Introduction: Multiple Network Cards.

Picture of Multiple Network Cards.

We will look at how to set up multiple network cards on linux.

  • Multihomed network (no routing).
  • Multihomed network with routing.
  • Allow more band width usubg multiple nics.
  • One nic multiple ip addresses.
  • Doubly complicated.
  • Simple router.

You can get a barrel to ps/2 adapter to use your newer keyboard with the older machines. They are harder and harder to find

Step 1: Multihomed Network (no Routing).

Picture of Multihomed Network (no Routing).

More and more people are wanting to separate their private network from the internet but still want to access both for a system or two. No problem. You can set up multihomed nics faily easily and all things being equal, no packets should go between the two.

If you have 2 NIC (network Lan card) each connected to different networks:

=> eth0: 192.168.1.0/24
=> eth1: 192.168.2.0/24

Consider above setup. Now if you want to route traffic to connected network only (eth0 and eth1) w/o setting Linux server as a router. This is generally called multi homing setup. You don't have to setup Linux box as a router to use multi homing :). Just assign as IP address to each NIC and you are done.

How do I configure Linux multi homing?

Just assign each interface IP address using ifconfig or use DHCP and multi homing will be turned on:

# ifconfig eth0 192.168.1.254 up
# ifconfig eth1 192.168.2.254 up


Commonly, most admin confuse the idea of multi-homing with the concept of routing or IP forwarding. Once two IP address assigned your system follows the default. No special configuration needed. Your multi-homing is up and running :).

 Private network setup:
https://www.instructables.com/id/Your-personal-intranet-Part-1/
https://www.instructables.com/id/Your-personal-intranet-Part-2/

Step 2: Multihomed Network With Routing.

Picture of Multihomed Network With Routing.

How do I configure Linux multi homing?

Just assign each interface IP address using ifconfig or use DHCP and multi homing will be turned on:

# ifconfig eth0 192.168.1.254 up<br> # ifconfig eth1 192.168.2.254 up

Commonly, most admin confuse the idea of multi-homing with the concept of routing or IP forwarding. Once two IP address assigned your system follows the default. No special configuration needed. Your multi-homing is up and running :).

Additional routing

You can turn on additional routing feature, with multi-homing. Just enable forwarding:

# echo 1 > /proc/sys/net/ipv4/ip_forwarding

If you reboot system you will lost additional routing setup. Add following line to your /etc/sysctl.conf file:

# vi /etc/sysctl.conf Add following line:net.ipv4.ip_forward = 1

Save and type command:# sysctl -p

But, what is the difference between routing and multi homing setup?

=> Multi homing route traffic to each connected network but no frames are forwarded between two networks.
=> Routing forward frames between two networks. See these (setup Linux as a router for DSL, T1 line etc) previous articles (setup vmware host router) on how to setup Linux as a router.

Step 3: Allow More Band Width Usubg Multiple Nics.

Picture of Allow More Band Width Usubg Multiple Nics.

If you server that has a nic that is getting overloaded, you can have multiple nics to act as one. The first step is to rename the server-change /etc/sysconfig/network to match your new server name.That’s easy :)

Now to the bonding driver. RHEL6 and OL 6 have deprecated /etc/modprobe.conf in favour of /etc/modprobe.d and its configuration files. It’s still necessary to tell the kernel that it should use the bonding driver for my new device, bond0 so I created a new file /etc/modprobe.d/bonding.conf with just one line in it:

alias bond0 bonding

That’s it, don’t put any further information about module parameters in the file, this is deprecated. The documentation clearly states “Important: put all bonding module parameters in ifcfg-bondN files”.

Now I had to create the configuration files for eth0, eth1 and bond0. They are created as follows:

You need to install or create the three attached files:

File: ifcfg-eth0

File: ifcfg-eth1

ifcfg-bond0

Have a look at the documentation for more detail about the options.

