Here are the tips to configure to a Linux box as Router for sharing internet.I uses Redhat 8 on Intel Pentium III,128MB RAM system is configured for around 25 internet users. It using unlimited 384Kbps broadband connection. I uses NAT using Iptables to share the connection and I have two scripts.
This scripts is very simple and I have two scripts for routing, First of all, we have to enable routing on Linux box
#echo “1” > /proc/sys/net/ipv4/ip_forward check whether it is set or not
#cat /proc/sys/net/ipv4/ip_forward should returns 1 .
Add this same command on /etc/rc.local file for enabling routing on each boot time
echo “echo “1” > /proc/sys/net/ipv4/ip_forward” >> /etc/rc.local
I suppose that your Modem/Adsl Router is configured in bridge mode and could get internet connection when it directly assigned a static ip on a desktop.
Scripts 1
#eth0 is connected to internet through a bridged modem/router
/sbin/iptables -F -t nat
/sbin/iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -A INPUT -s 192.168.0.136 -p tcp --dport ssh -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.0.1 -p tcp --dport ssh -j ACCEPT
#/sbin/iptables -A INPUT -s 192.168.0.1/24 -p tcp --dport 3128 -j ACCEPT
/sbin/iptables -A INPUT -j DROP</strong>
This will update the firewall and now we need to save the iptables
#service iptables save
#chkconfig iptables on
That’s it
Scripts 2
This is for advanced users and we can have get full controll over the http traffic from the router system. It’s commonly called Transparent proxy server using squid.
A. We need to have Squid proxy installed on the router.
Execute the command as follows,
– Creating cache directories
#
Add the following line at the end of the file. LAN is suppose to be 192.168.0.0/24 network.
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl lan src 192.168.0.0/255.255.255.0
http_access allow localhost
http_access allow lan
acl blockeddomain dstdomain “/etc/squid/blocked.domains.acl”
http_access deny blockeddomain
#/etc/squid/blocked.domains.acl file contains the blocked domain list
Save and restart the squid
B. Setup a routing scripts
and add the following line,
# squid server IP
SQUID_SERVER="192.168.0.9"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="3128"
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
#modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
# DROP everything and Log it
#iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
Save and execute the script,
# sh /etc/fw-proxy.sh && service iptables save
Reboot the server and configure this LAN ip of the router as gateway on each client desktop and use a valid DNS to resolve the ip. Best practice to check the connectivity is ping to a public ip.
Pls note that : if you are not much aware about Linux commands, I suggest you two solutions.
1. Try pfsense (http://www.pfsense.com). It’s great freeBSD router especially compiled kennel for routing purpose. I found a tremendous performance difference comparing it with normal Linux router. I will add the ‘how to ‘ about this on my blog later.
2. Buy a cheap efficient Router (http://www.cisco.com/en/US/products/ps9925/index.html). I recommended “Cisco RV042 4-port 10/100 VPN Router – Dual WAN”(It’s easy to configure and manage.Cost is around INR 8500/- It will suitable for a company having around 70-90 users to use common gateway to share the internet. It’s come up with load balancing & fail over features. It’s very good for if there are many web users but load balancing caused ssh connection brake after reaching the idle time.
I guess, a versatile solution for your need might be something like I wrote in my Article. Take a look, if requirement was only simple routing.
http://nitishkumar.wordpress.com/2009/06/07/linux-router-utilizing-multiple-dsl-nitish-kumar/
Also suggesting you to take a look over another theme and website design approach, which will make yours more better.
http://nitishkumar.wordpress.com/2009/10/13/how-to-make-a-website-from-wordpress/
Sorry! Just taken a look over my own word. Don’t misinterpret my words. I mean to say that your blog has great contents. The theme I have suggested might be useful to get rid of Uncategorised category menu and other valuable customization around site look and feel.
Hello Nithish,
Thanks for your comments.
It’s just been owned a month agoI started my own website. I didn’t attempt to have placed my eyes on html& css yet. But I think, it’s the time for doing that 🙂
I was just talking about the same.
The theme Atahualpa, you are using, is a really great one for the cause and you don’t need to know HTML, CSS a lot for using the same. I just referred my article for the same purpose as I used the same theme and it came out to be a professional site in every way.
Get the latest version of theme, go to Theme Options and exercise them all, you will be surprised that how easy job it is with such a theme, once you own a blog of your own.
Happy Blogging
Nice to hear you again.
Hi,
with a Cisco RV042, can i make a squid server into my LAN with transparent proxy?
Hi,
It’s nice question. I’m using it my office the same. Why do you need it works like trans.proxy ? There is a tricky way !!
Configure squid in transparent mode and enable ip forwarding in kernel. This probably would work for you.
But I haven’t try before !!!
Hi i just wanna ask if you know how RV042 works with squid proxy?
can u give me the procedure please? can u help me with this..really dont know what to do.
You can’t use the lLnsysRV042 directly configured as transparent proxy backed up by Squid. Only this way would work for you http://www.serveridol.com/network_diagram.jpg.