Set up a router or default gateway with Redhat 9.0

From LQWiki
Jump to: navigation, search

To Set up Router/Default Gateway with Redhat 9.0 you need to download a few things:

  • Redhat 9.0 distro disks one, two and three: linuxiso.org. You then need to burn these disks as images. I use Nero 6.0 to do this. You can find a demo of Nero 6.0 at Nero’s web-site. nero.com
  • Firestarter - Easy setup firewall and NAT setup :[1]. Then select a mirror from that page that’s closest to you.
  • Dhcp-3.0pl2 this is the DHCP server that you will config to give out IP’s to your lan network : [2]

Configuring setup

During setup you’ll need to set eth0 as assign by dhcp and start at startup but eth1 you’ll just click start at startup. You then go down to the manual setting for the NIC card setup as 10.0.0.1 netmask will be set when you hit enter to go down to the next line. Then put default the gateway as 10.0.0.1 and leave DNS and everything below that blank.

Once you are done installing Redhat 9.0 on your machine you must install the various programs above and create some files.

Then you must untar dhcp by doing this in a terminal

# tar xzvf dhcp-3.0pl2.tar.gz 

then cd into dhcp-3.0pl2 directory that is created. Type in ./configure then make then make install you now need to get out of the dhcp-3.0pl2 directory by typing this

# cd .. 

Dhcpd

now you should be in a prompt with

root@localhost root# 

Now you need to make a few files. You do this by the touch command in your terminal.

# touch /etc/dhcpd.conf 

you then need to make a directory. You do this by using the mkdir command in your terminal

# mkdir /var/state/dhcp 

you then make a text file in this directory while still in root

# touch /var/state/dhcp/dhcpd.leases 

Now you must configure your /etc/dhcpd.conf file. Using nano:

# nano /etc/dhcpd.conf 

(here nano is used as an editor but any other available editor like vi, emacs will do equally well). An example of a /etc/dhcpd.conf file would be this (class A network):

ddns-update-style interim; 
subnet 10.0.0.0 netmask 255.255.0.0 { 
  default-lease-time 63000; 
  max-lease-time 72000; 
  option routers 10.0.0.1; 
  option subnet-mask 255.255.0.0; 
  option [domain-name-servers] 
  range 10.0.0.2 10.0.0.253; 
} 

domain-name-servers are provider-dependant, use ip-address of router; if there are more than one dns server separate by a comma;

iptables

You now need to make the file /etc/sysconfig/iptables. You again use the touch command to do this.

# touch /etc/sysconfig/iptables 

Once you have created this file you need to go into it and place your iptables rules. Again edit the file and enter the following data (using nano):

# nano /etc/sysconfig/iptables 

An example of /etc/sysconfig/iptables is:

#iptables - configuration files for iptables in Red Hat Linux 8.0 
#This is appropriate for protecting a single workstation. 

#The script could be a lot more rigorous, e.g., only allow 
#selected outbound ports, rather than allowing all outbound 
#traffic, use REJECT rather than DROP, etc. However, the 
#goal of this script was to provide some protection for ports 
#while minimizing the number of checks made on each packet.  

#This file should be owned by user root, group root. 
#The permissions on this file should be set to 600. 

#Edit lines as necessary, then uncomment (remove hash mark) the 
#lines you wish to use. 

#Although every precaution has been taken in the preparation of this 
#file, the author assumes no responsibility for errors or omissions. 
#Neither is any liability assumed for damages resulting from the use of 
#the information contained herein. 