The test is going to be simple: first I’ll bring up the interface bond0 by issuing a “system network restart” command on the xen console, followed by a “xm network-detach” command.The output of the network restart command is here:

$ sudo service network restart

  • Shutting down loopback interface: [ OK ]

  • Bringing up loopback interface: [ OK ]

  • Bringing up interface bond0: [ OK ]

$ sudo ifconfig

  • bond0 Link encap:Ethernet HWaddr 00:16:1E:1B:1D:1F
    inet addr:192.168.99.126 Bcast:192.168.99.255 Mask:255.255.255.0 inet6 addr: fe80::216:1eff:fe1b:1d1f/64 Scope:Link UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1 RX packets:297 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:9002 (8.7 KiB) TX bytes:1824 (1.7 KiB) eth0 Link encap:Ethernet HWaddr 00:16:1E:1B:1D:1F UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1 RX packets:214 errors:0 dropped:0 overruns:0 frame:0 TX packets:22 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6335 (6.1 KiB) TX bytes:1272 (1.2 KiB) Interrupt:18 eth1 Link encap:Ethernet HWaddr 00:16:1E:1B:1D:1F UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1 RX packets:83 errors:0 dropped:0 overruns:0 frame:0 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2667 (2.6 KiB) TX bytes:552 (552.0 b) Interrupt:17 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

Look in /var/log/messages: for additional details.

  • May 1 07:55:49 rhel6ref kernel: bonding: bond0: Setting MII monitoring interval to 1000.
    May 1 07:55:49 rhel6ref kernel: bonding: bond0: setting mode to active-backup (1). May 1 07:55:49 rhel6ref kernel: ADDRCONF(NETDEV_UP): bond0: link is not ready May 1 07:55:49 rhel6ref kernel: bonding: bond0: Adding slave eth0.

    May 1 07:55:49 rhel6ref kernel: bonding: bond0: Warning: failed to get speed and duplex from eth0, assumed to be 100Mb/sec and Full. May 1 07:55:49 rhel6ref kernel: bonding: bond0: making interface eth0 the new active one. May 1 07:55:49 rhel6ref kernel: bonding: bond0: first active interface up! May 1 07:55:49 rhel6ref kernel: bonding: bond0: enslaving eth0 as an active interface with an up link. May 1 07:55:49 rhel6ref kernel: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready May 1 07:55:49 rhel6ref kernel: bonding: bond0: Adding slave eth1.

    May 1 07:55:49 rhel6ref kernel: bonding: bond0: Warning: failed to get speed and duplex from eth1, assumed to be 100Mb/sec and Full. May 1 07:55:49 rhel6ref kernel: bonding: bond0: enslaving eth1 as a backup interface with an up link.

Step 4: One Nic Multiple Ip Addresses.

Picture of One Nic Multiple Ip Addresses.

Today I got a new IP address for a server and I had to assign it to the same NIC as my current IP address.
So?! How do you do that on a Debian or Ubuntu server?

It is actually very simple. On Ubuntu you go to /etc/network and edit the interfaces file. It should already include a definition for eth0 (virtual machines will have something else than eth0).

# The loopback network interface auto lo iface lo inet loopback

# The primary network interface auto eth0 iface eth0 inet static address 192.168.1.1 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1

auto eth0:0 iface eth0:0 inet static name Alias for Foo address 192.168.1.2 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1

I marked in red what is different between both definitions.

Once you write that file to disk, you can start that interface with the ifup command:

ifup eth0:0

Now it is up and running (unless you got tons of errors?) Obviously, the eth0 interface is expected to already be up. You cannot start an alias if the main interface is not running.

To verify that the new interface is up and running, use the ifconfig command as in:

ifconfig

This command lists all the interfaces, including aliases. Note that aliases do not list the number of packets transfered since they are considered 100% similar to the main interface. This also applies to the firewall. In other words, you probably won't have to make any changes to your firewall...1

You can add more changing the number after the colon, for instance eth0:1, eth0:2, etc.

To be noted: You are limited to 254 aliases (0 to 254 + main interface, that's 255 IPs per NIC!)

But outbound traffic comes from the wrong IP address now!

Another problem you will run into is the randomness of the IP address used to send traffic from your server to the world. In general it won't matter, unless you have processes doing things like backups that need firewall like protection and you want to make sure that only one address is used.

In that case, you want to add a new route. On the command line, it looks like this:

route add -host 1.2.3.4 dev eth0

The IP address 1.2.3.4 is an external IP (another computer on your local network or on the Internet.) All traffic sent to that server will be forced through eth0.

If you want all your traffic to go through eth0, then don't specify the destination IP as in:

route dev eth0

This uses 0.0.0.0 as the destination IP address which is the any IP wildcard.

To keep the route permanent (i.e. set again on reboot) add it to the interface file as follow:

up route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 eth0 You can enter whatever route command you need to make your system work. Just tweak the parameters as required for your network.

