• Welcome to Computer Association of SIUE - Forums.
 

Linux Router

Started by raptor, 2006-10-25T20:27:05-05:00 (Wednesday)

Previous topic - Next topic

raptor

Gentleman (and Sister Kate),

I need to turn one of my old machines into a router.  There are several Linux based applications/OS's out there for just such a task.  Has anyone had any luck with one..or any suggestions.

Scott
President of CAOS
Software Engineer NASA Nspires/Roses Grant

Nathaniel Reindl

Quoteraptor wrote:
Has anyone had any luck with one..or any suggestions.
Actually, I have had luck with a couple of solutions, but they're kind of not really for the faint of heart.  FWIW, I've had a Linux box serving as a NAT gateway for something like the past decade.

In either case, the setup that has plagued me the least has had to be the straight-up vanilla Debian box with next to nothing on it, not even sshd.  I use iptables itself to deal with setting up IP masquerading/SNAT and setting the default policy to deny incoming connections... but that's just my preference.

This is the lazy hacker "set it and forget it" ordeal right here.  It just so happens that some of my classmates in the CS program here fit that profile as well. :)


# I have a static address on an SDSL or leased line...
iptables -t nat -A POSTROUTING -o eth0 -j SNAT \
    --to 222.173.190.239

# I have a dynamic address on a PPP dialup...
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

# turn on IP forwarding...
# to be more elegant, you can put this setting into
# /etc/sysctl.conf, but doing this is OK too, it seems.
echo 1 > /proc/sys/net/ipv4/ip_forward


iptables is fairly easy to understand, and it really is the "bare metal" approach compared to using pretty porcelain stuff like Shorewall (http://www.shorewall.net/) or FireHOL (http://firehol.sourceforge.net/).  Ask Google for some documentation on this because I really wouldn't know where to go for it.

Um, if you're looking for something a little more consumer-level, you might as well try m0n0wall (http://m0n0.ch/wall/) or IPCop (http://www.ipcop.org/).  I've had some good experience with m0n0wall, but it is an older (albeit very stable) release of FreeBSD, so your hardware support will be a little more limited.  With IPCop, as far as I'm concerned, YMMV.
Theory is when you know something, but it doesn't work.
Practice is when something works, but you don't know why.
Programmers combine theory and practice: Nothing works and they don't know why.