One of the great things you can do with an old computer is to make a server from it.
since i have one i thought why not creating a Router + Gateway + Firewall from it ?
here is what i did :
first off all i installed Debian Lenny on it.
then read several tutrials .
and started to work.
The first thing was setting the Ethernet interfaces correctly (i used 3 old NICs).
while eth0 is the first one
eth1 is connected to Wi-Fi
=== Network configuration ===
my /etc/network/interfaces :
auto eth0
iface eth0 inet static
address 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
this was to set the eth0 as fixed ip (static).
i edited my /etc/hosts as (on all the computers:
192.168.0.1 myservername.mydomainname myservername
192.168.0.2 mylaptop.mydomainname mylaptop
=== Samba Shares ===
i edited my /etc/samba/smb.conf (this is not a secure server !)
workgroup = MYDOMAINNAME
netbios name = %h
server string = %h server this is the main computer
[ISO]
path = /mnt/hda2/iso
browsable = yes
writeable = no
guest ok =yes
comment = ISO files
[APT]
path = /mnt/hda2/apt
comment = Deb files
browsable = yes
guest ok=yes
=== Gateway ===
Added new forwarding script to /etc/network/if-up.d/00-firewall
this script forwards all communication from eth0 to eth1.
#!/bin/sh
PATH=/usr/sbin:/sbin:/bin:/usr/bin
#
# delete all existing rules.
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT
# Allow established connections, and those not coming from the outside
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
# Masquerade.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# Don't forward from the outside to the inside.
iptables -A FORWARD -i eth1 -o eth1 -j REJECT
# Enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward
=== DHCP SERVER ===
Ive added a dhcp server for diffrent machines :
ive edited the config file :
ddns-update-style none;
#my dns
option domain-name-servers 145.253.2.75, 193.174.32.18;
default-lease-time 86400;
max-lease-time 604800;
authoritative;
# Ips
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.200 192.168.0.229;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.1;
}
To Do :
* Secure samba
* Add Users policies.
* Configure exim
Thanks to :
http://www.aboutdebian.com/network.htm
http://www.aboutdebian.com/lan.htm
http://users.pandora.be/mydotcom/howto/lanconnect/router/linux.htm
www.debian-administration.org/articles/23
http://myrtfm.blogspot.com/
No comments:
Post a Comment