News | About | Get Frugalware | Packages | Documentation | Discussion Forums | Bug Tracker | Wiki | Community | Development

Internet sharing/firewalling

From FrugalWiki

Jump to: navigation, search

In this HOWTO i would like to give some examples about setting up a home "server" for internet sharing, firewalling, dhcp, bittorrent...

THIS HOWTO IS IN EXPERIMENTAL STAGE. YOU HAVE BEEN WARNED!!!

Ideas, notices are welcome. Really!

Let's start! In my example i'll set up a server sharing an ADSL connection. So we've got our server with a base frugalware installed. We also need the following package:

 pacman -S rp-pppoe

This package is for setting up the adsl connection.

 su -
 <password>
 adslconfig

Using pppoe-setup is quite easy. You have to know if you want to use your adsl modem with eth0 or eth1, your login name and password. Say no to the firewall question as we'll do it better :)

When you have finished you can start your connection with

 service adsl start

If it works fine don't forget to autostart it

 service adsl add

Here comes the firewalling part. Your iptables firewall can handle NAT thigs, so it's not only for filtering packages. Now you can reach the internet with your server machine. Install the iptables package!

 pacman -S iptables

You can start the firewall with

 service firewall start

The config file is in /etc/sysconfig/firewall. Of course it will not work out-of-the-box. You have to set some things up. First of all backup your config with

 mv /etc/sysconfig/firewall{,.bak}

Now here is a base config file for firewalling:

First the NAT part of the firewall:

 # Generated by iptables-save v1.3.3 on Thu Nov 10 16:27:08 2005
 *nat
 :PREROUTING ACCEPT [127:14150]
 :POSTROUTING ACCEPT [12:580]
 :OUTPUT ACCEPT [0:0]
 # BITTORRENT - running on a client
 #-A PREROUTING -i ppp0 -p tcp -m tcp --dport 55556 -j DNAT --to-destination 192.168.70.54
 #-A PREROUTING -i ppp0 -p udp -m udp --dport 55556 -j DNAT --to-destination 192.168.70.54
 # MASQUERADING
 -A POSTROUTING -o ppp0 -j MASQUERADE
 COMMIT
 # Completed on Thu Nov 10 16:27:08 2005

And the filtering one:

 # Generated by iptables-save v1.3.3 on Thu Nov 10 16:27:08 2005
 *filter
 :INPUT DROP [0:0]
 :FORWARD DROP [4:231]
 :OUTPUT DROP [0:0]
 :reject-and-log-it - [0:0]
 -A INPUT -i lo -j ACCEPT
 -A INPUT -s 192.168.70.0/255.255.255.0 -i eth1 -j ACCEPT
 -A INPUT -s 192.168.70.0/255.255.255.0 -i ppp0 -j reject-and-log-it
 -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
 # BITTORRENT - on the server
 #-A INPUT -i ppp0 -p tcp -m tcp --dport 55555 -j ACCEPT
 #-A INPUT -i ppp0 -p udp -m udp --dport 55555 -j ACCEPT
 # DHCP (internal)
 -A INPUT -i eth1 -p tcp -m tcp --sport 68 --dport 67 -j ACCEPT
 -A INPUT -i eth1 -p udp -m udp --sport 68 --dport 67 -j ACCEPT
 # SSH (internal
Personal tools
Namespaces
Variants
Actions