Thursday, March 27, 2008

How to use my old pc as a Router / FireWall / GateWay

One of the great things you can do with an old computer is to make a server from it.
since i have one i thought why not creating a Router + Gateway + Firewall from it ?
here is what i did :

first off all i installed Debian Lenny on it.
then read several tutrials .
and started to work.

The first thing was setting the Ethernet interfaces correctly (i used 3 old NICs).
while eth0 is the first one
eth1 is connected to Wi-Fi
=== Network configuration ===

my /etc/network/interfaces :


auto eth0
iface eth0 inet static
address 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255


this was to set the eth0 as fixed ip (static).

i edited my /etc/hosts as (on all the computers:



192.168.0.1 myservername.mydomainname myservername
192.168.0.2 mylaptop.mydomainname mylaptop


=== Samba Shares ===
i edited my /etc/samba/smb.conf (this is not a secure server !)


workgroup = MYDOMAINNAME
netbios name = %h
server string = %h server this is the main computer

[ISO]
path = /mnt/hda2/iso
browsable = yes
writeable = no
guest ok =yes
comment = ISO files

[APT]
path = /mnt/hda2/apt
comment = Deb files
browsable = yes
guest ok=yes



=== Gateway ===

Added new forwarding script to /etc/network/if-up.d/00-firewall
this script forwards all communication from eth0 to eth1.



#!/bin/sh

PATH=/usr/sbin:/sbin:/bin:/usr/bin

#
# delete all existing rules.
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT


# Allow established connections, and those not coming from the outside
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

# Masquerade.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

# Don't forward from the outside to the inside.
iptables -A FORWARD -i eth1 -o eth1 -j REJECT

# Enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward


=== DHCP SERVER ===

Ive added a dhcp server for diffrent machines :
ive edited the config file :


ddns-update-style none;

#my dns

option domain-name-servers 145.253.2.75, 193.174.32.18;

default-lease-time 86400;
max-lease-time 604800;

authoritative;

# Ips

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.200 192.168.0.229;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.1;
}

To Do :

* Secure samba
* Add Users policies.
* Configure exim

Thanks to :

http://www.aboutdebian.com/network.htm
http://www.aboutdebian.com/lan.htm
http://users.pandora.be/mydotcom/howto/lanconnect/router/linux.htm
www.debian-administration.org/articles/23
http://myrtfm.blogspot.com/

No comments: