[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [afnog] Red Hat 8.0 as a router



On Thu, 14 Aug 2003, Daniel Obuobi wrote:

> Ideally, the diagram look your diagram.
>
> INTERNET
>           /212.53.99.1(upstream router)
>          /
>         /(wireless segment)
>        /212.53.99.38
>  LINUX(ROUTER)
>       |.1               10.0.0.0/24
>    ---+-------------+------------+---------------+----
>                     |.2          |.3             |.4
>                 PROXY(SQUID) PROXY(SQUID)   MASQ PC
>                  /.1            /.1             /.1
>                 /192.168.0/24  /192.168.1/24
> /192.168.2/24
>                /              /               /
>         PC-PC-PC-PC-PC     PC-PC-PC-PC      PC-PC-PC
>
> What I want to do is to let the Linux box acts as a
> Router, a DNS (temporary) and NAT for all PCs since
> have limited public IPs.
>
> Yes,the 1st squid proxy has 10.0.0.2 outside and
> 192.18.0.1 inside, the 2nd 10.0.0.3 outside and
> 192.168.1.1 inside etc.
> So the squid proxy do NAT. For Internet Access the
> Linux Router/DNS must do NAT to change the private IP.
>
>
> The question is what is the best way of doing that.
>
> 1)Selecting DNS during Installation will install the
> necessary DNS files.

do you desire the dns to do resolving, or be an authoritative server for a
domain?

>
> 2)For the NAT I want to add the following to the
> rc.local file but its look like it is not available on
> RedHat Linux 8.0:
> echo 1 > /proc/sys/net/ipv4/ip_forward
> /sbin/ipchains -A Forward -s 192.168.0.0/24 -d
> 0.0.0.0/0 -j MASQ
> Which other option is available?
>

kernel 2.2* used ipchains.  2.4* uses iptables.

the command is

iptables -t nat -A POSTROUTING -o interface -j MASQUERADE

where interface is your interface connecting to the upstream router
e.g. wlan0 or eth0



> 3)Finally I need to configure the same box as a
> router?  What is the best way. I hope my question is
> clear now.

you should be able to route packets all over the place with the route
command.

ex.  route add -net 192.168.1.0 netmask 255.255.255.0 gateway 10.0.0.2

scott


>
> bye
>
>
>
> --- Brian Candler <B.Candler at pobox.com> wrote:
> > On Tue, Aug 12, 2003 at 10:51:07PM -0700, Daniel
> > Obuobi wrote:
> > > The ASCII diagram on the network is shown below. I
> > > hope it will look presentable.
> >
> > Unfortunately it's missing several important things
> > to make it useful:
> > - if a box has two interfaces, show both interfaces
> > - show the IP addresses
> > - show each network segment explicitly (although
> > treat a layer 2 area
> >   as a single item, e.g. we don't care if you have 5
> > hubs plugged together,
> >   it still counts as a single network when talking
> > at the IP layer)
> >
> > So using guessed numbers, it might look something
> > like
> >
> >         INTERNET
> >           /212.53.99.1(upstream router)
> >          /
> >         /(wireless segment)
> >        /212.53.99.38
> >  LINUX(ROUTER)
> >       |.1               10.0.0.0/24
> >
> > ---+-------------+------------+---------------+----
> >                     |.2          |.3             |.4
> >                 PROXY(SQUID) PROXY(SQUID)   MASQ PC
> >                  /.1            /.1             /.1
> >                 /192.168.0/24  /192.168.1/24
> > /192.168.2/24
> >                /              /               /
> >         PC-PC-PC-PC-PC     PC-PC-PC-PC      PC-PC-PC
> >
> > So in this example the first squid proxy has
> > 10.0.0.2 on its outside
> > interface and 192.168.0.1 on its inside interface.
> >
> > Because you say you are using network 10, which is
> > private address space
> > like 192.168 (both are in RFC1918), then it seems
> > there are two sets of NAT
> > going on. So do you have a second NAT box? Or does
> > your upstream ISP do NAT
> > (yuk)?
> >
> > Anyway, what was the question again? :-)
> >
> > Regards,
> >
> > Brian.
>
>
>
>
> =====
> Daniel Obuobi
> Co-ordinator, Computer Centre
> Technical Co-ordinator, AVU Cape Coast
> University of Cape Coast, Cape Coast, Ghana
> Tel: 233-42-32440 / 233-42-30859 (Office); Fax: 233-42-34612
> Co-ordinator, Global Teenager Project, Central Region, Ghana.
>
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
> http://sitebuilder.yahoo.com
> __________________________________________________
> This is the Africa Network Operators' Group(AfNOG)
> technical discussion list.
> The AfNOG website is: <http://www.afnog.org>
>

sleekfreak pirate broadcast
world tour 2002-3
live from the pirate hideout
http://sleekfreak.ath.cx:81

__________________________________________________
This is the Africa Network Operators' Group(AfNOG) 
technical discussion list.
The AfNOG website is: <http://www.afnog.org>