[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

How to get your lan on the internet

Debians:

Following is a description of the steps I took to implement  ip masquerading via a firewall. This allows computers on a lan to access the internet via a dynamically allocated PPP link.  In a nutshell, it facilitates the functionality inherent within a class B internet domain without having a class B domain.

B-E-A-W-R-E if you do this, there is the potential that some external entity, human or otherwise could infest your computer, network or nodes causing accidental or malicious damage. Check your deamons. 

Special thanks to Terry Dawson for his HOWTO ( Debian Doc file NET-2-HOWT0) entitled Linux NET-2/3-HOWTO v3.5 Dated January 16, 1996. Even though this doc is a little out dated, it got me on the right track.

1.  Make certain IP firewall and masquerading are configure into you Linux kernel (go to /usr/src/linux and read. I included everything that has to to with networking into the kernel and not as a module)
2.  Make sure your ip link to your ISP  is running properly.
3.  Set the default route of all nodes on your lan to your Linux box using the ip address of your network interface. ( you don't know the ip address of your ISP interface because its dynamic). 
4.  If your Linux box has its DNS running you can use it or else use your ISPs DNS.
5.  Type in /etc/init.d/ppp stop
6.  edit /etc/init.d/network and append the following line.  
       ipfwadm -F -a accept -m -P all -S XXX.XXX.XXX.0/24 -D 0.0.0.0/  Where    
       XXX.XXX.XXX is your network ip address or the first three octets of your  lan 
       interface
7.   Type in /etc/init.d/ppp start
8.  Ping only seems to work from the Linux host even though all protocols are enabled (ICMP, TCP, UDP), so from a host on your lan, telnet, or set your browser to your favorite location.
9.  To view your active firewall list rules enter ipfwadm -Fl
10.  To view your active masquerading list enter ipfwadm -Ml (*NOTE*: by default masquerades have a time out value and will only show up in a listing if any are present. You have to move some traffic through your Linux box.

Cool eh!



Peter Iannarelli                                        Live hard, die young, that way you make a 
                                                                gook looking corpse .
Reply to: