Erik,
Put two NICs in the Linux RedHat6.0 machine. Configure the first of the
NICs for one of your valid IP addresses. Configure the other NIC for an
address in one of the private network address space (10.x.x.x, 172.16.x.x,
192.168.x.x). Personally, I use 10.0.1.x for my private address space since
its easy to remember.
After you have the two NICs up and operational, you have to turn on routing.
If you use Linuxconf, the menu is CONFIG, NETWORKING, ROUTING AND GATEWAYS,
DEFAULTS. In that menu, set your gateway to the outside facing NIC with the
real IP address (probably eth0). And enable routing in that same menu. If
you are doing it manually, the gateway is set in the file
/etc/sysconfig/network as GATEWAY="eth0". And the routing is set in the
file /proc/sys/net/ipv4. The file should consist of the single character
"1". This turns on IP forwarding.
Once the gateway and forwarding is turned on, you simply have to turn on NAT
using IP Masquerading. To do this, you use the IPChains rule set. The
command is:
ipchains -A forward -s 0/0 -d 0/0 -j MASQ
This tells IPChains to add this rule to the forwarding chain, from any
source (0/0 is the same as 0.0.0.0/0.0.0.0), to any destination, jump to
MASQ which is the masquerading.
That should be all there is. If you now hook a hub and computer to the
second NIC, configure it for a address in the same space (i.e. - 10.0.1.50),
and set its gateway to the second NIC's address (10.0.1.1) - you will be
able to send everything through that Linux box as a NAT "router/firewall".
And you can even go further with the IPChains ruleset and provide true
firewall protection for those system. But that's another story.
Good luck.
Chuck
Avoid the GATES of Hell --> Use Linux!
-----Original Message-----
From: Erik Wachtenheim [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 17, 2000 8:54 AM
To: [EMAIL PROTECTED]
Subject: Firewall, NAT, Linux
I am looking into the possibility of setting up a NAT+Firewall on a Linux
system. I understand that FreeBSD or some other BSDs may be better suited
for this job, but for the time being I must try to implement this in a RH6.0
Linux system.
Specifically, I require a setup where I have 30 workstations and 3 servers
behind a Cisco router that is doing the WAN connection via 10BFl (fiber).
I have a block of 8 IPs assigned to me (5 useable excluding the router),
where 3 of the IPs must be statically NAT'ed to the LAN addresses of my 3
servers, and the 30 workstations get dynamically NAT'ed through the pool of
2 valid IPs.
Has anyone implemented this sort of thing? If so, could you kindly share
your experiences?
Best,
Erik Wachtenheim
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
