|
Home > Archive > Red Hat Networking > January 2004 > Windows network using Linux server as router / firewall
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Windows network using Linux server as router / firewall
|
|
| Micah Clarke 2004-01-23, 7:48 pm |
| Hi,
I've got a couple of Windows boxes attached to my Linux box via a hub. The
Linux box has a second NIC which I want to plug into my cable modem. I
can't get the bloody routing to work properly. Does anyone know of a good
site describing this sort of situation. I've googled all over the place and
can't find anything that works.
Cheers,
Micah
| |
| Ronald van der Westen 2004-01-23, 7:48 pm |
| Micah Clarke wrote:quote:
> Hi,
>
> I've got a couple of Windows boxes attached to my Linux box via a hub. The
> Linux box has a second NIC which I want to plug into my cable modem. I
> can't get the bloody routing to work properly. Does anyone know of a good
> site describing this sort of situation. I've googled all over the place and
> can't find anything that works.
>
> Cheers,
> Micah
>
>
try iptables
search @ google for MASQUERADING
something that could work....
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
if the eth0 is the interface of your internet connection
| |
| Micah Clarke 2004-01-23, 7:48 pm |
| Thanks for the reply.
I've got that far.
On the Windows clients, do I just assign an IP address 10.0.0.x and set the
gateway to my linux box?
Also, what about DNS? I've never bothered setting it up on the linux box.
Can I just point the Windows box at the DHCP assigned DNS address from the
linux box?
What about hostname & domainname? Should they be set to anything or should
I let the DHCP server at my ISP provide that too?
Does the machine have two names? One internal and one external?
Thanks for any help,
Micah
"Ronald van der Westen" <atoi@orange.nl> wrote in message
news:brqj9u$ms8$1@reader08.wxs.nl...quote:
> Micah Clarke wrote:
The[QUOTE][color=darkred]
good[QUOTE][color=darkred]
and[QUOTE][color=darkred]
> try iptables
> search @ google for MASQUERADING
>
> something that could work....
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> if the eth0 is the interface of your internet connection
| |
| Micah Clarke 2004-01-23, 7:48 pm |
| Bugger, just seen ?Žik thread below. I think that's going to answer most of
my questions.
How did I miss that the first time through.
Cheers,
Micah
"Ronald van der Westen" <atoi@orange.nl> wrote in message
news:brqj9u$ms8$1@reader08.wxs.nl...quote:
> Micah Clarke wrote:
The[QUOTE][color=darkred]
good[QUOTE][color=darkred]
and[QUOTE][color=darkred]
> try iptables
> search @ google for MASQUERADING
>
> something that could work....
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> if the eth0 is the interface of your internet connection
| |
| 1-news 2004-01-23, 7:48 pm |
| While Ronald's suggestion works it leaves you open to DOS attacks, etc. What
helped me the most was www.netfilter.org (they write iptables and have
documentation) ;)
"Ronald van der Westen" <atoi@orange.nl> wrote in message
news:brqj9u$ms8$1@reader08.wxs.nl...quote:
> Micah Clarke wrote:
The[QUOTE][color=darkred]
good[QUOTE][color=darkred]
and[QUOTE][color=darkred]
> try iptables
> search @ google for MASQUERADING
>
> something that could work....
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> if the eth0 is the interface of your internet connection
| |
| Alexander Dalloz 2004-01-23, 7:48 pm |
| On Fri, 19 Dec 2003 03:09:53 -0500 1-news wrote:
quote:
> While Ronald's suggestion works it leaves you open to DOS attacks, etc. What
> helped me the most was www.netfilter.org (they write iptables and have
> documentation) ;)
Just a short question: how do you think a netfilter ruleset (set with
iptables i.e.) will protect you against DoS attacks?
Alexander
--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653
| |
|
| On Fri, 19 Dec 2003 17:02:52 +0100, the right honourable Alexander
Dalloz <alexander.dalloz@uni-bielefeld.de> wrote:
quote:
>On Fri, 19 Dec 2003 03:09:53 -0500 1-news wrote:
>
>
>Just a short question: how do you think a netfilter ruleset (set with
>iptables i.e.) will protect you against DoS attacks?
>
>Alexander
By stopping all kinds of stuff in an early stage: not allowing pings
in etc.
You can block broadcasts into your net too.
The linux box does get them, I aggree, but you can keep them from
being processed, and you can keep them out of your net.
But ok, you can't disconnect your cables.
frgr
Erik
| |
|
| On Wed, 17 Dec 2003 13:43:13 -0000, the right honourable "Micah
Clarke" <micahclarke@conandoyle.net> wrote:
quote:
>Hi,
>
>I've got a couple of Windows boxes attached to my Linux box via a hub.
While a hub is cheap, it does broadcast all incoming traffic to ALL
your PC's in the internal net. That's why it's called "dumb".
That is why a hub is, technically, not the best choice.
But the problem may be small in a small net.
A switch learns which IP address is on which socket/cable and sends
packets only to the right PC.
Hubs are not sold often anymore.
I had difficulty finding a hub a few weeks ago. I needed a hub and no
switch.
Everybody uses switches these days.
frgr
Erik
|
|
|
|
|