User:Bmfmyth
Router Setup Setting up Router/Default Gateway with Redhat 9.0 Tutorial
By: Brant Freidank (darkmyth at [H]ardForum) ( myth + admin at http://darkmyth.proboards27.com) (bmfmyth at linuxquestions.org)
First off you need to download these things
Redhat 9.0 distro disks one two and three: http://linuxiso.org/distro.php?distro=7
You then need to burn these disks as an image. I use Nero 6.0 to do this. You can find a demo of Nero 6.0 at nero’s web-site. http://www.nero.com/us/nero6-ultraedition.php
Nano- (editor program for text documents) http://www.nano-editor.org/dist/v1.....2.3-1.i386.rpm
Firestarter- (Easy setup firewall and NAT setup.) http://prdownloads.sourceforge.net/...86.rpm?download
Then select a mirror from that page that’s closest to you.
Dhp-3.0pl2 this is the dhcp server that you will config to give out ip’s to your lan network. http://www.binarycode.org/isc/dhcp/dhcp-3.0pl2.tar.gz
During setup you’ll need to set eth0 as assign by dhcp and start at startup but eth1 you’ll just click start at startup. You then go down to the manual setting for the nic card setup as 10.0.0.1 netmask will be set when you hit enter to go down to the next line. Then put default the gateway as 10.0.0.1 and leave dns and everything below that blank.
Once you are done installing redhat 9.0 on your machine you must install the various programs above and create some files.
First you must install nano by doing this in a terminal
rpm –i nano-1.2.3-1.i386.rpm
Nano is then installed.
Then you must untar dhcp by doing this in a terminal
tar xzvf dhcp-3.0pl2.tar.gz
then cd into dhcp-3.0pl2 directory that is created
type in ./configure then make then make install you now need to get out of the dhcp-3.0pl2 directory by typing this
cd ..
now you should be in a prompt with
root@localhost root#
Now you need to make a few files. You do this by the touch command in your terminal.
touch /etc/dhcpd.conf
you then need to make a directory. You do this by using the mkdir command in your terminal
mkdir /var/state/dhcp
you then make a text file in this directory while still in root
touch /var/state/dhcp/dhcpd.leases
Now you must configure your /etc/dhcpd.conf file. You do this by using nano.
nano /etc/dhcpd.conf
when you are done editing the file press ctrl + x in order to exit and press y to save changes to the file
An example of the my /etc/dhcpd.conf file would be this. (My network is a class A network.)
- /etc/dhcpd.conf
ddns-update-style interim;
subnet 10.0.0.0 netmask 255.255.0.0 { default-lease-time 63000; max-lease-time 72000; option routers 10.0.0.1; option subnet-mask 255.255.0.0; option domain-name-servers this is provided by your isp if there are more than one dns server separate by a comma; range 10.0.0.2 10.0.0.253; }
You now need to make the file /etc/sysconfig/iptables
You again use the touch command to do this.
touch /etc/sysconfig/iptables
once you have created this file you need to go into it and place your iptables rules.
Again nano into the file and enter the following data by using this command
nano /etc/sysconfig/iptables
when you are done editing the file press ctrl + x in order to exit and press y to save changes to the file
An example of my file is:
- iptables - configuration files for iptables in Red Hat Linux 8.0
- This is appropriate for protecting a single workstation.
- The script could be a lot more rigorous, e.g., only allow
- selected outbound ports, rather than allowing all outbound
- traffic, use REJECT rather than DROP, etc. However, the
- goal of this script was to provide some protection for ports
- while minimizing the number of checks made on each packet.
- This file should be owned by user root, group root.
- The permissions on this file should be set to 600.
- Edit lines as necessary, then uncomment (remove hash mark) the
- lines you wish to use.
- Although every precaution has been taken in the preparation of this
- file, the author assumes no responsibility for errors or omissions.
- Neither is any liability assumed for damages resulting from the use of
- the information contained herein.
