Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Ip Adress Changes, I'm attempting to convert...
agent86
post Mar 27 2004, 12:37 PM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 2
Joined: 27-March 04
From: Michigan
Member No.: 2,663



I've been using Trinux for a class I'm taking, and am going to attempt to set it up as my router/firewall/DHCP server for the wireless network I'm installing at work. I'm just having a little trouble getting started because I can't remember how to set my IP adress, subnet mask, gateway, etc... A little help for a newbie attempting a slow convert to the Linux world would be much appreciated.

-Agent


--------------------
All The Dude ever wanted was his rug back...
Go to the top of the page
 
+Quote Post
Robert83
post Mar 27 2004, 08:10 PM
Post #2


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Hi,

you set you're ip adress with

for example only : ipconfig eth0 192.168.0.2
ipconfig eth0 up
route add default gw 192.168.0.1

/etc/sysconfig/network-scripts/ifcfg-eth0 this file also contains the setting for the interface eth0 [first ethernet card...]

/etc/resolv.conf here you should add a entry for the nameserver you use

like this

nameserver 192.168.0.1 [for example only]

Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
Robert83
post Mar 27 2004, 08:26 PM
Post #3


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Here is the iptables rules from my NAT/PROXY/DNS/FIREWALL[2] server

CODE
iptables -A FORWARD -i eth0 -o eth3 -j ACCEPT
iptables -N drop-and-log-it
iptables -A drop-and-log-it -j LOG --log-prefix iptables --log-level info
iptables -A drop-and-log-it -j DROP
iptables -A FORWARD -i eth1 -o eth3 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth3 -j ACCEPT
iptables -A FORWARD -i eth3 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth3 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth3 -o eth2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 0/0 -d 0/0 -j DROP
iptables -A INPUT -i eth3 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth2 -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i eth1 -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i eth0 -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -s 0/0 -d 0/0 -j DROP
iptables -A POSTROUTING -t nat -s 192.168.0.0/255.255.255.0 -o eth3 -j SNAT --to-source public_ip_adress_gateway
iptables -A POSTROUTING -t nat -s 192.168.1.0/255.255.255.0 -o eth3 -j SNAT --to-source same_here_as_above
iptables -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o eth3 -j SNAT --to-source same_here


so eth0,1,2 is internal and eth3 is external
eth0 is 192.168.0.0/255.255.255.0
eth1 is 192.168.1.0/255.255.255.0
eth2 is 192.168.2.0/255.255.255.0
eth3 is either a static ip adress or dhcp assigned [depends on you're ISP]
NOTE : after that SNAT command you must specify the gw of you're public ip adress for example if you have xxx.xxx.xxx.200 then you must enter after SNAT --to-source xxx.xxx.xxx.1 [or whatever the gateway is for you're public ip adress].

eth0 IP adress must be from 192.168.0.x I use 192.168.0.250
eth1 IP adress must be from 192.168.1.x I use 192.168.1.250
eth2 IP adress must be from 192.168.2.x I use 192.168.2.250

in the above iptables rules ,
we allow 192.168.0.x to go outside [internet]
we allow 192.168.1.x to go outside [internet]
we allow 192.168.2.x to go outside [internet]
but we only allow packets from internet that were requested by us [or our clients], or are currently in progress, ESTABLISHED , RELATED...all the other unwanted packets are simply dropped , no response is sent back to the other side, like we are closed, or open...we just remain sillent [wich is the best thing to do].

We also log the dropped connection attempts to /var/log/messages [thanx to Hughesjr for showing me howto do this] , so If you wan't you can see this realtime by opening up a terminal and typing in tail -n 35 -f /var/log/messages

after that you can goto www.grc.com and run the shields UP, and see what happens .

you can save the iptables rules the following way

stop networking
/etc/init.d/network stop
stop iptables
/etc/init.d/iptables stop
source /home/iptalbes-secure [the file in wich you have the above mentioned iptables rules , can be different this is only EXAMPLE path]
we save the iptables ruleset using this script to /etc/sysconfig/iptables
iptables-save > /etc/sysconfig/iptables
we start iptables
/etc/init.d/iptables start
we start network
/etc/init.d/network start

we also have to make sure that in
/etc/rc.d/rc.local
the following line is present
[CODE]
echo "1" > /proc/sys/net/ipv4/ip_forward
[/CODE[

Sincerely
Robert B

ps.: hope this helps you a bit, so you can start doing this thing


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
hughesjr
post Mar 28 2004, 06:14 AM
Post #4


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



In looking at the trinux page, I would not recommend it's use as a firewall.

Development stopped for almost a year from September 2002 to July 2003 ... and there hasn't been a release since August 7, 2003...although there have been security issues in the Kernel and Ethereal (at least) since then requiring upgrades.

All the tools used are also available (with regular security updates) in many distros.

I don't care which method you choose to create your firewall ... but personally I would use (and do use for clients) Whitebox Linux from a minimal install as the distro for a firewall. Also debian woody (or sarge) in minimal mode would be a good distro for a firewall install.


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 14th December 2017 - 01:25 AM