Somehow now Postfix is using the wrong IP address

The route trick is not likely to work right with Postfix. What you want is to edit the settings and add the IP address to be used with SMTP. That's usually very important for other mail system to verify your PTR.

The settings go in main.cf and look like this:

smtp_bind_address=1.2.3.4

You may include several IPs, such as localhost, separated by commas. Although at this point I did not find that there was a need for anything more.

More information

For more details about all the options available in the interface file, check out the man page of the same name:

man interfaces

Step 5: Doubly Complicated.

Picture of Doubly Complicated.

We are mirroring the network cards so that if one line becomes disconnected, there is still communication between the systems. Network cards are usually joined. For more details see:

http://www.cyberciti.biz/tips/debian-ubuntu-teaming-aggregating-multiple-network-connections.html

Step 6: Simple Router.

Picture of Simple Router.

Try this at your own risk.

Had you ever need of simple routing, like sharing your connection to other computer?
I had :) so here is a script which turns my laptop into a router, simple configuration, one command, to run it save the script as router.sh

#!/bin/bash

#configuration IF_LOC=eth0 IP_LOC=192.168.67 IF_NET=wlan0

#script IF_NET=$(ifconfig $IF_NET | awk '/inet/ {print $2}' | grep -o '[0-9]*\.[0-9]*\.[0-9]*')

#connect iptables-save > /dev/shm/old_routes ifconfig $IF_LOC inet $IP_LOC.1 ip route add $IP_LOC.0/24 dev $IF_LOC src $IP_LOC.1 iptables -t nat -A POSTROUTING -s $IF_NET.0/24 -j MASQUERADE

if ip route | grep $IP_LOC.1 >/dev/null then #message clear echo "Enter this information in connected machines:" echo "IP address : $IP_LOC.2-254" echo "Netmask : 255.255.255.0" echo "Gateway : $IP_LOC.1" echo "DNS : $(echo -n $(awk '/^nameserver/ {print $2}' /etc/resolv.conf))" echo "" echo "Press ENTER to continue." read

#monitor connection iftop -i $IF_LOC

else echo "Error setting up network" fi

#disconnect ip route del $IP_LOC.0/24 dev $IF_LOC ifconfig $IF_LOC down iptables-restore < /dev/shm/old_routes rm /dev/shm/old_routes

#end

and give execute rights to the script:

chmod +x router.sh

now just run it:

sudo ./router.sh

Script will show configuration of new created network

Enter this information in connected machines: IP address : 192.168.67.2-254 Netmask : 255.255.255.0 Gateway : 192.168.67.1 DNS : 217.172.224.160 89.228.6.21

Press ENTER to continue.

and start monitor its traffic, to quit routing hit q or CTRL+C

It is simplest way to start sharing internet I know off

Step 7: Dnsmasq

Picture of Dnsmasq

One thing that you home router provides is internet protocol
addresses to every machine on the network with out you having to manually assign the ipaddresses (aka computer telephone numbers) to all the systems that request an address. It also associates hostnames for system connected to it like a telephone book. If for some reason your router fails, you can use an existing system to replace those services. You just need to install a software package known as Dnsmasq. In fact. that is the exact software most routers use to be a localize domain name services. You will want to use an extra nic so that later you can turn the system into a router.

From the Debian wiki.

Dnsmasq is a lightweight, easy to configure, DNS forwarder and DHCP server. It is designed to provide DNS and optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP/TFTP for network booting of diskless machines (source: from the package description).

Basic DNS setup

First things first, let’s install the package:

apt-get update apt-get install dnsmasq

If your goal was to set up a simple DNS server, you just succeeded. To test it, use your favorite DNS lookup tool pointed at localhost:

dig debian.org @localhost

or

nslookup debian.org localhost

By default, DNS is configured to forward all requests to your system’s default DNS settings. In case you didn’t know, these are stored in the /etc/resolv.conf file. See Debian Reference or the resolv.conf(5) man page for more details.

Now, if you want to add some names for your DNS server to resolve for your clients, simply add them to your /etc/hosts file.

