[ale] Linux box as a router w/DHCP
James Sumners
james.sumners at gmail.com
Sun Jan 21 18:49:36 EST 2007
You should clear tables of old rules before applying new ones.
I'll just go ahead and attach the script I've written for my home
network. It also sets marks for QoS management. I have a wireless card
in my "router" to serve my apartment with wireless; so I have my
network split into two subnets. Hence, lines eight and eleven. Line
eight is actually useless, but is there for future need if it so
arises.
On 1/21/07, Marvin, International Martian of Mystery
<marvin.higginbottom at gmail.com> wrote:
> Bob Kruger wrote:
> > All;
> >
> > I would like to use a Linux box as both a router and as a firewall for a small network going out to the internet. The issue is that the IP address to the ISP varies as it is assigned via a DHCP server. This makes static routing commands problematic.
> >
> > Does anyone know of a good "howto" or tutorial that addresses this and would allow for some sort of dynamic routing configuration when the IP address assigned by the ISP changes?
> >
> > Thanks in advance for any assistance.
> >
> > V/r
> >
> > Bob
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> >
> >
> This is what I use:
>
>
>
> # ### NAT STUFF
> # # EXTERNAL -> external network interface
> # # INTERNAL -> internal network interface
> EXTERNAL=eth1
> INTERNAL=eth0
> echo 1 > /proc/sys/net/ipv4/ip_forward
> echo "Setting up NAT (Network Address Translation)..."
> # by default, nothing is forwarded.
> # iptables -P FORWARD DROP
>
> # # Allow all connections OUT and only related ones IN
> iptables -A FORWARD -i $EXTERNAL -o $INTERNAL -m state --state
> ESTABLISHED,R
> iptables -A FORWARD -i $INTERNAL -o $EXTERNAL -j ACCEPT
> # enable MASQUERADING
> iptables -t nat -A POSTROUTING -o $EXTERNAL -j MASQUERADE
>
> iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
> iptables -A INPUT -p 47 -j ACCEPT
>
>
> ## ### forward some ports ###################################
> iptables -t nat -A PREROUTING -p tcp -d 71.56.13.176 \
> --dport 5900 -j DNAT --to 192.168.2.1:5900
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
--
James Sumners
http://james.roomfullofmirrors.com/
"All governments suffer a recurring problem: Power attracts
pathological personalities. It is not that power corrupts but that it
is magnetic to the corruptible. Such people have a tendency to become
drunk on violence, a condition to which they are quickly addicted."
Missionaria Protectiva, Text QIV (decto)
CH:D 59
-------------- next part --------------
A non-text attachment was scrubbed...
Name: firewall.sh
Type: application/x-sh
Size: 5238 bytes
Desc: not available
More information about the Ale
mailing list