Hello all,

Here is what I want to accomplish. Currently I have a Linksys router
connecting our lan to the internet through PPPoE. What I want to do is put
a linux box between the router and the lan so I can do monitoring and put up
a firewall. I have 2 ethernet cards in the linux box which is running
Mandrake 9.1.
I am sort of new to setting this type of thing up, and my budget here is $0,
besides my time.
I was wondering what would be the best approach to setting this up. I was
thinking I could physically put the linux box between the router and lan and
just forward all the data coming from the router and then have all the
workstations use the linux box as a gateway to the router.
I was hoping I would get a little insight on the best way to do this.
Any help you could give me would definitely be appreciated.

Thanks

Chris

From my perspective, you can replace your Linksys router with the Linux box.

NAT: http://www.e-infomax.com/ipmasq/
Firewall: http://www.iptables.org
DHCP server: http://www.tldp.org/HOWTO/mini/DHCP/

By the way, what do you want to monitor in your gateway??

Wing

----- Original Message -----
From: "Chris Rennert" <Chris.Rennert@mdi-oshkosh.com>
Newsgroups: comp.os.linux.networking
Sent: Wednesday, June 25, 2003 11:15 PM
Subject: Gateway


> Hello all,
>
> Here is what I want to accomplish. Currently I have a Linksys router
> connecting our lan to the internet through PPPoE. What I want to do is
put
> a linux box between the router and the lan so I can do monitoring and put
up
> a firewall. I have 2 ethernet cards in the linux box which is running
> Mandrake 9.1.
> I am sort of new to setting this type of thing up, and my budget here is
$0,
> besides my time.
> I was wondering what would be the best approach to setting this up. I
was
> thinking I could physically put the linux box between the router and lan
and
> just forward all the data coming from the router and then have all the
> workstations use the linux box as a gateway to the router.
> I was hoping I would get a little insight on the best way to do this.
> Any help you could give me would definitely be appreciated.
>
> Thanks
>
> Chris
>
>

> Here is what I want to accomplish. Currently I have a Linksys router
> connecting our lan to the internet through PPPoE.

Drop the router (it was a waste of money, sell it on ebay and get something
out of it) and do pppoe on the linux box.

> I was wondering what would be the best approach to setting this up. I
was
> thinking I could physically put the linux box between the router and lan
and
> just forward all the data coming from the router and then have all the
> workstations use the linux box as a gateway to the router.

use the linux box internal IP as the gateway for all the internal machines.
Unless you have a hundred machines or so, I'd go with static IPs internal
all the time. Gateway is 192.168.1.1, all other boxes start from there .2,
..3, etc... netmask of 255.255.255.0. Now that I think of it your internal
boxes should already be set up with the linksys router as their gateway,
probably similar to the scheme I just mentioned. Just set the linux box's
internal address to the linksys' address and yank the linksys out of the
way. If you're using dhcp internally now I'd change it to static first (and
make sure it works) before you switch the boxes out. The reason I say that
is you don't want to be fighting pppoe, dhcp, and iptables all at the same
time unless you are HIGHLY familar with all of them (as in born and raised
on it). You can always switch back to dhcp after the transition if you want
to. A little extra work but for the uninitiated it's a good idea. At any
rate you need to attack this thing in pieces, first linux to all internal
boxes, then linux to the Internet, then the internal to the Internet.

the pppoe client comes with an adsl-start script, and it's all pretty simple
to set up, get the pppoe client and read the docs. I think you only have to
plug the login name and pass in a text file (make sure you chmod 600 the
file and chown root it). real easy. just make sure you put the adsl-start
script call in your rc.local or whatever it is on your distro.

So that gets the internal routing within itself, and your box connected to
the outside. The only thing left is setting the box up to SNAT all outbound
traffic. For this read up on iptables. search for iptables and how-to,
it's pretty straight forward. I think the pppoe client even came with a
basic iptables script that SNATed everything outbound. Very basic, no
security, but a good start for someone who doesn't know.

> I was hoping I would get a little insight on the best way to do this.

Get ready to learn. The nice thing with being able to drop the linux box in
place of the linksys is you can start on a friday night and if you haven't
got it working by monday morning you can just plug the cat 5's back into the
linksys and your back running again.

Don't run the linksys and linux together. It's just asking for another
complication you don't need. Sell it to some loser on ebay that doesn't
have the G2 to put together their own gateway from scrap.

Which reminds me: "Education pays. If you don't think so, try ignorance for
a while." - John Slick

In article <3ef9bc31$0$838$39cecf19@news.twtelecom.net>, Chris Rennert wrote:
> Hello all,
>
> Here is what I want to accomplish. Currently I have a Linksys router
> connecting our lan to the internet through PPPoE. What I want to do is put
> a linux box between the router and the lan so I can do monitoring and put up
> a firewall. I have 2 ethernet cards in the linux box which is running
> Mandrake 9.1.
> I am sort of new to setting this type of thing up, and my budget here is $0,
> besides my time.
> I was wondering what would be the best approach to setting this up. I was
> thinking I could physically put the linux box between the router and lan and
> just forward all the data coming from the router and then have all the
> workstations use the linux box as a gateway to the router.
> I was hoping I would get a little insight on the best way to do this.
> Any help you could give me would definitely be appreciated.

You want to set up the Linux machine the exact same way as you
would any firewall, but you want to log the information you're
interested in. You may need to set it up as a DHCP server as I
don't think you'll be able to feed IPs from your router to your
local LAN. It becomes the default GW for your local LAN and then
forwards all packets to the router, which then does the rest of
the hard work. Should be fairly simple assuming you know how to
set the Linux box up as a firewall. It's similar to the process
for setting it up to be your gateway box, except for the one
extra step in going to the router rather than going straight to
the net. You could alternatively remove the router from the
equation and use the Linux box as both firewall and router. But
there's nothing wrong with having the devices seperate. There is
some school of thought that you're better off that way anyway.

Router route
Firewalls firewall



--
Seth H Holmes

> You may need to set it up as a DHCP server as I
> don't think you'll be able to feed IPs from your router to your
> local LAN.

Just because he can't give public IPs to his internal computers doesn't mean
he has to set up DHCP.

In article <F3ZKa.32117$Fy6.10187@sccrnsc03>, no body wrote:
>> You may need to set it up as a DHCP server as I
>> don't think you'll be able to feed IPs from your router to your
>> local LAN.
>
> Just because he can't give public IPs to his internal computers doesn't mean
> he has to set up DHCP.

True. I was assuming DHCP from the Linksys was being used. If he
is not using DHCP, static assignments would work fine.

--
Seth H Holmes