is
    some school of thought that you're better off that way anyway.

    Router route
    Firewalls firewall
     
    Seth H Holmes, Jun 27, 2003
    #4
  5. Chris Rennert

    no body Guest

    You may need to set it up as a DHCP server as I
    Just because he can't give public IPs to his internal computers doesn't mean
    he has to set up DHCP.
     
    no body, Jun 27, 2003
    #5
  6. True. I was assuming DHCP from the Linksys was being used. If he
    is not using DHCP, static assignments would work fine.
     
    Seth H Holmes, Jun 27, 2003
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.