Re: internet connection sharing
- From: Jared Doyle <jedoyle@xxxxxxxxxxxxxx>
- Date: Thu, 17 May 2007 03:42:19 GMT
On Mon, 30 Apr 2007 13:26:14 +0000, General Schvantzkoph wrote:
On Sun, 29 Apr 2007 08:08:58 -0400, Bruce Coryell wrote:
Is there a way to configure a redhat-type distro to share an internet
connection with a Windows box?
A Redhat box can easily be configured as a router however you would be
much better off just buying a hardware router. Hardware routers cost
almost nothing, consume only a few watts for power, are simple to
configure from any OS, and provide a firewall which is a good idea to
have for Linux and an absolute necessity for your Windows box.
Put the below in a script and reference it in your /etc/rc.local file.
Don't forget to chmod +x whatever you name it. You could put this inline
with the rc.local script, but it might interfere with other things in the
rc.local file if you need to reload the script. Notice that it firewalls
incoming traffic and drops the packets. If you do not want to allow ssh
traffic through, just delete or comment it out. Have fun.
#!/bin/sh
#Setup interfaces
EXTERNAL=eth0
INTERNAL=eth1
#Set paths to needed programs
MODPROBE=/sbin/modprobe
IPTABLES=/sbin/iptables
#Load some iptables kernel modules
$MODPROBE ipt_conntrack
$MODPROBE ip_conntrack
$MODPROBE ip_conntrack_ftp
$MODPROBE ip_conntrack_irc
$MODPROBE ip_nat_ftp
$MODPROBE ip_nat_irc
$MODPROBE ip_nat_snmp_basic
#Flush old rules, delete the firewall chain if it exists
$IPTABLES -F
$IPTABLES -F -t nat
$IPTABLES -X firewall
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "Setting up NAT (Network Address Translation)..."
# # by default, nothing is forwarded.
$IPTABLES -P FORWARD DROP
# # Allow all connections OUT and only related ones IN
$IPTABLES -A FORWARD -i $EXTERNAL -o $INTERNAL -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTERNAL -o $EXTERNAL -j ACCEPT
# # enable MASQUERADING
$IPTABLES -t nat -A POSTROUTING -o $EXTERNAL -j MASQUERADE
#Set up the firewall chain
$IPTABLES -N firewall
$IPTABLES -A firewall -j LOG --log-level info --log-prefix "Firewall:"
$IPTABLES -A firewall -j DROP
#Accept ourselves
$IPTABLES -A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
$IPTABLES -A INPUT -s 192.168.0.1/24 -d 0/0 -j ACCEPT
#Accept DNS
$IPTABLES -A INPUT -p udp --source-port 53 -j ACCEPT
$IPTABLES -A INPUT -p tcp --source-port 113 -j ACCEPT
$IPTABLES -A INPUT -p tcp --destination-port 113 -j ACCEPT
#Accept SSH
$IPTABLES -A INPUT -p tcp --destination-port 22 -j ACCEPT
#Send everything else to the firewall.
$IPTABLES -A INPUT -p icmp -j firewall
$IPTABLES -A INPUT -p tcp --syn -j firewall
$IPTABLES -A INPUT -p udp -j firewall
unset KERNEL_SYMBOLS NEWMODS RELEASE
--
If society fits you comfortably enough, you call it freedom.
-- Robert Frost
.
- Prev by Date: Re: Corrupted /etc/fstab
- Next by Date: Re: Corrupted /etc/fstab
- Previous by thread: Corrupted /etc/fstab
- Next by thread: FC6 + LVM
- Index(es):
Relevant Pages
|
