Configuring Linux Box as a Gateway
Hardware Requirement.
1. Server with Linux Installed having two Interface (NIC) card. One should be connected to your outgoing Internet connection, while the other is plugged into your local network
2. Switch / Hub
Information Required :
aaa.aaa.aaa.aaa is Public Network IP address (bbb.bbb.bbb.bbb is Public netmask).
ccc.ccc.ccc.ccc is LAN IP address (e.g. 192.168.0.1), ddd.ddd.ddd.ddd is LAN netmask (e.g. 255.255.255.0).
eee.eee.eee.eee is default gateway for Internet connection.
ccc.ccc.ccc.ccc is LAN IP address (e.g. 192.168.0.1), ddd.ddd.ddd.ddd is LAN netmask (e.g. 255.255.255.0).
eee.eee.eee.eee is default gateway for Internet connection.
Implementation
First of all we enable IP forwarding to enables a gateway to send or forward, IP packets to destination IP addresses on another network.
To determine whether IP forwarding is enabled or not, run the command
cat proc/sys/net/ipv4/ip_forward
If the output is 1, IP forwarding is enabled; if the output is 0, IP forwarding is not enabled. If it is not enable then
If the output is 1, IP forwarding is enabled; if the output is 0, IP forwarding is not enabled. If it is not enable then
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
To activate the changes
Run sysctl –p
After that we create the network configuration file for the gateway computer with the commandvim /etc/sysconfig/network
Next, enter the following information into this file:NETWORKING=yes
FORWARD_IPV4=yes
HOSTNAME=Testing
DOMAINNAME=xyz
GATEWAY=aaa.aaa.aaa.aaa
GATEWAYDEV=eth0
Next, enter the following information into this file:NETWORKING=yes
FORWARD_IPV4=yes
HOSTNAME=Testing
DOMAINNAME=xyz
GATEWAY=aaa.aaa.aaa.aaa
GATEWAYDEV=eth0
After that we create configuration files for each of the network interface cards on the gateway. The first interface card for which we’ll create a configuration file is the interface that forwards packets to the outside world. The first Ethernet interface configured on a Linux system is always eth0.
To configure the first network interface, create the /etc/sysconfig/network-scripts/ifcfg-eth0 file. To do this, run the command
To configure the first network interface, create the /etc/sysconfig/network-scripts/ifcfg-eth0 file. To do this, run the command
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=aaa.aaa.aaa.aaa # IP ADDRESS provided by ISP 123.45.67.89
NETMASK=bbb.bbb.bbb.bbb # NETMASK provided by ISP 255.255.255.0
GATEWAY=eee.eee.eee.eee # 123.45.67.1
Now we configure the second interface (eth1)
vim /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=static
IPADDR=ccc.ccc.ccc.ccc # e.g. Private IP ADDRESS 192.168.0.1
NETMASK=ddd.ddd.ddd.ddd # e.g. 255.255.255.0
Set up Domain Name System servers IP addresses by editing /etc/resolv.conf:
vim /etc/resolv.conf
nameserver 4.2.2.2 (Public DNS Server)
nameserver 122.166.109.11 (Public DNS Server)
Set up NAT with iptables
To delete existing rules from every iptables table, execute the following commands:
Check iptable server is on or not, if it is not ON then on it with command
/etc/init.d/iptables start
chkconfig –level 35 iptables on (So that everytime service will automatically started on runlevel 3 and 5)
Now we delete existing rules from every iptables table, execute the following commands:
iptables -F
iptables -t nat -F
iptables -t mangle -F
Enable NAT by commands:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
iptables-save > /etc/sysconfig/iptables
Configure LAN clients to access Internet via described gateway:
Use clients' operating system tools to set up the following TCP/IP settings:
IP address: from the same network as ccc.ccc.ccc.ccc Netmask: ddd.ddd.ddd.ddd
DNS: fff.fff.fff.fff
Gateway: ccc.ccc.ccc.ccc
Example:
IP address: 192.168.0.7
Netmask: 255.255.255.0
DNS: 4.2.2.2
Gateway: 192.168.0.1
HOST webserver on port 80 from Machine -1
So in this setup if I want to run a public service like httpd, not on the gateway server ( where it is visible to outside ) but on an internal machine ( which is not visible outside ) how do I make it available to the outside internet.
To make the above scenario of exposing and internal machine's service to outside we need to use port forwarding on the gateway server. Which is assigning a port on the gateway to accept all connections and forward it to the internal machines port where the service is listening to.
Let xxx.xxx.xxx.xxx be the IP address of the gateway server connected to the cable modem and 192.168.0.2 , the IP address of the internal machine. And say we want to run a web server ( httpd ) on 192,168.0.2 on port 80 which should be available to the outside internet. We can forward the port 80 on xxx.xxx.xxx.xxx to port 80 of 192.168.0.2
Source: xxx.xxx.xxx.xxx:80 -- forwarded to -> 192.168.0.2:80
You can chhose any port on xxx.xxx.xxx.xxx it need not match the port we are forwarding to.
Source: xxx.xxx.xxx.xxx:8888 -- forwarded to -> 192.168.0.2:80
Port Forwarding using Iptables
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d xxx.xxx.xxx.xxx
--dport 8888 -j DNAT --to 192.168.0.2:80
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.2 --dport 80 -j ACCEPT
Note that this document comes without warranty of any kind. But every effort
has been made to provide the information as accurate as possible. I welcome
emails from any readers with comments, suggestions, and corrections at
webmaster_at admin@linuxhowto.in
Copyright © 2012 LINUXHOWTO.IN
Copyright © 2012 LINUXHOWTO.IN
شركات عزل مائي بالرياض
ReplyDeleteشركة تنظيف المنازل بالدمام
شركة تنظيف بيارات بالرياض
كيفيه التخلص من الصراصير الصغيره فى المطبخ
شركة تنظيف مجالس بالرياض
افضل شركة تنظيف خزانات بالرياض
شركة شفط بيارات بالرياض
شركة شراء الاثاث مستعمل بالرياض
شركة رش مبيدات بالرياض
تنظيف اثاث بالرياض
شركة تنظيف فلل بالرياض
شركة رش مبيدات بالرياض
شركة تنظيف مسابح بالرياض
شركة مكافحة حشرات بالمدينة المنورة
شركة تنظيف منازل بمكة
شركة نقل اثاث بالمدينة المنورة