Interfaces

One thing you will probably want to do is tell dnsmasq which ethernet interface it can and cannot listen on, as we really don’t want it listening on the internet. Around line 69 of the /etc/dnsmasq.conf file, you will see:

#interface=

Uncomment the line and specify which ethernet interface(s) you want it server IPs to. For example, if I want it to listen on eth1 (my DMZ) and eth2 (my local network), then it should look like:

interface=eth1 interface=eth2

If I didn’t edit this line, it would also listen on eth0, my internet connection. I personally wouldn’t recommend this, as it gives those evil guys a few doors to try to break into.

Basic dhcp setup

By default, DHCP is turned off. This is a good thing, as you could bring down whatever network you are connected to if you are not careful.

To enable it, there is at least one line will need to edit in the /etc/dnsmasq.conf file. Around line 143, you will see: Make sure the existing network you are plugging into is not 192.168.0.x

#dhcp-range=192.168.0.50,192.168.0.150,12h

To enable the DHCP server, you will need to give it a range of IP addresses to hand out. In the example above, this server would hand out 101 address starting at 192.168.0.50 and ending at 192.168.0.150. The last number is how long the DHCP leases are good for. In this example, they would be good for twelve hours.

(Assuming he is using three nics and you are not using an existing device using dnsmasq) Since I have two different networks that need DHCP, I’m going to change that line to:

dhcp-range=eth1,192.168.100.100,192.168.100.199,4h dhcp-range=eth2,192.168.200.100,192.168.200.199,4h

Notice the “eth1″ and “eth2″ labels in the lines above? The aren’t necessary, but definitely help once you start playing with more advanced configurations. It also helps me remember which range is which. Now restart your dnsmasq server, connect up a few clients, and see if they autoconfigure themselves:

/etc/init.d/dnsmasq restart

Local caching

Using dnsmasq to cache DNS queries for the local machine is a bit tricky, since all DNS queries from the local machine need to go to dnsmasq, while as the same time, dnsmasq must be configured to forward all those queries to upstream DNS servers.

Do not use this configuration if you use different network (e.g If you use a laptop!)

The dnsmasq(8) man page suggests the following:

In order to configure dnsmasq to act as cache for the host on which it is running, put “nameserver 127.0.0.1″ in /etc/resolv.conf to force local processes to send queries to dnsmasq. Then either specify the upstream servers directly to dnsmasq using –server options or put their addresses real in another file, say /etc/resolv.dnsmasq and run dnsmasq with the -r /etc/resolv.dnsmasq option. This second technique allows for dynamic update of the server addresses by PPP or DHCP.

There is, however, a simpler method; simply ensure that the machine’s list of nameservers contains the line

nameserver 127.0.0.1

as the first line, followed by the upstream nameservers. dnsmasq is smart enough to ignore this line and forward all queries appropriately, while all other applications will send all their queries to dnsmasq.

Exaclty how to do this depends on the method(s) of network configuration in use. If you’re manually hardcoding the nameservers (either in /etc/resolv.conf or elsewhere, such as a stanza in /etc/network/interfaces or in the Wicd GUI), then just add a reference to 127.0.0.1 as the first entry in the list. If you’re using DHCP, then instruct your client to prepend 127.0.0.1 to the DHCP servers it receives.

E.g., with dhclient, include the line

prepend domain-name-servers 127.0.0.1;

in the dhclient configuration file (/etc/dhcp3/dhclient.conf). [On my Sid system, the default configuration file shipped with the package contains that line, but commented out.] Note: that if you plan to use dnsmasq for the local system only, you should lock it down by adding the line

listen-address=127.0.0.1

to the dnsmasq configuration file (/etc/dnsmasq.conf).

Step 8: Router.

Picture of Router.

Debian gateway/router.

A multitude of reasons exist as to why one would want to build a custom router vs. suffer with the performance, reliability issues, and limitations of an off-the-shelf solution. What we are about to do is configure an incredibly fast and stable router/gateway solution for your home/office in about 15 minutes. (Note: This post assumes you already have your machine loaded up with a fresh copy of Debian and you have the two needed NICs installed. With systemd on the horizon, this setup will change. I would probably use auto instead of hotplug to configure the interfaces. First, let’s make three initial assumptions:

eth0 is the public interface (the Cable/DSL modem is attached to this NIC)eth1 is the private interface (your switch is connected to this NIC)All of the client computers, servers, WAPs, etc. are connected to the switch Let’s get started with the configuration. Set your timer and type quickly! :)

1.) Configure the network interfaces

Change the “address”, “netmask”, and “broadcast” values to match your internal network preferences.

