Skip to main content

How to use my old pc as a Router / FireWall / GateWay

One of the great things you can do with an old computer is to make a server from it.
since i have one i thought why not creating a Router + Gateway + Firewall from it ?
here is what i did :

first off all i installed Debian Lenny on it.
then read several tutrials .
and started to work.

The first thing was setting the Ethernet interfaces correctly (i used 3 old NICs).
while eth0 is the first one
eth1 is connected to Wi-Fi
=== Network configuration ===

my /etc/network/interfaces :


auto eth0
iface eth0 inet static
address 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255


this was to set the eth0 as fixed ip (static).

i edited my /etc/hosts as (on all the computers:



192.168.0.1 myservername.mydomainname myservername
192.168.0.2 mylaptop.mydomainname mylaptop


=== Samba Shares ===
i edited my /etc/samba/smb.conf (this is not a secure server !)


workgroup = MYDOMAINNAME
netbios name = %h
server string = %h server this is the main computer

[ISO]
path = /mnt/hda2/iso
browsable = yes
writeable = no
guest ok =yes
comment = ISO files

[APT]
path = /mnt/hda2/apt
comment = Deb files
browsable = yes
guest ok=yes



=== Gateway ===

Added new forwarding script to /etc/network/if-up.d/00-firewall
this script forwards all communication from eth0 to eth1.



#!/bin/sh

PATH=/usr/sbin:/sbin:/bin:/usr/bin

#
# delete all existing rules.
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT


# Allow established connections, and those not coming from the outside
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

# Masquerade.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

# Don't forward from the outside to the inside.
iptables -A FORWARD -i eth1 -o eth1 -j REJECT

# Enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward


=== DHCP SERVER ===

Ive added a dhcp server for diffrent machines :
ive edited the config file :


ddns-update-style none;

#my dns

option domain-name-servers 145.253.2.75, 193.174.32.18;

default-lease-time 86400;
max-lease-time 604800;

authoritative;

# Ips

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.200 192.168.0.229;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.1;
}

To Do :

* Secure samba
* Add Users policies.
* Configure exim

Thanks to :

http://www.aboutdebian.com/network.htm
http://www.aboutdebian.com/lan.htm
http://users.pandora.be/mydotcom/howto/lanconnect/router/linux.htm
www.debian-administration.org/articles/23
http://myrtfm.blogspot.com/
Labels:

Comments

Post a Comment

Popular posts from this blog

ESP32-C6 Wi-Fi Logger with Browser GPS + Heat Map Dashboard

This project is an ESP-IDF firmware for the Seeed Studio XIAO ESP32-C6 that turns the board into a self-hosted, secure Wi-Fi scanning logger. It creates its own access point, serves a responsive HTTPS web UI, logs nearby Wi-Fi access points, optionally tags rows with GPS coordinates (provided by the client browser), and exposes battery status from the on-board LiPo input. The end result is a pocket Wi-Fi “survey” tool: scan, track, export logs as CSV, and generate a heat map view to visualize RSSI vs location. Project overview and feature set: :contentReference[oaicite:1]{index=1} What it does AP + Station mode so the device can serve the dashboard while scanning nearby Wi-Fi networks. HTTPS web interface using a bundled certificate/key for local secure access. Single scan and continuous tracking modes. CSV export for analysis and archiving. Persistent logging to SPIFFS at /spiffs/logs.csv . Battery monitoring via ADC with voltage/percentage/status sh...
Post a Comment
Read more

learn how to sniff wireless passwords with pirni

The thing about the iPod Touch and the iPhone is that they are great portable hacking devices. To the naked eye the iPod Touch/iPhone looks like nothing more than an ordinary mp3 player/cellphone however that is just an understatement to its full potential. Once your Ipod Touch/iPhone is jailbroken you have access to your whole file system meaning that applications generally associated with laptop/desktop hacking can be ported and used on the iPod Touch/iPhone. This opens up a whole lot of possibilities for network sniffing, port scanning and much much more! In this tutorial we are going to take a look at one of these programs called Pirni. What is Pirni? Pirni is an application that was ported to The Ipod Touch/iPhone to be used as a native network sniffer. Pirni is so useful because it gets past the iPod Touch’s/iPhone’s wifi hardware limitation of not being able to be set into promiscious mode (a mode that allows a network device to intercept and read each network packet that arrive...
Post a Comment
Read more

how to run a GUI application throw SSH using X11

soo all we need is first to install the ssh server on the server - machine we like to control so - 1. sudo su 2. apt-get install openssh-server . . now back to our machine using the ssh : 1. ssh -V -X username@the-server-ip 2. enter the password and that is it now we can run any GUI application that install on the server using his CPU cycles yahhhh great !! for example lets run WireShark : 3. gksudo wireshark & now all that if we runing tow Linux machines !! but what windows users that like to run a linux app??! !! soo we need it tow applications 1. putty you can get it here : http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html 2.Xming you can get it here : http://sourceforge.net/projects/xming/ ok so first we need to install Xming , and after that we going to use butty but we need to cheak Enable X11 forwarding in connection -- > SSH -- > X11 >> Enable x11 forwarding . and that is it free to run any linux application on windows using SSH . have fun ...
Post a Comment
Read more