Four this Tutorial you will need 2 NIC's (network Interface
cards) Configured and working properly with your linux distro. You
will also need IPTABLES installed on your system.
Please note the following IP config I will be using
Replace xx.xx.xx.xx with your WAN IP
Replace yy.yy.yy.yy with your LAN IP
(i.e. 192.168.0.0/16, 172.16.0.0/12)
WAN = eth0 with public IP xx.xx.xx.xx
LAN = eth1 with private IP yy.yy.yy.yy/ 255.255.0.0
First you nee dto install the NIC's Into your linux system. Once
you have done this you will need to verify they are installed
correctly. To do this type the following command[root@yourRouter
~]# ls /etc/sysconfig/network-scripts/ifcfg-eth* | wc -lIf you have
the NIC's Installed correcly the output of this command will be
2.
Now we must give eth0 [The Primary Ethernet Card] An external WAN
IP. This will be provided to you by your ISP.
To do this type the following command[root@yourRouter ~]# vi
/etc/sysconfig/network-scripts/ifcfg-eth0You must make the file
look similar to the configuration I have shown
belowDEVICE=eth0BOOTPROTO=noneBROADCAST=xx.xx.xx.255 # Optional
EntryHWADDR=00:50:BA:88:72:D4 # Optional
EntryIPADDR=xx.xx.xx.xxNETMASK=255.255.255.0 # Provided by the
ISPNETWORK=xx.xx.xx.0 #
OptionalONBOOT=yesTYPE=EthernetUSERCTL=noIPV6INIT=noPEERDNS=yesGATEWAY=xx.xx.xx.1
# Provided by the ISPNow we have configured the eth0 card we must
configure eth1 to have an INTERNAL IP Address. To do this type the
following[root@yourRouter ~]# vi
/etc/sysconfig/network-scripts/ifcfg-eth1Similar to above make the
configuration look like the one
belowBOOTPROTO=nonePEERDNS=yesHWADDR=00:50:8B:CF:9C:05 # Optional
TYPE=EthernetIPV6INIT=noDEVICE=eth1NETMASK=255.255.0.0 # Specify
based on your requirementBROADCAST=""IPADDR=192.168.2.1 # Gateway
of the LANNETWORK=192.168.0.0 # OptionalUSERCTL=noONBOOT=yesNow we
need to configure the host file to tell the Router that it will be
providing Network Address Translation [NAT][root@yourRouter ~]# vi
/etc/hostsYour hosts file should look like this127.0.0.1 nat
localhost.localdomain localhostNow we configure the gateway by
editing /etc/sysconfig/network to do this use the vi
command[root@yourRouter ~]# vi /etc/sysconfig/networkYou should
make it similar to this
:NETWORKING=yesHOSTNAME=natGATEWAY=xx.xx.xx.1 # Internet Gateway,
provided by the ISPNow we need to configure the Resolver to do it
use the vi command like so[root@yourRouter ~]# vi
/etc/resolv.confMake that file like the one below. these IP's may
differ from yours.nameserver 203.145.184.13 # Primary DNS Server
provided by the ISPnameserver 202.56.250.5 # Secondary DNS Server
provided by the ISP
Now we must clean up our iptables.
Start off by flushing them[root@yourRouter ~]# iptables
--flush[root@yourRouter ~]# iptables --table nat
--flush[root]@yourRouter ~]# iptables --delete-chain
Now we need to delete all the chains not in the default filter and
the NAT[root@yourRouter ~]# iptables --table nat
--delete-chain
Now we need to configure IPTABLES to allow routing
to do this type[root@yourRouter ~]# iptables --table nat --append
POSTROUTING --out-interface eth0 -j MASQUERADE[root@yourRouter ~]#
iptables --append FORWARD --in-interface eth1 -j ACCEPT
Now we need to enable packet forwarding by the Kenrel
