Configuring a FC4 machine as a router
Bill Rugolsky Jr.
brugolsky at telemetry-investments.com
Thu Oct 13 20:32:30 UTC 2005
On Thu, Oct 13, 2005 at 10:31:37PM +0300, Ivan Ivanov wrote:
> I set up a small home LAN and subscribed to a local ISP. I dedicated
> one of the machines in my LAN to behave as a router and it provides
> the other machines with Internet. I did it with the following
> commands:
> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> Now I want when I boot the router these two commands to be executed
> during boot-time. Where is the most suitable place to add them?
>
> Thank you for your advice in advance.
To save the iptables configuration:
/sbin/service iptables save
To turn it on in the default runlevels specified in the init script:
/sbin/chkconfig iptables reset
To enable forwarding, modify the entry in /etc/sysctl.conf:
# Controls IP packet forwarding
net.ipv4.ip_forward = 0
You may also want to turn on some iptables helper modules, for, e.g., ftp.
These are set in /etc/sysconfig/iptables-config; for details see the
init script in /etc/rc.d/init.d/iptables.
It is usually a good idea to also set up DHCP, caching DNS, and NTP on your
firewall/router. For DNS, install the "caching-nameserver" package.
For DHCP, you need to create /etc/dhcpd.conf and also put the interface
name for your internal interface in /etc/sysconfig/dhcpd, e.g.,
/etc/sysconfig/dhcpd:
# Command line options here
DHCPDARGS=eth0
/etc/dhcpd.conf:
ddns-update-style none;
ignore client-updates;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.2 192.168.0.254;
# --- default gateway
option routers 192.168.0.1;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.0.1;
option time-offset -18000; # Eastern Standard Time
option ntp-servers 192.168.0.1;
default-lease-time 21600;
max-lease-time 43200;
}
IIRC, there is a problem with some builds dhclient that causes it to listen
on all interfaces even when an interface is specified on the command line;
that will prevent dhcpd from starting on the internal interface.
Regards,
Bill Rugolsky
More information about the fedora-list
mailing list