Setting Up a Linux Gateway

 in
Setting up a Linux gateway can be a rewarding experience in both home and commercial environments.
Setting Up the Linux Client

Setting up the Linux client (nazareth, 192.168.0.2) is very easy. All you need do is issue the following command on nazareth:

route add default gw antioch

Now try pinging an external site (let's say www.ssc.com) to see if it responds:

ping www.ssc.com
If it responds, you are in business! If it doesn't, check the FAQ included with the mini-HOWTO for solutions to frequently encountered problems.

Setting Up the Windows Client

Setting up the Windows client is a bit more troublesome. Here are the steps involved:

  1. Go to the Control Panel and double-click Network.

  2. Locate the icon that represents your TCP/IP protocol for your network interface card. Open up its Properties.

  3. Click on the Gateway tab. Add 192.168.0.1 as the gateway.

  4. Click on the DNS Configuration tab. Under DNS Server search order, add your ISP's DNS server IP addresses.

  5. Press OK on all the dialog boxes.

  6. Reboot the machine.

Again, test your gateway by accessing an external site (use ping or your web browser or whatever). If all goes well, you should be able to do most things you usually do on the Internet.

Precautions

There are a few things you should be aware of when setting up your Linux gateway.

First of all, certain Internet applications may not work well with our setup. For a list of what works and what does not, see the latest version of the IP Masquerade mini HOWTO.

A few applications may require you to load specific kernel modules. In our case, for example, we have already loaded ip_masq_raudio, which will take care of any Real Audio connections. If you want to run Quake, VDOLive or CUSeeMe, you will need to load their respective kernel modules.

Another thing to keep in mind is that applications on your Linux client machine may not work properly if your gateway is not connected to the Internet. One such application may be sendmail. Therefore, if you know your gateway is off-line, you may want to remove your gateway's IP address from your Linux client's routing table. To do so, just issue the following command on the Linux client machine:

route del default
Conclusion

A Linux gateway offers a great solution to using and sharing a connection to an external network. Linux is extremely suitable for use as a gateway for both home and commercial networks because it is low in cost and reliable.

email: lawrenceteo@usa.net

Lawrence Teo (lawrenceteo@usa.net) recently completed his Bachelor of Computing degree from Monash University, Australia. He has been using Linux since 1997 and has been glued to it since. His other interests include security, cryptography, webmastering and software development. Lawrence aspires to be a UNIX system administrator one day.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

File upload problem

Omar Faruk's picture

I have configured a Linux gateway and all internet connectivity(download) is okey from client pc but problem is file upload or file attached from client pc.Suppose if I want to attach a file in my gmail but I can not attached. And no error message shown whats the problem??? Please give me an solution....

Setting Up a Linux Gateway

Josh's picture

Great! Also refer the following URL for more details.

http://basilvarghese.co.cc/linux-networking/change-gateway.html

Good Article

Rajesh's picture

This is an amazing article,well done lawrence,do post good articles

Update on this info

Rommel's picture

I know this article is several years old now. But if the author or anybody who still reads this, kindly point me to an updated site. I'm using ubuntu and would appreciate any help to set it up as an internet gateway.

Thanks!

Easy gateway/firewall setup for Ubuntu

UbuntuLANman's picture

It's still a good article!

I just got an Ubuntu 6.10 machine configured as a gateway! After perusing the net for a bit, I found out about the firehol package that sets up an iptables-based firewall. Here are the steps I followed to configure my machine:

  1. Install the firehol package. I used synaptic from the menu (Applications => System => Synaptic Package Manager). Simply search for "firehol", mark it for installation, and Apply.
  2. Edit the /etc/firehol/firehol.conf configuration file. See below for the configuration I used.
  3. Edit the /etc/default/firehol file to enable the firewall to come up at boot time and to wait until all necessary network interfaces are up first.
  4. Start the firewall with the firehol start command.
  5. Your LAN machines will need to know how to reach the Internet through your new gateway machine. You can either set up a DHCP server on your gateway, or manually configure each machine on the LAN with a static route. (Since I only have a couple of machines on my LAN, I just manually configured them.)
  6. Your LAN machines will also need to know how to resolve domain names to IP addresses. If you set up your gateway as a DHCP server, it will pass through the nameservers it uses to each LAN machine. Otherwise, you'll need to edit each LAN machine's /etc/resolv.conf file.

That's it!

You should test your setup with the following steps. If any one of these steps doesn't work, check your configuration files and get it working before proceeding to the next step.

  1. From your newly configured gateway, make sure you can ping a non-stealthed network address such as ns.google.com. Make a note of the IP address (ns.google.com was 216.239.32.10 when I wrote this).
  2. From your gateway, make sure you can ping all the machines on your LAN.
  3. Make sure that you can ping the gateway from each of the machines on your LAN.
  4. From each machine on your LAN, make sure you can ping the network IP address you wrote down in the first test. (DNS may not be working yet, so avoid domain names at this point.)
  5. From each machine on your LAN, make sure domain names get resolved correctly. You can use the host command for this. Try the domain name you used in the first step, and try pinging it too.

 

If all five steps worked, your should have a fully working gateway and LAN! To REALLY make sure, reboot your firewall and use the firehol status command to verify the firewall is running.

Here is the /etc/firehol/firehol.conf file I used:

interface eth0 INET
policy drop
protection strong
client all accept
interface eth1 LAN
policy accept
router LAN_2_INET inface eth1 outface eth0
masquerade
route all accept

In my setup, "eth0" is the interface that connects the gateway to my ISP, and "eth1" is the interface that connects the gateway to my LAN.

Here is my /etc/default/firehol file:

START_FIREHOL=YES
#If you want to have firehol wait for an iface to be up add it here
WAIT_FOR_IFACE="eth1"

In my /etc/network/interfaces file, the interface "eth0" occurs before "eth1", so both interfaces will be active before the firewall gets started at boot time.

This firewall configuration is very basic; it assumes all LAN machines are completely trustworthy, and that there are no services running on the gateway or LAN machines that need to be visible to the internet (such as FTP, SSH, or HTTP). That being said, however, firehol looks like it can handle most situations with ease, and is fairly well documented.

I hope this helps! Please note any corrections needed here (if any).

NOTE: Because firehol is a single bash script, it should work on just about any Gnu/Linux distribution with iptables support. (Your mileage may vary.)

wrong URL

Anonymous's picture

"...Linux IP Masquerade mini HOWTO (http://ipmasq.cjb.net/) by Ambrose Au and David Ranch..."

wrong URL, but still interesting nevertheless. LOL

Re: wrong URL

Anonymous's picture

omg! .... next time give a warning about that link to those of us at school

Re: Setting Up a Linux Gateway

Anonymous's picture

thx! :)

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix