On Wed, Sep 28, 2005 at 12:02:41AM +0000, Joe wrote: > michael wrote: > >But, can we now take it as given I want to set up my PC as a router, and > >thus I am looking for a 'simple how to' in order to do this. I would have > >thought it was about 3 commands on each PC! > > Ah, you've realised how Usenet works... > > OK, look at it from an experienced Debian user's point of view: > what you want to do is fairly trivial, we've all done it, but we > don't remember exactly what we did, and don't want to compromise > our reputations by getting it wrong. I don't care. > > Firstly, it is possible, and for us not too hard. You need to: > > a) Have a Debian machine with two IP interfaces, one connected > to the Internet. People are quite rightly very sniffy about USB > modems, as they bring problems of their own. Routers are better, > for many reasons. Buy one when you can afford to. > > b) Tell Linux to forward IP packets between the interfaces. > The metafile /proc/sys/net/ipv4/ip_forward must contain 1 > to do this. An echo command is the traditional way to do this, > as the whole /proc filesystem is recreated at every boot. > This can also be specified in /etc/sysctl.conf (I just recently learned about this myslef) so that it is set at every boot.
> c) Tell Linux not accept anything that tries to get in. There > are numerous firewall interface programs, but I don't think > there's any real alternative to studying the iptables syntax. > Debian does not as yet offer a means of control of iptables > as a daemon (which it isn't, but that's a convenient control > method), so usage of iptables is still a matter of sending a > series of commands which describe what is and what isn't allowed. > A script is a convenient way to do this. iptables is also extremely > useful as a network diagnostic tool, so reasonable familiarity with > it will help in many other areas. > I find shorewall to be a good compromise. It is well documented and is much easier to use (IMHO) if you understand iptables. However, knowledge of iptables is not required to use it. It is also very flexible. > d) Tell all the other machines on the network to use the Debian > machine's internal IP address as gateway. Preferably install a > DNS server (e.g. bind), and also tell the other machines to use > it as DNS server. Otherwise give all the other machines the IP > address(es) of your ISP's DNS servers as their DNS entries. > I just recently setup BIND on my local network. I found "BIND for the Small LAN" [0] to be most helpful. -Roberto [0] http://www.madboa.com/geek/soho-bind/ -- Roberto C. Sanchez http://familiasanchez.net/~roberto
pgps7LsCjOo8P.pgp
Description: PGP signature
