[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian router with iptables problem

Thanks for the fast help, I will do more research in this area, and
will report any sucess/failure here...
So far, what i have to do:
first, set eth0 with internal ip, set eth1 with external ip in the
alpha router.  Configure the eth1 with /sbin/route add to the building
gateway. set the internal machines to route to the alpha router.
Using iptables, set

iptables -A FORWARD -s <external interface (eth1) ip> -d <internal
interface (eth0)ip)> -p
<tcp> -j ACCEPT
and
iptables -A POSTROUTING -t nat -s <internal ip addresses to route> -d
<external interface (eth1)ip> -p <tcp> -j SNAT --to <external
interface (eth1) ip>

I think that will do... if there is any mistakes, please correct me!
Does anybody think that an alpha 164sx with 256ram will be enought to
route to six computers?

Thanks again.



On Fri, 17 Sep 2004 13:36:12 -0300, paulobruck1@bol.com.br
<paulobruck1@bol.com.br> wrote:
> Em Sex, 2004-09-17 às 11:47, ISPM escreveu:
> > Hello all. I've been struggling to put together an alpha 164sx like a
> > router to my lab using debian hardened. I have a internal network that
> > have to acess the external world, and should be routed to the exterior
> > by the alpha. The alpha should route then to the gateway of my
> > building, a machine that i don't have acess. The debian have to
> > network cards, one in the internal net and the other in the external
> > (gateway) network. This is something like that:
> >
> >
> >                                                    |-----(lab computers)
> > (net)--(gateway)-------(alpha router)--|
> >                                                    |-----(https server)
> >
> > The alpha should work like a firewall and a router. I've been trying
> > to assemble by myself using iptables. The alpha cannot have X, so
> > programs like firebuilder or firestarter can't be used.
> > The debian is a sarge instalation with the 2.4.26-1-generic kernel
> > from the netistaller, with most packages downgraded to stable and
> > hardened using harden. There is plenty scripts in the internet, but
> > none elucidated two things: how to use nat to route internal traffic
> > to external world and vice versa 
> see http://iptables-tutorial.frozentux.net/ ( an excellent tutorial)
> 
> > , so the internal network can use the
> > net and some services (ssh), and how to make the route to the gateway
> > works (this is the hardest part for me).
> 
> the easiest part...80)
> ip_forward = 1 or at /etc/network/options
> ip_forward=no  to ip_forward=yes
> and of course deal w/ /etc/network/interfaces ( line w/gateway=)
> 
> 
> >  Just some help would be
> > appreciated! I don't want to bother you all to give me the scripts.
> 
> Hi Ivan
> 
> take a look at:
> 
> - http://netfilter.org
> - http://iptables-tutorial.frozentux.net/ ( an excellent tutorial)
> - man interfaces
> - http://linux-ip.net/ (The Guide to IP Layer Network Administration
> with Linux) excellent material
> 
> best regards
> 
> 
> >
> > Very very thanks!
> > -----------------------------------------------------------
> > Ivan S. P. Marin
> > Laboratório de Física Computacional
> > Computacional Physics Laboratory
> > lfc.ifsc.usp.br
> > Instituto de Física de São Carlos - USP
> > ----------------------------------------------------------
> --
> Paulo Ricardo Bruck - consultor
> Contato Global Solutions
> tel 011 5031-4932  fone/fax 011 5034-1732  cel 011 9235-4327
> 
> 



-- 
-----------------------------------------------------------
Ivan S. P. Marin
Laboratório de Física Computacional
lfc.ifsc.usp.br
Instituto de Física de São Carlos - USP
----------------------------------------------------------
Reply to: