User:Bmfmyth

From LQWiki
Jump to navigation Jump to search

Router Setup Setting up Router/Default Gateway with Redhat 9.0 Tutorial

By: Brant Freidank (darkmyth at [H]ardForum) ( myth + admin at http://darkmyth.proboards27.com) (bmfmyth at linuxquestions.org)

First off you need to download these things

Redhat 9.0 distro disks one two and three: http://linuxiso.org/distro.php?distro=7

You then need to burn these disks as an image. I use Nero 6.0 to do this. You can find a demo of Nero 6.0 at nero’s web-site. http://www.nero.com/us/nero6-ultraedition.php

Nano- (editor program for text documents) http://www.nano-editor.org/dist/v1.....2.3-1.i386.rpm

Firestarter- (Easy setup firewall and NAT setup.) http://prdownloads.sourceforge.net/...86.rpm?download

Then select a mirror from that page that’s closest to you.

Dhp-3.0pl2 this is the dhcp server that you will config to give out ip’s to your lan network. http://www.binarycode.org/isc/dhcp/dhcp-3.0pl2.tar.gz


During setup you’ll need to set eth0 as assign by dhcp and start at startup but eth1 you’ll just click start at startup. You then go down to the manual setting for the nic card setup as 10.0.0.1 netmask will be set when you hit enter to go down to the next line. Then put default the gateway as 10.0.0.1 and leave dns and everything below that blank.

Once you are done installing redhat 9.0 on your machine you must install the various programs above and create some files.

First you must install nano by doing this in a terminal

rpm –i nano-1.2.3-1.i386.rpm

Nano is then installed.

Then you must untar dhcp by doing this in a terminal

tar xzvf dhcp-3.0pl2.tar.gz

then cd into dhcp-3.0pl2 directory that is created

type in ./configure then make then make install you now need to get out of the dhcp-3.0pl2 directory by typing this

cd ..

now you should be in a prompt with

root@localhost root#

Now you need to make a few files. You do this by the touch command in your terminal.

touch /etc/dhcpd.conf

you then need to make a directory. You do this by using the mkdir command in your terminal

mkdir /var/state/dhcp

you then make a text file in this directory while still in root

touch /var/state/dhcp/dhcpd.leases

Now you must configure your /etc/dhcpd.conf file. You do this by using nano.

nano /etc/dhcpd.conf

when you are done editing the file press ctrl + x in order to exit and press y to save changes to the file

An example of the my /etc/dhcpd.conf file would be this. (My network is a class A network.)

  1. /etc/dhcpd.conf

ddns-update-style interim;

subnet 10.0.0.0 netmask 255.255.0.0 { default-lease-time 63000; max-lease-time 72000; option routers 10.0.0.1; option subnet-mask 255.255.0.0; option domain-name-servers this is provided by your isp if there are more than one dns server separate by a comma; range 10.0.0.2 10.0.0.253; }




You now need to make the file /etc/sysconfig/iptables

You again use the touch command to do this.

touch /etc/sysconfig/iptables

once you have created this file you need to go into it and place your iptables rules.

Again nano into the file and enter the following data by using this command

nano /etc/sysconfig/iptables

when you are done editing the file press ctrl + x in order to exit and press y to save changes to the file

An example of my file is:

  1. iptables - configuration files for iptables in Red Hat Linux 8.0
  2. This is appropriate for protecting a single workstation.
  3. The script could be a lot more rigorous, e.g., only allow
  4. selected outbound ports, rather than allowing all outbound
  5. traffic, use REJECT rather than DROP, etc. However, the
  6. goal of this script was to provide some protection for ports
  7. while minimizing the number of checks made on each packet.
  8. This file should be owned by user root, group root.
  9. The permissions on this file should be set to 600.
  10. Edit lines as necessary, then uncomment (remove hash mark) the
  11. lines you wish to use.
  12. Although every precaution has been taken in the preparation of this
  13. file, the author assumes no responsibility for errors or omissions.
  14. Neither is any liability assumed for damages resulting from the use of
  15. the information contained herein.
  16. m-woo@uiuc.edu 9 Jan 2003
  • filter
INPUT DROP [0:0]
FORWARD DROP [0:0]
OUTPUT DROP [0:0]
    1. Drop all incoming fragments

-A INPUT -i eth0 -f -j DROP

    1. Drop outside packets with localhost address - anti-spoofing measure

-A INPUT -s 10.0.0.1/255.0.0.0 -i ! lo -j DROP

    1. Pass all locally-originating packets

-A INPUT -i lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT

    1. Accept ICMP ping echo request packets
    2. (this allows other people to ping your machine, among other things),

-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

    1. Accept all traffic from a specific machine with IP x.x.x.x
    2. replace x.x.x.x with the desired IP, then uncomment the line.