- m-woo@uiuc.edu 9 Jan 2003
- filter
- INPUT DROP [0:0]
- FORWARD DROP [0:0]
- OUTPUT DROP [0:0]
- Drop all incoming fragments
-A INPUT -i eth0 -f -j DROP
- Drop outside packets with localhost address - anti-spoofing measure
-A INPUT -s 10.0.0.1/255.0.0.0 -i ! lo -j DROP
- Pass all locally-originating packets
-A INPUT -i lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT
- Accept ICMP ping echo request packets
- (this allows other people to ping your machine, among other things),
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
- Accept all traffic from a specific machine with IP x.x.x.x
- replace x.x.x.x with the desired IP, then uncomment the line.
-A INPUT -p tcp -m tcp --syn -s 10.0.0.0 -j ACCEPT
- Accept traffic on port p from a specific machine with IP x.x.x.x
- replace p with the desired port number, and replace x.x.x.x with
- the desired IP, then uncomment the line.
-A INPUT -p tcp -m tcp --syn -s 10.0.0.1 --dport 80 -j ACCEPT
- Accept all inbound ssh traffic
- -A INPUT -p tcp -m tcp --syn --dport 22 -j ACCEPT
- Accept all inbound identd
- -A INPUT -p tcp -m tcp --syn --dport 113 -j ACCEPT
- or you can reject and send back a TCP RST packet instead
- -A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset
- Allow all sendmail SMTP traffic
- -A INPUT -p tcp -m tcp --syn --dport 25 -j ACCEPT
- Allow all sendmail MSA traffic
- -A INPUT -p tcp -m tcp --syn --dport 587 -j ACCEPT
- Allow all web server access (port 80)
-A INPUT -p tcp -m tcp --syn --dport 80 -j ACCEPT
- Allow all secure web server access (port 443)
-A INPUT -p tcp -m tcp --syn --dport 443 -j ACCEPT
- Allow inbound established and related outside communication
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- Drop outside initiated connections
-A INPUT -m state --state NEW -j REJECT
- Allow all outbound tcp, udp, icmp traffic with state
-A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -p udp -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT COMMIT
You also need to add the line
echo 1 > /proc/sys/net/ipv4/ip_forward
to your /etc/rc.d/rc.local file
also hit enter twice after the above line and put
dhcpd
This will automatically start your dhcpd server for you on startup of your machine.
Now you need to install firestarter.
You do this using the rpm command
rpm –i firestarter-0.9.2-3.i386.rpm
Now go into your terminal and run the firestarter setup by typing firestarter and hitting enter.
Setup Guide: 1. A gui setup should pop up. 2. Click Forward 3. There should be two nics detected eth0 and eth1 4. Unclick start at dial out 5. But put a check in IP address assigned via DHCP 6. Then click forward 7. On the next screen click Enable Network Address Translation 8. Then set your internal device as eth1 9. Then click Specify internal network IP range manually 10. Internal network address range 10.0.0.1/8 11. Now click forward 12. Click Enable Public access to the following services: 13. Put a check in www, dns, dhcp, ftp, SSL web, Xwindows, NTP, and POP 14. Now click forward 15. On the next screen click Enable ToS filtering related to the following packets 16. Check everything on the left and then check throughput on the right 17. Now click forward 18. On the next screen click Enable ICMP filtering related to the following packets: 19. Check Echo, Traceroute, MS Traceroute, address masking, and Redirection 20. Now click forward 21. And click save 22. Once you save it and firestarter starts up go into the tab that says Rules. 23. Go to Open ports and double click. Add the ports 80, and 53 24. You can add more ports as you need later on by doing the same thing.
Now reboot your machine by going to your terminal and typing shutdown –r now
Once it reboots log in as root and then go to the redhat toolbar and click the redhat icon go up till you have your mouse over run program. A box will pop up and you need to type in firestarter to run the firestarter program.
Congratulations you have now setup a default gateway and router for your home network. The nic you setup as eth0 will have a strait through cat5 cable going from your cable modem to that nic card. You then Have a crossover cable going from your eth1 card to either your switch if you want to connect more than one computer or directly to the back of your computer if you want to just have one client for the time being, or for just testing purposes.
Comment:
Brant Freidank – Use this and distribute this tutorial to anyone you see fit. You can modify this tutorial to your needs if you wish. But please give credit where it is due for the tutorial.