nano -w /etc/network/interfaces # The external WAN interface (eth0) # auto eth0 allow-hotplug eth0 iface eth0 inet dhcp

# The internal LAN interface (eth1) # auto eth1 allow-hotplug eth1 iface eth1 inet static address 192.168.0.1 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255

2. Install and configure DNSmasq

DNSmasq is DNS forwarder and DHCP server. Change “domain” to the FQDN of your network and “dhcp-range” to the desired range of DHCP addresses you would like your router to serve out to clients.

apt-get install dnsmasq

nano -w /etc/dnsmasq.conf interface=eth1 #not used this feature buy it might be a good idea. listen-address=127.0.0.1 domain=home.andreimatei.com dhcp-range=192.168.0.100,192.168.0.110,12h

3.) Enable IP Forwarding

Uncomment the following line:

nano -w /etc/sysctl.conf net.ipv4.ip_forward=1

4.) Configure iptables

We create a file called /etc/iptables.rules and put this rule set inside of it. As an example, this set includes allowing tcp traffic in from the outside world on port 222 (I run SSH on this alternate port) and also port-forwards tcp port 50,000 to an internal machine with the ip of 192.168.0.3. Use this as a guide for your own rules. This known as a firewall script. Use this or any other script at your own risk.

nano -w /etc/iptables.rules *nat -A PREROUTING -i eth0 -p tcp -m tcp --dpo rt 50000 -j DNAT --to-destination 192.168.0.3:50000 -A POSTROUTING -o eth0 -j MASQUERADE COMMIT

*filter -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 222 -j ACCEPT -A INPUT -i eth0 -j DROP -A FORWARD -i eth0 -p tcp -m tcp --dport 50000 -m state --state NEW -j ACCEPT COMMIT

5.) Activate your iptables rules

iptables-restore < /etc/iptables.rules

6.) Ensure iptables rules start on boot

Insert the following line into your /etc/network/interfaces file right underneath “iface lo inet loopback”

nano -w /etc/network/interfaces pre-up iptables-restore < /etc/iptables.rules

7.) Reboot and Verify

That’s it! After a reboot, you should now have a very basic Linux Router/Gateway for your network. This post obviously doesn’t cover some of the incredible additional flexibility which your new machine provides. I urge you to explore topics on traffic shaping, throughput monitoring, Intrusion Detection, and VPN configuration to learn how to harness the true power of running a dedicated machine as the central traffic cop of your network.

Other firewall scripts:

# if you don't have wget on your system, install it (on debian apt-get install wget)

wget http://robert.penz.name/files/firewall/iptables_firewall_scripts-0.3.tar.bz2

tar xjf iptables_firewall_scripts-0.3.tar.bz2

# if you get an error message you don't have the bzip2 installed --> install it

# (on debian apt-get install bzip2)

Also see:

https://help.ubuntu.com/community/IptablesHowTo

http://www.perkin.org.uk/posts/iptables-script-for-debian-ubuntu.html

https://wiki.debian.org/Firewalls

https://wiki.debian.org/iptables

Step 9: Yet Another Simple Router Example.

Picture of Yet Another Simple Router Example.
Ever go somewhere and you need to have several systems be able to access their network, but they say all you cn have is one Ipaddress. An Ipaddress is like a phone number for a computer.  You can only have one per system under normal circumstances. Here with an extra system, we will show you how to do this.

A multitude of reasons exist as to why one would want to build a custom router vs. suffer with the performance, reliability issues, and limitations of an off-the-shelf solution. In the spirit of keeping this post short, I won’t launch into a long diatribe on the pros and cons of each here, but I have plenty of thoughts on this, so if you are interested, just ask.

What we are about to do is configure an incredibly fast and stable router/gateway solution for your home/office in about 15 minutes. (Note: This post assumes you already have your machine loaded up with a fresh copy of Ubuntu 14.04 or an equivalent and you have the two needed NICs installed.) This is not a firewall.

