Linux Box as a Router

Operating System: Centos 6.3

You need two network cards on your Linux box. Iptables are then used to share the WAN interface of the box onto the Local Interface where network users are connected to.

The setup should be;

  • Internal LAN network card (eth1) assigned a static private IP address (192.168.2.1).
  • External network card (eth0) assigned a public IP address and connected to the ISP. In our case we have assigned it a private IP address for the purpose of demonstration (192.168.1.5)

Configurations:

ENABLE PACKET FORWARDING

By default this is disabled.
Edit /etc/sysctl.conf
Change the statement in the file reading ;
---------------------------------------------------------------------
Net.ipv4.conf.default.forwarding=0
--------------------------------------------------------------------

To;
-------------------------------------------------------------------
Net.ipv4.conf.default.forwarding=1
---------------------------------------------------------------------
And then save the file and restart your network using;

[root@telweb]# Service network restart 

ENABLE MASQUERADING/ NAT;

This is sharing of the internet connection from the WAN side with a public IP to the LAN with Private IPs which are not routable on the internet

[root@telweb]# service iptables stop
[root@telweb]# iptables –t nat –APOSTROUTING -0 eth0 –j MASQUERADE
[root@telweb]# service iptables save
[root@telweb]# service iptables restart

Configure iptables to always start boot time
[root@telweb]# chkconfig iptables on

Client/ end user access configurations in order to access internet via the box
Configure a static IP, subnet mask, default gateway and DNS server.

Done!!

Comments

Post a Comment

Popular posts from this blog

MPLS-VPN

Image
L3MPLS VPN Definitions: VRF – Virtual Routing Instance. Its an Instance of a routing table – Each customer has their own VRF defined with different definitions of RD and RT Route Distinguisher (RD); Used to uniquely identify routes belonging to a particular VRF. Route Targets (RT); Used to specify how routes are imported and exported from VRF. MP-BGP; Multiprotocol BGP- Used to carry BGP routes and VPN routes between PE Routers. Setup: Required; VPN to interconnect Head office to a branch office. 1. Define VRF, RD and RT VRF = Trust-Bank Route Distinguisher (RD): 37027:20 Route Targets (RT): 37027:20 PE1(config)#ip vrf Trust-Bank PE1(config-vrf)#rd 37027:20 PE1(config-vrf)#route-target both 37027:20 2. Enable VRF on the client facing interface on the PE routers and assign IP to be used to communicate to CE VRF = Trust-Bank R1(config)# int fastEthernet 0/0 R1(config-if)# ip vrf forwarding Trust-Bank R1(config-if)# ip add 192.168.2.1 255.255...
Read more

MPLS - L2MPLS / L2 Circuits

Image
L2MPLS L2 Circuits Before MPLS MPLS Enabled Core: Required: Head office and Branch office to be interconnected on L2 which is of full redundancy on Service Provider Core Network Configuration: 1. Select VLAN to use for the circuit. For our case we assign VLAN 200 note: Configuration only done on Edge Devices (PE) 2.Configure on PE-1 Defining presudowire class to MPLS; #pseudowire-class ethernet-port encapsulation mpls #exit Note: fa0/0 is the interface facing HQ #show run int fa0/0.200 #interface FastEthernet0/0.200 #encapsulation dot1Q 200 #xconnect 3.3.3.3 200 pw-class ethernet-port 3. Configure on PE-3: Defining presudowire class to MPLS; #pseudowire-class ethernet-port #encapsulation mpls #exit Note: fa0/0 is the interface facing HQ # no shut #interface FastEthernet0/0.200 #encapsulation dot1Q 200 #Xconnect 1.1.1.1 200 pw-class ethernet-port Troubleshooting; Make sure that the CEF is enabled ...
Read more

Linux Box as a DHCP Server

Image
Operating System: Centos 6.3 In this setup, client machines on the LAN are assigned IP addresses automatically unlike the previous setup where IP addresses were being assigned manually. To configure; Install dhcp package via terminal; [root@telweb]#  yum install dhcp* -y Copy the available sample dhcp configuration at /usr/share/doc/dhcp* [root@telweb]#  Cd  /usr/share/doc/dhcp* [root@telweb]#  Cp dhcpd.conf.sample /etc/dhcp/dhcpd.conf If asked to replace the existing dhcpd.conf at /etc/dhcp/ , answer with an yes. To configure the dhcp, edit the file /etc/dhcp/dhcp.conf [root@telweb]#  Vi /etc/dhcp/dhcpd.conf Go to the section highlighted below and edit it to suit your network; -------------------------------------------------------------------------------------------------------------------- # A slightly different configuration for an internal subnet. subnet  192.168.2.0  netmask  255.255.255.0  {   range...
Read more