-A INPUT -p tcp -m tcp --syn -s 10.0.0.0 -j ACCEPT

    1. Accept traffic on port p from a specific machine with IP x.x.x.x
    2. replace p with the desired port number, and replace x.x.x.x with
    3. the desired IP, then uncomment the line.

-A INPUT -p tcp -m tcp --syn -s 10.0.0.1 --dport 80 -j ACCEPT

    1. Accept all inbound ssh traffic
  1. -A INPUT -p tcp -m tcp --syn --dport 22 -j ACCEPT
    1. Accept all inbound identd
  1. -A INPUT -p tcp -m tcp --syn --dport 113 -j ACCEPT
    1. or you can reject and send back a TCP RST packet instead
  2. -A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset
    1. Allow all sendmail SMTP traffic
  1. -A INPUT -p tcp -m tcp --syn --dport 25 -j ACCEPT
    1. Allow all sendmail MSA traffic
  1. -A INPUT -p tcp -m tcp --syn --dport 587 -j ACCEPT
    1. Allow all web server access (port 80)

-A INPUT -p tcp -m tcp --syn --dport 80 -j ACCEPT

    1. Allow all secure web server access (port 443)

-A INPUT -p tcp -m tcp --syn --dport 443 -j ACCEPT

    1. Allow inbound established and related outside communication

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

    1. Drop outside initiated connections

-A INPUT -m state --state NEW -j REJECT

    1. Allow all outbound tcp, udp, icmp traffic with state

-A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -p udp -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT COMMIT

You also need to add the line

echo 1 > /proc/sys/net/ipv4/ip_forward

to your /etc/rc.d/rc.local file

also hit enter twice after the above line and put

dhcpd

This will automatically start your dhcpd server for you on startup of your machine.

Now you need to install firestarter.

You do this using the rpm command

rpm –i firestarter-0.9.2-3.i386.rpm

Now go into your terminal and run the firestarter setup by typing firestarter and hitting enter.

Setup Guide: 1. A gui setup should pop up. 2. Click Forward 3. There should be two nics detected eth0 and eth1 4. Unclick start at dial out 5. But put a check in IP address assigned via DHCP 6. Then click forward 7. On the next screen click Enable Network Address Translation 8. Then set your internal device as eth1 9. Then click Specify internal network IP range manually 10. Internal network address range 10.0.0.1/8 11. Now click forward 12. Click Enable Public access to the following services: 13. Put a check in www, dns, dhcp, ftp, SSL web, Xwindows, NTP, and POP 14. Now click forward 15. On the next screen click Enable ToS filtering related to the following packets 16. Check everything on the left and then check throughput on the right 17. Now click forward 18. On the next screen click Enable ICMP filtering related to the following packets: 19. Check Echo, Traceroute, MS Traceroute, address masking, and Redirection 20. Now click forward 21. And click save 22. Once you save it and firestarter starts up go into the tab that says Rules. 23. Go to Open ports and double click. Add the ports 80, and 53 24. You can add more ports as you need later on by doing the same thing.

Now reboot your machine by going to your terminal and typing shutdown –r now

Once it reboots log in as root and then go to the redhat toolbar and click the redhat icon go up till you have your mouse over run program. A box will pop up and you need to type in firestarter to run the firestarter program.

Congratulations you have now setup a default gateway and router for your home network. The nic you setup as eth0 will have a strait through cat5 cable going from your cable modem to that nic card. You then Have a crossover cable going from your eth1 card to either your switch if you want to connect more than one computer or directly to the back of your computer if you want to just have one client for the time being, or for just testing purposes.



Comment:

Brant Freidank – Use this and distribute this tutorial to anyone you see fit. You can modify this tutorial to your needs if you wish. But please give credit where it is due for the tutorial.