#m-woo@uiuc.edu 9 Jan 2003 

filter 
INPUT DROP [0:0] 
FORWARD DROP [0:0] 
OUTPUT DROP [0:0] 

#Drop all incoming fragments 
-A INPUT -i eth0 -f -j DROP 

#Drop outside packets with localhost address - anti-spoofing measure 
-A INPUT -s 10.0.0.1/255.0.0.0 -i ! lo -j DROP 

#Pass all locally-originating packets 
-A INPUT -i lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT 

#Accept ICMP ping echo request packets 
#(this allows other people to ping your machine, among other things), 
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT 

#Accept all traffic from a specific machine with IP x.x.x.x 
#replace x.x.x.x with the desired IP, then uncomment the line. 
-A INPUT -p tcp -m tcp --syn -s 10.0.0.0 -j ACCEPT 

#Accept traffic on port p from a specific machine with IP x.x.x.x 
#replace p with the desired port number, and replace x.x.x.x with 
#the desired IP, then uncomment the line. 
-A INPUT -p tcp -m tcp --syn -s 10.0.0.1 --dport 80 -j ACCEPT 

#Accept all inbound ssh traffic 
-A INPUT -p tcp -m tcp --syn --dport 22 -j ACCEPT 

#Accept all inbound identd 
-A INPUT -p tcp -m tcp --syn --dport 113 -j ACCEPT 
#or you can reject and send back a TCP RST packet instead 
-A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset 

#Allow all sendmail SMTP traffic 
-A INPUT -p tcp -m tcp --syn --dport 25 -j ACCEPT 

#Allow all sendmail MSA traffic 
-A INPUT -p tcp -m tcp --syn --dport 587 -j ACCEPT  

#Allow all web server access (port 80) 
-A INPUT -p tcp -m tcp --syn --dport 80 -j ACCEPT 

#Allow all secure web server access (port 443) 
-A INPUT -p tcp -m tcp --syn --dport 443 -j ACCEPT 

#Allow inbound established and related outside communication 
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 

#Drop outside initiated connections 
-A INPUT -m state --state NEW -j REJECT 

#Allow all outbound tcp, udp, icmp traffic with state 
-A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT 
-A OUTPUT -p udp -m state --state NEW,ESTABLISHED -j ACCEPT 
-A OUTPUT -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT 
COMMIT 

You also need to add the line

echo 1 > /proc/sys/net/ipv4/ip_forward 

to your /etc/rc.d/rc.local file

also hit enter twice after the above line and put

dhcpd 

This will automatically start your dhcpd server for you on startup of your machine.

Firestarter firewall

Now you need to install firestarter. You do this using the rpm command

# rpm –i firestarter-0.9.2-3.i386.rpm 

Now go into your terminal and run the firestarter setup by typing firestarter and hitting enter.

Setup Guide:

  1. A gui setup should pop up.
    1. Click Forward
  2. There should be two nics detected: eth0 and eth1
    1. Unclick start at dial out
    2. But put a check in IP address assigned via DHCP
    3. Then click forward
  3. On the next screen click Enable Network Address Translation
    1. Then set your internal device as eth1
    2. Then click Specify internal network IP range manually
    3. Internal network address range 10.0.0.1/8
    4. Now click forward
  4. Click Enable Public access to the following services:
    1. Put a check in www, dns, dhcp, ftp, SSL web, Xwindows, NTP, and POP
    2. Now click forward
  5. On the next screen click Enable ToS filtering related to the following packets
    1. Check everything on the left and then check throughput on the right
    2. Now click forward
  6. On the next screen click Enable ICMP filtering related to the following packets:
    1. Check Echo, Traceroute, MS Traceroute, address masking, and Redirection
    2. Now click forward
  7. And click save
  8. Once you save it and firestarter starts up go into the tab that says Rules.
    1. Go to Open ports and double click. Add the ports 80, and 53
  9. You can add more ports as you need later on by doing the same thing.

Now reboot your machine by going to your terminal and typing shutdown –r now

Once it reboots log in as root and then go to the Redhat toolbar and click the Redhat icon go up till you have your mouse over run program. A box will pop up and you need to type in firestarter to run the Firestarter program.

Congratulations! You have now set up a default gateway and router for your home network. The nic you setup as eth0 will have a strait through cat5 cable going from your cable modem to that nic card. You then have a crossover cable going from your eth1 card to either your switch, if you want to connect more than one computer, or directly to the back of another computer if you want to just have one client for the time being, or for just testing purposes.