Linux as a gateway
Is there a linux distro that would lend itself particularly well to acting as a gateway? I've been running a Slackware gateway machine for about four years, and while it served me well, it was a pain to initially get up and running and has recently gone kaput on me. Rather than spending the time to refresh my memory on the nightmare that is ipchains to try to fix what's broke, I'd rather just do a clean install with something running the supposedly simpler iptables.
IIRC, a real sticking point in setting it up the first time was getting linux to recognize the second ethernet card. For a temporary solution to my routing problems, I put a second ethernet card in one of my other Linux boxes (running a more recent distro), and again it wasn't simple. There was seemingly much random behavior as to which card was eth0 and which was eth1, and which would connect to my ISP's DHCP server and which would only connect to the internal network. I'm not looking for help with those individual problems (at least not now), I mention this because I'm curious if this is a common complaint, and if so, is there a distro which makes the two network card set-up easier?
On a side note, as I was playing with configuring the two network cards, I kept rebooting to make sure the changes were affected. I recall running across some Linux command that could just shut down and bring back up networking services, rather than the whole system. Anybody know what I'm talking about?
I don't feel qualified to answer your first question (though I haven't had a problem with 2 ethernet cards in a machine), but:
In Fedora Core you have the redhat-config-network graphical program which makes it easy.
Otherwise, if memory serves me right you can do the following as the root user:
/etc/init.d/network stop
/etc/init.d/network start
Quote: Original post by BerwynIrish
On a side note, as I was playing with configuring the two network cards, I kept rebooting to make sure the changes were affected. I recall running across some Linux command that could just shut down and bring back up networking services, rather than the whole system. Anybody know what I'm talking about?
In Fedora Core you have the redhat-config-network graphical program which makes it easy.
Otherwise, if memory serves me right you can do the following as the root user:
/etc/init.d/network stop
/etc/init.d/network start
I'm lazy and used SuSE for my gateway. Yast seemed to do everything perfectly right the first time with respect to the ethernet cards. No problems with switching which was eth0 and eth1 after reboots or anything like that. But I don't think any distribution would "lend itself particularly well to acting like a gateway". Any of the modern releases should do hardware recognition/configuration fairly automagically.
Try the linux router project, it is not under serious development anymore. It does, however, work quite well.
I also know that OpenBSD has a router installation profile that works out of the box, so you might want to look there as well.
I also know that OpenBSD has a router installation profile that works out of the box, so you might want to look there as well.
The eth0 / eth1 mess should not be a problem really:
- If they use different drivers, it will depend on the order the drivers are loaded. This should not vary between boots
- If they use the same driver, it will depend what PCI slot, or place they are in the machine. This definitely won't vary between boots (unless you go around carrying out random hardware modifications)
So although it might not be immediately obvious which one is which, it won't change.
Mark
- If they use different drivers, it will depend on the order the drivers are loaded. This should not vary between boots
- If they use the same driver, it will depend what PCI slot, or place they are in the machine. This definitely won't vary between boots (unless you go around carrying out random hardware modifications)
So although it might not be immediately obvious which one is which, it won't change.
Mark
I use SmoothWall and it works pretty damn well for me - I've never had any problems with it and the UI is really easy. The only thing is that you need a monitor and keyboard to set it up initially I think. I also have two ethernet cards in my router and it detected them fine.
I would recommend running OpenBSD for a gateway. It should automatically recognize your ethernet cards and setting in up in gateway mode is very easy with pf... the configuration looks something like this...
[Edited by - jperalta on July 5, 2005 10:34:53 AM]
int_if="xl0"ext_if="xl1"local_net="192.168.0.0/16"win_machine="192.168.0.2"scrub in all # defragments incoming packetsnat on $ext_if from local_net to any -> ($ext_if) # Establishes NAT from internal network to externalrdr pass on $ext_if proto tcp from any to any port 3389 -> win_machine # Establishes port forwarding for Microsoft RDPblock allpass in on $int_if from local_net to any keep state # Actually allows internal network to get through the firewallpass out on $ext_if from any to any keep state # Lets the external card actually send stuff out to the network
[Edited by - jperalta on July 5, 2005 10:34:53 AM]
Another vote for OpenBSD. I prefer its packetfilter waaaay above linux' ipchains/iptables. Configuration is really simple and straightforward and the documentation is fantastic.
I've been running it for more than one year right now and had no troubles so far.
It's a real install-configure-boot-and-forget-about-it system.
I've been running it for more than one year right now and had no troubles so far.
It's a real install-configure-boot-and-forget-about-it system.
Thanks for the replies. While the router-specific Linux projects look interesting, I do like having a more-or-less complete system (minus windowing) installed as long as I'm installing an OS.
I went with Ubuntu, which is working fine for NAT, but port forwarding is turning out to be a pain to get working. If it wasn't already installed, I almost certainly would be giving OpenBSD a try. As it as, I might get OPenBSD anyway, if my port forwarding woes don't clear up. The configuration looks so much more painless.
I went with Ubuntu, which is working fine for NAT, but port forwarding is turning out to be a pain to get working. If it wasn't already installed, I almost certainly would be giving OpenBSD a try. As it as, I might get OPenBSD anyway, if my port forwarding woes don't clear up. The configuration looks so much more painless.
If you're just looking for something simple I would recommend shorewall. It's a wrapper around iptables (so you can mess around with stuff on your own if you want to), but the config files were very to edit. For example TCP and UDP forwarding to two NATed computers (from /etc/shorewall/rules):
DNAT net loc:10.0.0.7 tcp 7000:7100
DNAT net loc:10.0.0.7 udp 7000:7100
DNAT net loc:10.0.0.5 tcp 3000:3100
DNAT net loc:10.0.0.5 udp 3000:3100
The online documentation is also quite good.
DNAT net loc:10.0.0.7 tcp 7000:7100
DNAT net loc:10.0.0.7 udp 7000:7100
DNAT net loc:10.0.0.5 tcp 3000:3100
DNAT net loc:10.0.0.5 udp 3000:3100
The online documentation is also quite good.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement