Hi, I'm doing this using Shorewall, DHCP and dnsmasq. One PC with one interface to the internet and the second one on a little switch. A notebook and another PC connected to the switch. All of them use the internet. My internet connection has a fixed IP.
Just install Shorewall and follow the "Two-Interfaces" guide in the QuickStart guides section on the Shorewall website. http://www.shorewall.net/ http://www.shorewall.net/two-interface.htm Below are entries from my configuration files (eth0=local net, eth1=internet). I hope this helps. For me this works great and I dont't have to know anything about iptables stuff because Shorewall is doing this for me. Don't forget to do a "rc-update add shorewall default". Rgds, -Markus- /etc/shorewall/interfaces: #ZONE INTERFACE BROADCAST OPTIONS net eth1 detect routefilter,norfc1918 loc eth0 192.168.0.255 /etc/shorewall/masq: #ZONE INTERFACE BROADCAST OPTIONS net eth1 detect routefilter,norfc1918 loc eth0 192.168.0.255 /etc/shorewall/policy: #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST loc net ACCEPT fw net ACCEPT net all DROP warning all all DROP warning /etc/shorewall/routestopped: #INTERFACE HOST(S) eth0 192.168.0.0/24 /etc/shorewall/rules: ############################################################################## #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST # # Accept SSH connections from the local network for administration # ACCEPT loc fw tcp 22 # # Accept SSH connections from the firewall to local network # ACCEPT fw loc tcp 22 # # Allow Ping To And From Firewall # ACCEPT loc fw icmp 8 ACCEPT net fw icmp 8 ACCEPT fw loc icmp 8 ACCEPT fw net icmp 8 # # Accept DNS connections to the internal caching nameserver # ACCEPT loc fw tcp 53 ACCEPT loc fw udp 53 # # Accept ftp sessions to local network # ACCEPT fw loc tcp 20,21 # # Allow DHCP communication # ACCEPT fw loc tcp 67,68 ACCEPT fw loc udp 67,68 ACCEPT loc fw tcp 67,68 ACCEPT loc fw udp 67,68 # # Accept Samba sessions from local network # See http://www.shorewall.net/samba.htm # Note: In W2K MS has created new transport over TCP 445! # See http://www.iss.net/security_center/advice/Exploits/Ports/445/default.htm # ACCEPT fw loc udp 137:139 ACCEPT fw loc tcp 137,139 ACCEPT fw loc udp 1024: 137 ACCEPT loc fw udp 137:139 ACCEPT loc fw tcp 137,139 ACCEPT loc fw udp 1024: 137 # # Accept NFS sessions from local network to firewall # Port Usage # 111 portmapper # 2049 nfsd or rpc.nfsd ("nfs" in rpcinfo) # 4000 rpc.statd ("status" in rpcinfo) # (see /etc/conf.d/nfs) # 4001 lockd or rpc.lockd ("nlockmgr" in rpcinfo) # (see /etc/modules.d/nfs) # 4002 rpc.mountd ("mountd" in rpcinfo) # (see /etc/conf.d/nfs) # 4003 rpc.quotad ("rquotad" in rpcinfo) # (see /etc/conf.d/nfs) # ACCEPT loc fw tcp 111 ACCEPT loc fw udp 111 ACCEPT loc fw tcp 2049 ACCEPT loc fw udp 2049 ACCEPT loc fw tcp 4000 ACCEPT loc fw udp 4000 ACCEPT loc fw tcp 4001 ACCEPT loc fw udp 4001 ACCEPT loc fw tcp 4002 ACCEPT loc fw udp 4002 ACCEPT loc fw tcp 4003 ACCEPT loc fw udp 4003 # # Accept BitTorrent sessions from the internet to firewall # See http://bitconjurer.org/BitTorrent/index.html # ACCEPT net fw tcp 6881:6889 # # Accept SMTP from local network to firewall # ACCEPT loc fw tcp 25 /etc/shorewall/shorewall.conf: ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No BLACKLIST_DISPOSITION=DROP BLACKLIST_LOGLEVEL= CLAMPMSS=No CLEAR_TC=Yes DETECT_DNAT_IPADDRS=No FW=fw IP_FORWARDING=On LOGBURST= LOGFILE=/var/log/shorewall/warn.log LOGFORMAT="Shorewall:%s:%s:" LOGNEWNOTSYN=info LOGRATE= LOGUNCLEAN=info MACLIST_DISPOSITION=REJECT MACLIST_LOG_LEVEL=info MARK_IN_FORWARD_CHAIN=No MODULESDIR= MUTEX_TIMEOUT=60 NAT_BEFORE_RULES=Yes NEWNOTSYN=No PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin RFC1918_LOG_LEVEL=info ROUTE_FILTER=No SHOREWALL_SHELL=/bin/sh STATEDIR=/var/lib/shorewall SUBSYSLOCK=/var/lock/subsys/shorewall TCP_FLAGS_DISPOSITION=DROP TCP_FLAGS_LOG_LEVEL=info TC_ENABLED=No /etc/shorewall/zones: #ZONE DISPLAY COMMENTS net Net Internet loc Local Local networks /etc/conf.d/dnsmasq: DNSMASQ_OPTS="-q -i eth0" /etc/conf.d/dhcp: IFACE="eth0" DHCPD_OPTS="-q" /etc/dhcp/dhcpd.conf: ddns-update-style none; option domain-name "local.net"; option domain-name-servers 192.168.0.1; default-lease-time 600; max-lease-time 7200; log-facility local7; subnet 192.168.0.0 netmask 255.255.255.0 { range dynamic-bootp 192.168.0.20 192.168.0.29; option routers 192.168.0.1; option subnet-mask 255.255.255.0; } host mb2 { hardware ethernet 00:01:02:f2:b4:dd; fixed-address 192.168.0.30; } host mb3 { hardware ethernet 00:04:75:17:bf:72; fixed-address 192.168.0.31; } ifconfig eth0: eth0 Link encap:Ethernet HWaddr 00:04:76:A0:22:2E inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 /etc/conf.d/net: iface_eth0="192.168.0.1 broadcast 192.168.0.255 netmask 255.255.255.0" On Sunday 21 September 2003 18:16, Adam Mercer wrote: > Hi > > I want to setup a DHCP server on my desktop machine so that I can plug > my laptop into my second network port and then access the internet > through my desktop using NAT. However I can't get it too work. I've > followed as much of the NAT and DHCP howtos that I can but can't get it > too work. > > Does anyone know of an idiots guide to setting this up? > > Cheers > > Adam > > -- > [EMAIL PROTECTED] mailing list -- [EMAIL PROTECTED] mailing list