It’s a bit older but a very cheap way to use a Linux Machine as an internet Router/Gateway. There is no need to be a LINUX expert to do this task. No need to have two physical fast Ethernet cards. Sharing internet connection with only one physical fast Ethernet card is very easy using the under given rules.
Required Items to configure a Router on LINUX Machine are given as under;
- One Physical Fast Ethernet Card
- DSL/Cable/Fiber Optic Internet Connection with Public IP Address.
1) Please configure the Fast Ethernet first like under given;
a) Assign Public IP address to the Fast Ethernet Card with the followings;
i) Eth0
ii) IP Address (61.5.156.1) change with your public IP address
iii) Net Mask (Provided by the Internet service provider) (255.255.255.248) change with your net mask
iv) Default Gateway (61.5.156.146) change with your Default Gateway
v) Preferred DNS (203.143.22.22) change with your preferred DNS
vi) Alt. DNS (203.153.240.10) Change with your alt. DNS
b) Create a virtual IP address on this Fast Ethernet Card
i) Copy and paste the configuration file of the eth0 with a new name eth0:0
c) Assign a private IP Address like you have assigned the other computers in your local area network
i) Eth0:0
ii) IP Address (192.168.1.10)
iii) Net mask (255.255.255.0)
iv) Default Gateway (leave this blank)
2) Creating forwarding rules with iptables:
# Delete and flush. Default table is “filter”. Others like “nat” must be explicitly stated.
3) iptables –flush – Flush all the rules in filter and nat tables
4) iptables –table nat –flush
5) iptables –delete-chain
# Delete all chains that are not in default filter and nat table
6) iptables –table nat –delete-chain
# Set up IP FORWARDing and Masquerading
7) iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE
8 ) iptables –append FORWARD –in-interface eth0 -j ACCEPT
9) echo 1 > /proc/sys/net/ipv4/ip_forward
# Enables packet forwarding by kernel
10) Create a route for internal packets:
11) route add -net 192.168.1.0 netmask 255.255.255.0 gw 61.5.156.146 dev eth0
# Change 61.5.156.146 with your Gateway IP Address
Configuring PCs on the office network:
All PC’s on the private office network should set their “gateway” to be the local private network IP address of the Linux gateway computer. 192.168.1.10 change with your own gateway
The DNS should be set to that of the ISP on the internet.
Or you can configure your own DNS server on this LINUX machine; I will try to explain that in a later post.
Configure the firewall to control the security.
First flush everything and then allow limited ports and IP Addresses
12) iptables -F
13) iptables -A INPUT -i lo -p all -j ACCEPT – Allow self access by loopback interface
14) iptables -A OUTPUT -o lo -p all -j ACCEPT
15) iptables -A INPUT -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT – Accept established connections
16) iptables -A INPUT -p tcp –tcp-option ! 2 -j REJECT –reject-with tcp-reset
17) iptables -A INPUT -p tcp -i eth0 –dport 21 -j ACCEPT – Open ftp port
18) iptables -A INPUT -p udp -i eth0 –dport 21 -j ACCEPT
19) iptables -A INPUT -p tcp -i eth0 –dport 22 -j ACCEPT – Open secure shell port
20) iptables -A INPUT -p udp -i eth0 –dport 22 -j ACCEPT
21) iptables -A INPUT -p tcp -i eth0 –dport 80 -j ACCEPT – Open HTTP port
22) iptables -A INPUT -p udp -i eth0 –dport 80 -j ACCEPT
23) iptables -A INPUT -p tcp –syn -s 192.168.1.0/24 –destination-port 139 -j ACCEPT – Accept local network Samba connection
24) iptables -A INPUT -p tcp –syn -s trancas –destination-port 139 -j ACCEPT
25) iptables -P INPUT DROP – Drop all other connection attempts. Only connections defined above are allowed.
26) alter the Linux kernel config file: /etc/sysctl.conf
Set the following value:
27) net.ipv4.ip_forward = 1
28) Service iptables save
Now you can test by opening a page in internet explorer that your Linux router/gateway for internet connection sharing is working or not. If everything goes according to the above given instructions your router/gateway is ready to be used by your users in your local network.
Note: Please share your experiences and comments about this post.