First, let’s make three initial assumptions:

eth0 is the public interface (the Cable/DSL modem is attached to this NIC)
eth1 is the private interface (your switch is connected to this NIC)
All of the client computers, servers, WAPs, etc. are connected to the switch

Let’s get started with the configuration. Set your timer and type quickly! :)

1.) Configure the network interfaces
You may need to make sure for older systems that plug and play os is enabled. Change the “address”, “netmask”, and “broadcast” values to match your internal network preferences. They must be different from the host aka wan network.

sudo nano -w /etc/network/interfaces
# The external WAN interface (eth0) public
allow-hotplug eth0
iface eth0 inet dhcp

# The internal LAN interface (eth1) private
allow-hotplug eth1
iface eth1 inet static
address 10.1.10.1
netmask 255.255.255.0
network 10.1.10.0
broadcast 10.1.10.255

2. Install and configure DNSmasq
DNSmasq is DNS forwarder and DHCP server. Change “domain” to the FQDN of your network and “dhcp-range” to the desired range of DHCP addresses you would like your router to serve out to clients.

sudo apt-get install dnsmasq

nano -w /etc/dnsmasq.conf
interface=eth1
listen-address=127.0.0.1
domain=home.andreimatei.com
0dhcp-range=10.1.10.100,10.1.10.110,12h

3.) Enable IP Forwarding
Uncomment the following line:

sudo nano -w /etc/sysctl.conf
net.ipv4.ip_forward=1

4.) Configure iptables
We create a file called /etc/iptables.rules and put this rule set inside of it.  As an example, this set includes allowing tcp traffic in from the outside world on port 222 (I run SSH on this alternate port) and also port-forwards tcp port 50,000 to an internal machine with the ip of 10,1,10.3 Use this as a guide for your own rules.

Note that when you do this access to the system will be locked down amd ssh not work. Infact a ping to the system will be ignored.

sudo nano -w /etc/iptables.rules

*nat
-A PREROUTING -i eth0 -p tcp -m tcp --dport 50000 -j DNAT --to-destination 192.168.0.3:50000
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT

*filter
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 222 -j ACCEPT
-A INPUT -i eth0 -j DROP
-A FORWARD -i eth0 -p tcp -m tcp --dport 50000 -m state --state NEW -j ACCEPT
COMMIT

5.) Activate your iptables rules

iptables-restore < /etc/iptables.rules

6.) Ensure iptables rules start on boot
Insert the following line into your /etc/network/interfaces file right underneath “iface lo inet loopback”

nano -w /etc/network/interfaces
pre-up iptables-restore < /etc/iptables.rules

7.) Reboot and Verify
That’s it! After a reboot, you should now have a very basic Linux Router/Gateway for your network.

router:~$ sudo nano -w /etc/iptables.rules
[sudo] password for eddie:

router:~$ sudo iptables-restore < /etc/iptables.rules

router:~$ sudo nano -w /etc/network/interfaces

router:~$ sudo reboot

router:~$
Broadcast message from router
(/dev/pts/0) at 8:44 ...

The system is going down for reboot NOW!
Connection to 192.168.1.102 closed by remote host.

Connection to 192.168.1.102 closed.

You should be able to use your router now.

NOte: you should be able to do this with most any distro, but using different commands. Wnat to try this with a pentium 1 and Slackware. Did not have time to trying before putting this article out.

oedt01:~$ ssh 192.168.1.102
192.168.1.102's password:
Welcome to Ubuntu 14.04.2 LTS (GNU/Linux 3.13.0-53-generic i686)

* Documentation:  https://help.ubuntu.com/
Last login: Fri May 29 07:39:02 2015

router:~$ cd /etc

router:/etc$ sudo vim  dnsmasq.conf
[sudo] password for eddie:

router:/etc$ sudo vim /etc/network/interfaces

router:/etc$ sudo vim  dnsmasq.conf

router:/etc$ sudo service dnsmasq restart

* Restarting DNS forwarder and DHCP server dnsmasq                      [ OK ]
router:/etc$ sudo service dnsmasq sttus
Usage: /etc/init.d/dnsmasq {start|stop|restart|force-reload|dump-stats|status}
router:/etc$ sudo service dnsmasq status
* Checking DNS forwarder and DHCP server dnsmasq                                * (running)

Connect to the client side. We used a tablet and crossover adapter to check dnsmasq. You could use a network switch also.

Note: if you get a usb to ethernet adapter, you can make a mice little Raspberry Pi router. You could also use a wireless card for the lan, but that requires a bit more security,

You may also want to setup webmin to make managing the router easier.

Comments

About This Instructable

4,458views

19favorites

License:

Bio: computoman.blogspot.com Bytesize articles instead of a trilogy in one post.
More by Computothought:Coffeepot mealsEasy sun hatEasy cakes and pies.
Add instructable to: