General discussion


Linux router

By bubloob_13 ·
I am having 512 kbps dsl connection to our Lan. Right i have access to clients by giving dsl router ip address as gateway and dns address in tcp/ip properties. Now i want to put my linux box in between, so that i can configure firewall, to restrict.

Kindly give some suggestion how i will implement this project. Should i have to add one more ethernet card to linux box and terminate dsl router lan output my linux box. In all clients i should give the second ethernet card ip which is connected to dsl.

I am confused, kindly give some suggestion.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by sgt_shultz In reply to Linux router

yes, you put two nic's in the linux box. one is on public ip (internet) and one is on your private network. see for router configuration. you can cheat and hard code in the lan ip address and internet dns settings on your clients at first that will get internet working while you figure out how to get dns forwarding working

Collapse -

by rindi1 In reply to Linux router

I have a similar installation. One of the interfaces on the linux box connects to the internet, another to the main internal network and yet another to the DMZ. I use shorewall to configure what ethernet card is allowed to do what in which direction. I've also installed "openVPN" on that box so authorized users can connect to the Windows Network on the LAN from the Internet through a VPN Tunnel. With OpenVPN it is pretty easy to get connections working from users having dynamic IP Addresses (Road Warriors with notebooks). This is not as easy with other solutions. OpenVPN also works on many different plattforms. The whole thing works like a dream and is a lot cheaper than many dedicated vpn gateways/routers. You can use old hardware as the system doesn't need much "power". Because you set it up yourselve, you don't have all the limitations of dedicated systems (user limits, VPN Tunnel limits, if you need more you need to purchase extra licenses from the maker of the box, etc).

Collapse -

by puroa In reply to Linux router

Maybe the best approach for you in this case is: put a second eth card so you get eth0 and eth1 one to the DSL the other to your inner net (your switch or Hub) then configure SQUID as a proxy in your Linux Box in that way you can filter that everything that go trow the net have to pass by the proxy now you have one only point of I/O then you can use in your box any firewall (Kfirewall if you like KDE is simple but decent)and that all with this configuration you can even produce statistics of internet trafics and abuse, who is the biggest internet consumer in your net, etc.

Collapse -

by alokchauhan1 In reply to Linux router

for this purpose u have to install 2 LAN cards in Linux box. 1st is for internal n/w and another for external n/w. then u can masquarade ur internal n/w by linux box n create a firewall also in linux box. for this u can use IPTABLES component of Linux. if u need script then pls send a mail to me.

Collapse -

want the script

by rajatvm In reply to

yes, iwant the scrip..please send it to me

Collapse -

by jackperez In reply to Linux router

Try using NAT (Network Address Translation). For this you would need two network cards (eth0 and eth1). Set your firewall with IPTables. configure the eth1 to be your internal network and assing the intenal network with non-routeble IPs like Once this is done you sumite the command: /sbin/iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE. This will be more versatile thin SQUID and in some cases faster. Rimember that Linux is case sencitive so you would have to type the command exacly the way is type. Also, it will not do ftp. If you want ftp you would need to give the command: /sbin/modprobe -a ip_conntrack_ftp ip_nat_ftp. Good luck!

Collapse -

by jdclyde In reply to Linux router

One thing to add.

If you go directly from your dual nic Linux box to your other system you will need to use a cross over cable.

The two nics have to be on separate networks to be able to route.

The local nic is your gateway. (it is how you get off your local network onto other network.)

Collapse -

by leporidaes In reply to Linux router

the following are needed (minimum)
1. atleast 2 nics (one for the external network and one for internal network)
2. Ip address of your dsl (with subnet, gateway and dns)
3. Define your internal network)
4. A firewall (other linux have incoporated firewall such as IPtables).

In the configuration, you would need to nat the internal ips to the firewall (dsl) ip. If you are getting a dynamic ip from your provider, (depends on your firewall) the nat can still be done.

Related Discussions

Related Forums