[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora Core 2 as internet gateway



On Fri, 2004-06-04 at 22:08, Jason Kretzer wrote:

> So to start this off, my first questions:
> 1.) What IP do I need to give the gateway?  I assume
> one of the reserved ie. 192.168.1.1 or similar.

That would work nicely.

> 2.) What do I put as the gateway IP when setting up
> the gateway computers lan connection?  Do I put its
> own?

Easier to set up dhcpd correctly, then other machines on your LAN get
their IP/NETMASK/GATEWAY/DNS information automatically. Yes you can
still set things up so that each machine's IP is static across reboots.
Example file is at /usr/share/doc/dhcp-3*/dhcpd.conf.example Copy it to
/etc/dhcpd.conf and edit to taste. Don't forget to also edit
/etc/sysconfig/dhcpd and make it say DHCPDARGS=eth0 (assuming that is
your LAN interface). You wouldn't want to accidentally offer dhcp
addresses to your ISP. They tend to get bent out of shape over that.

Also set up named to handle local name resolution of machines on your
LAN. You can use your isp's names servers as forwarders, or not. (I get
a kick out of being able to surf the net while my neighbors can't
because the ISP has DNS issues, and I don't!) system-config-bind should
be capable of handling this setup easily enough.

> 3.) How does one share the dialup connection?

With a NAT firewall, specifying ppp0 as the WAN connection. May I
suggest a simple to set up firewall in rpm format:

http://people.redhat.com/mgahagan/firewall/fwiptables/RPM/

Install it, edit /etc/sysconfig/fwitpables (lots of comments in the
default file), then run:

# service iptables stop
# chkconfig --level 35 iptables off
# chkconfig --level 35 fwiptables on
# service fwiptables start

Also edit the line in /etc/sysctl.conf that reads:

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

and make that a '1' instead of '0', then run "sysctl -p" as root.
 
> 4.) How does one set the gateway to connect to the
> internet when one of the computers on the lan requests
> it?

Computers on the LAN don't care. They use the internal IP of the machine
doing the sharing. The machine running pppd is the only one that cares
about the upstream gateway.

> 5.) How does NAT/Masquerading get done in this
> situation?

See above.

> 6.) What about a firewall using iptables?

Ditto.

> 7.) How difficult is Squid to set up?  Obviously I
> will need a proxy because of the slow dialup
> connection speed.

Good idea. It's not too bad. Assuming you use the internal IP address
range mentioned above you can run a squid by carefully placing 2 lines
in your /etc/squid/squid.conf:

Find this comment, then add the acl line as the next line:

#Recommended minimum configuration:

acl mylan src 192.168.1.0/255.255.255.0

Find this comment, then add the http_allow line as the next line:

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

http_access allow mylan

You do want your gateway machine to have a good amount of ram, the
default squid will only cache 100 megs of information. You can increase
that by uncommenting and editing the line that reads:

# cache_dir ufs /var/spool/squid 100 16 256

Change the 100 to the number of megs you want to cache. Leave the other
numbers alone unless you want to experiment. In theory if the size of
the squid cache fits in memory things will go faster, but in your case
reading from the disk will be faster than dialup anyway.


The one question I can't help you with is how to set up on-demand
dialing correctly. I haven't owned a dial up modem since a 14,400 baud
USR V.anything cost over US$200 (and that was the half-off "Sysop"
discount!) I used to run a fidonet bbs on an Amiga 500.

-- 
Chris Kloiber




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]