Configure CentOS as a router/gateway to the internet

Issues related to configuring your network
Post Reply
cerber4s
Posts: 2
Joined: 2005/03/17 13:06:11
Contact:

Configure CentOS as a router/gateway to the internet

Post by cerber4s » 2005/03/25 10:08:29

Hi all,

I am new to linux and I am trying to make the following situation:

A local network with 4 pc's. A linux server to act as a router/firewall/gateway.


|-----local------------------------------------|
[(1) - (2) - (3) - (4)] (linux) (adsl-router) internet

I installed centos a couple of times and messed around with different configurations
with iptables, firewall but i cant get it to work as a router. i have two NIC's installed
eth0 and eth1

eth0 -

10.0.0.1/255.255.255.0
DNS, my ISP dns adres
Gateway, my ADSL router

eth1 -

192.168.0.1/255.255.255.0
Gateway, 10.0.0.1

The linux machine itself has internet acces because i can browse websites with lynx.
Maybe I'm forgetting a service that needs to be configured?

Thanks in advance, Cerber4s

arrfab
Site Admin
Posts: 870
Joined: 2005/01/03 21:30:54
Location: /country/belgium
Contact:

Configure CentOS as a router/gateway to the internet

Post by arrfab » 2005/03/27 20:22:25

First of all, just configure only one Default gateway (this seems logical).
Have you enabled ip forwarding ? (echo 1 > /proc/sys/net/ipv4/ip_forward)
Which iptables rules do you have configured ?
Normally the following (MINIMAL !) script will help you to configure your CentOS Box as a small router/firewall

#!/bin/bash

# Load useful kernel modules
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
modprobe ip_nat_ftp
# Disabling ECN if enabled (explicit congestion notification
if [ -e /proc/sys/net/ipv4/tcp_ecn ]
then
echo 0 > /proc/sys/net/ipv4/tcp_ecn
fi

# Enabling forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# AntiSpoofing protection
for x in lo eth0 eth1
do
echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter
done

# Here is the place to define some variables

iptables="/sbin/iptables"
publicaddr="10.0.01"
privateaddr="192.168.0.1"
any="0.0.0.0/0"
localnet="192.168.0.0/24"

#First, flushing the existing rules
$iptables -F INPUT
$iptables -F OUTPUT
$iptables -F FORWARD
$iptables -F -t nat

#Now defining the standard policy
$iptables -P INPUT DROP
$iptables -P OUTPUT ACCEPT
$iptables -P FORWARD ACCEPT

#Defining the real stuff !

# Allow access to the firewall from the localnet
$iptables -A INPUT -s $localnet -d $privateaddr -j ACCEPT
$iptables -A INPUT -s $localnet -d $publicaddr -j ACCEPT

# Allow access from ourself to us !
$iptables -A INPUT -i lo -j ACCEPT

# Allow the firewall box to access the internet
$iptables -A INPUT -s $any -d $publicaddr -m state --state ESTABLISHED,RELATED -j ACCEPT

# Should we masquerade the localnet to internet ?
$iptables -t nat -A POSTROUTING -s $localnet -d $any -j MASQUERADE


Note that this little script is MINIMAL .... for better firewall rules, man iptables ...
:-D
You can call this script in /etc/rc.local ...

Hope this helps ...

cerber4s
Posts: 2
Joined: 2005/03/17 13:06:11
Contact:

Re: Configure CentOS as a router/gateway to the internet

Post by cerber4s » 2005/04/11 11:33:20

thank you verry much arrfab

i am only learning linux now, the
script is very helpfull :)

thanks a lot :D

Post Reply

Return to “CentOS 4 - Networking Support”