Configuring a FC4 machine as a router

Bill Rugolsky Jr. brugolsky at telemetry-investments.com
Thu Oct 13 20:32:30 UTC 2005 

On Thu, Oct 13, 2005 at 10:31:37PM +0300, Ivan Ivanov wrote:
> I set up a small home LAN and subscribed to a local ISP. I dedicated
> one of the machines in my LAN to behave as a router and it provides
> the other machines with Internet. I did it with the following
> commands:
> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
> echo 1 > /proc/sys/net/ipv4/ip_forward
> 
> Now I want when I boot the router these two commands to be executed
> during boot-time. Where is the most suitable place to add them?
> 
> Thank you for your advice in advance.

To save the iptables configuration:

	/sbin/service iptables save

To turn it on in the default runlevels specified in the init script:

	/sbin/chkconfig iptables reset

To enable forwarding, modify the entry in /etc/sysctl.conf:

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

You may also want to turn on some iptables helper modules, for, e.g., ftp.
These are set in /etc/sysconfig/iptables-config; for details see the
init script in /etc/rc.d/init.d/iptables.

It is usually a good idea to also set up DHCP, caching DNS, and NTP on your
firewall/router.  For DNS, install the "caching-nameserver" package.
For DHCP, you need to create /etc/dhcpd.conf and also put the interface
name for your internal interface in /etc/sysconfig/dhcpd, e.g.,

/etc/sysconfig/dhcpd:
# Command line options here
DHCPDARGS=eth0

/etc/dhcpd.conf:
ddns-update-style none;
ignore client-updates;

subnet 192.168.0.0 netmask 255.255.255.0 {
        range 192.168.0.2 192.168.0.254;

# --- default gateway
        option routers                  192.168.0.1;
        option subnet-mask              255.255.255.0;

        option domain-name-servers      192.168.0.1;

        option time-offset              -18000; # Eastern Standard Time
        option ntp-servers              192.168.0.1;

        default-lease-time 21600;
        max-lease-time 43200;
}


IIRC, there is a problem with some builds dhclient that causes it to listen
on all interfaces even when an interface is specified on the command line;
that will prevent dhcpd from starting on the internal interface.

Regards,

	Bill Rugolsky

More information about the fedora-list mailing list