INTRODUCTION
Soo, you have a lot of mac at home (PC or any), and let´s say, ADSL, or some other connection... why buy a router? using YDL you can use that all machines and make it your router even a nice firewall. With only 1 IP you can connect as many machines you want, and secure your home intranet.
CONTENT
The information to do the job was already in the internet but some parts here some part there... soo, just pick some, and test it in YDL 2.3, then send the info, maybe someone can save some time.
No more talk, let´s do it... (yeah share your connection), first the idea...
IntranetSome example, you can have 1 machine with 1 ethernet card plug into a hub or switch and then all the intranet machine to the hub even the uplink to internet in the same HUB, and do all the job, or 1 machine with 2 ethernet card´s it´s very flexible.... Ok, the Code, let´s say for example External IP is 200.30.28.20 at eth0 and Internal IP is 192.168.0.1 at eth1... you must do this with root privilegies (sudo is better)
Your Machine 1
Your Machine 2 <--- Your Router Machine (External Acces) <--> Internet
Your Machine 3
For this you only need 1 machine with internet access, that´s it!, with 1 I you get connect manny machine as you want...
%> pico /etc/rc.d/init.d/rc.firewall [ENTER]Now you are in the text editor Pico, type...
#!/bin/sh echo "Starting Routing Script...." echo 1 > /prox/sys/net/ipv4/ ip_forward iptables -F iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 200.30.28.20 iptables -A INPUT -m state --state ESTABLISHED;RELATED -j ACCEPT iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT iptables -P INPUT DROP iptables -A FORWARD -i eth0 -o eth0 -j REJECT echo "it´s Done : ) "or for dialup Connections...
#!/bin/sh echo "Starting Routing Script...." echo 1 > /prox/sys/net/ipv4/ ip_forward iptables -F iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE iptables -A INPUT -m state --state ESTABLISHED;RELATED -j ACCEPT iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT iptables -P INPUT DROP iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT echo "it´s Done : ) "Soo now can save-quit with [CONTROL + X] then press [Y] and [RETURN], now what is alla that?, well starting with Kernel 2.2 (sorry if I´m wrong) iptables come, for all use to route, or in MacOS X ipfw command, and that table, a big one of corse, control all the machine traffic, 1st line clean the table, -F then make the NAT to the external IP, and accept the connection, in 3er line is nice, all the connection are accept BUT from eth0, we don´t want to use the machine as route from outside. Now just need to save as executable one.
%> chmod u+x rc.firewall (in the place you save the file)Soo, if you have 2 ethernet card´s no problem, you have to configure eth1 (your card for the internal network) with 192.168.0.1 and subnet mask 255.255.255.0, but if just have 1 ethernet card?, easy in the file rc.firewall just add this line after the first "echo", ifconfig eth0 add 192.168.0.1 netmask 255.255.255.0 and now will have a virtual device at eth0:0 , : ) , check your current situation usinfg ifconfig and your tables with iptables -L by the way.... Now The route block all incoming activity... if you don´t want that... well at the last lines of the script write ACCEPT and ACCEPT for DROP and REJECT, but if only want to allow incoming activity in a few port you can add this to the script.
iptables -A INPUT --protocol tcp -- [ENTER]where XXX is the Port number of the service, for example 80 fot http... now you can execute the script with ./ rc.firewall but do that every time you reboot??? naaaa!!, let´s do it autmatic? yeah!!! type...
dport XXX -j ACCEPT [ENTER]
%>sudo pico /etc/rc.d/rc.local [ENTER]then just add this line
echo "Routing....." /etc/rc.d/init.d/rc.firewall [ENTER]or the location of the script you made at the beggining... and that´s all, how to setup client?, easy, you can configure Manually, with any ip from 192.168.0.2 to 192.168.0.255 BUT with the gateway to 192.168.0.1, subnetMask 255.255.255.0 and the DNS the save your ISP provide to the server, but have to be the IP no the name.... that´s it!
In Case of trouble try disabling the 2 last iptables lines, and from the client machine do a ping to 192.168.0.1, if works you are at just 1 step of doing it! but this man cover all any posibility of problem...! http://www.linuxdocs.org/HOWTOs/
Masquerading-Simple-HOWTO/post-install.html
cy!
PD
This is a recopilation soo, many thanks to this people... they to almost all the job for us! Masquerading-Simple-HOWTO/
summary.html
http://www.linux-mag.com/2001-05/ routing_03.html
This HOWTO was written by Busman From Santiago, Chile.
This HOWTO was written by Busman From Santiago, Chile.
