General discussion

Locked

Small Local Network with Internet connection

By 3xp3rt ·
The most important function for the Gateway is to be a link between the local area network and
Internet. One other function can be the firewall, to secure the local network. Take the example below for building a network with internet access, and secure this.
The gateway computer can be the poorest computer, because for example a Pentium I. 100 MHz computer with 32 Mb Ram and 1 GB HDD is enough for this job. In this computer must plug in two network card, one for the internet connection (router) and the other for the local network.
For the installation we need the basic Linux services, don?t forget all the services installed and not needed, are a security fissure for the network. For example we can use the SUSE LINUX DMZ(DeMilitarized Zone) package. This installation package contains the most important
security and network services utilities. After the installation, we must allocate the IP Address to the network cards. (For Internet connection use eth0, and for LAN connection use eth1. The IP
Address in this example )
# ifconfig eth0 80.80.80.80 netmask 255.255.255.0 up
#ifconfig eth1 192.168.1.1 netmask 255.255.255.0 up
After this operation the connection is alive from both side, but the two sides don?t see each other.
From Internet is important to don?t make access to inside (LAN), but from inside (LAN) must
enable the access to internet. For this must configure the route. This mean must add an external gateway IP address, what we get from our Internet provider.
# route add default gw 80.80.80.1
After execute this command we can verify the connection with route ?n command
# route ?n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
80.80.80.80 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.1 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 80.80.80.1 0.0.0.0 U 0 0 0 eth0
This means the TCP/IP communication is ready, but just for gateway. For enable this service for
the computers of the network, we must do the IP masquerade with ipchains program. First we
check the status like below.
# ipchains ?L
Chain input (policy ACCEPT):
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
Will see the table is empty, so we must enable the TCP and UDP packages transfer from inside
(LAN).
# ipchains -A forward -s 192.168.1.1/255.255.255.0 -d ! 192.168.1.1/255.255.255.0 -l -p tcp -i eth0 -j MASQ
# ipchains -A forward -s 192.168.1.1/255.255.255.0 -d ! 192.168.1.1/255.255.255.0 -l -p tcp -i eth0 -j MASQ
From this moment we have a basic secure network with internet connection. There are several
techniques for make the network most secure, but this must be other article.
3xp3rt ? 2005

This conversation is currently closed to new comments.

0 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Back to Security Forum
0 total posts (Page 1 of 1)  

Related Discussions

Related Forums