Help - Search - Members - Calendar
Full Version: Ip Adress Changes
Linuxhelp > Support > Technical Support
I've been using Trinux for a class I'm taking, and am going to attempt to set it up as my router/firewall/DHCP server for the wireless network I'm installing at work. I'm just having a little trouble getting started because I can't remember how to set my IP adress, subnet mask, gateway, etc... A little help for a newbie attempting a slow convert to the Linux world would be much appreciated.


you set you're ip adress with

for example only : ipconfig eth0
ipconfig eth0 up
route add default gw

/etc/sysconfig/network-scripts/ifcfg-eth0 this file also contains the setting for the interface eth0 [first ethernet card...]

/etc/resolv.conf here you should add a entry for the nameserver you use

like this

nameserver [for example only]

Robert B
Here is the iptables rules from my NAT/PROXY/DNS/FIREWALL[2] server

iptables -A FORWARD -i eth0 -o eth3 -j ACCEPT
iptables -N drop-and-log-it
iptables -A drop-and-log-it -j LOG --log-prefix iptables --log-level info
iptables -A drop-and-log-it -j DROP
iptables -A FORWARD -i eth1 -o eth3 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth3 -j ACCEPT
iptables -A FORWARD -i eth3 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth3 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth3 -o eth2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 0/0 -d 0/0 -j DROP
iptables -A INPUT -i eth3 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth2 -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i eth1 -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i eth0 -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -s 0/0 -d 0/0 -j DROP
iptables -A POSTROUTING -t nat -s -o eth3 -j SNAT --to-source public_ip_adress_gateway
iptables -A POSTROUTING -t nat -s -o eth3 -j SNAT --to-source same_here_as_above
iptables -A POSTROUTING -t nat -s -o eth3 -j SNAT --to-source same_here

so eth0,1,2 is internal and eth3 is external
eth0 is
eth1 is
eth2 is
eth3 is either a static ip adress or dhcp assigned [depends on you're ISP]
NOTE : after that SNAT command you must specify the gw of you're public ip adress for example if you have then you must enter after SNAT --to-source [or whatever the gateway is for you're public ip adress].

eth0 IP adress must be from 192.168.0.x I use
eth1 IP adress must be from 192.168.1.x I use
eth2 IP adress must be from 192.168.2.x I use

in the above iptables rules ,
we allow 192.168.0.x to go outside [internet]
we allow 192.168.1.x to go outside [internet]
we allow 192.168.2.x to go outside [internet]
but we only allow packets from internet that were requested by us [or our clients], or are currently in progress, ESTABLISHED , RELATED...all the other unwanted packets are simply dropped , no response is sent back to the other side, like we are closed, or open...we just remain sillent [wich is the best thing to do].

We also log the dropped connection attempts to /var/log/messages [thanx to Hughesjr for showing me howto do this] , so If you wan't you can see this realtime by opening up a terminal and typing in tail -n 35 -f /var/log/messages

after that you can goto and run the shields UP, and see what happens .

you can save the iptables rules the following way

stop networking
/etc/init.d/network stop
stop iptables
/etc/init.d/iptables stop
source /home/iptalbes-secure [the file in wich you have the above mentioned iptables rules , can be different this is only EXAMPLE path]
we save the iptables ruleset using this script to /etc/sysconfig/iptables
iptables-save > /etc/sysconfig/iptables
we start iptables
/etc/init.d/iptables start
we start network
/etc/init.d/network start

we also have to make sure that in
the following line is present
echo "1" > /proc/sys/net/ipv4/ip_forward

Robert B

ps.: hope this helps you a bit, so you can start doing this thing
In looking at the trinux page, I would not recommend it's use as a firewall.

Development stopped for almost a year from September 2002 to July 2003 ... and there hasn't been a release since August 7, 2003...although there have been security issues in the Kernel and Ethereal (at least) since then requiring upgrades.

All the tools used are also available (with regular security updates) in many distros.

I don't care which method you choose to create your firewall ... but personally I would use (and do use for clients) Whitebox Linux from a minimal install as the distro for a firewall. Also debian woody (or sarge) in minimal mode would be a good distro for a firewall install.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.