Sign in with
Sign up | Sign in
Your question

Linux system as Router ?

Tags:
  • Routers
  • Linux
  • Networking
Last response: in Networking
Share
April 30, 2010 6:25:25 AM

I want ot setup a linux system as router ?

As described here http://www.wiredpakistan.com/forums/viewtopic.php?pid=154832#p15

More about : linux system router

April 30, 2010 2:35:27 PM

What exactly are you asking? Our opinions on a Linux router? The pros and cons of it?

Explain please.
m
0
l
April 30, 2010 4:55:46 PM

How to convert a desktop or a laptop running Linux to be used as router. I mean just like we have HTPC's. I think the link in my orginal post give some idea.
m
0
l
Related resources
April 30, 2010 6:21:33 PM

yousaf465 said:
How to convert a desktop or a laptop running Linux to be used as router. I mean just like we have HTPC's. I think the link in my orginal post give some idea.


I think you mean a server rather than a router although the article you linked seems to be about line noise. Changing to Linux won't prevent that problem but you can convert any computer to run better Operating Systems than Windows. :D 

Go to http://www.pclinuxOS.com and download the 2010 version. Use ImgBurn or similar to burn it to a CD and test it on your computer - you don't even need to install it but just let it run as a LiveCD in RAM. It will recognise and work with all your hardware.
m
0
l
May 1, 2010 7:53:38 AM

I was refering to a that post, not the whole thread. Yeah kind of a server. I do have fedora 12 and Ubuntu which one will be better for that application ?
m
0
l
May 9, 2010 9:17:13 PM

Do you want to turn your machine into a router entirely? Or do you want to virtually host the router and still be able to use the same machine as well?
m
0
l
May 11, 2010 2:12:56 AM

both ways can work for me. No problem with any of these setups.
m
0
l
May 11, 2010 4:36:36 AM

I used to use Fedora as an iptables firewall / router on a PII 450 (I think) for my home network, until I replaced it with an ASA 5505. It worked pretty well honestly, and you can use it to host a web site if you want at the same time. I'd encourage you to read up on iptables an NOT install the GUI as part of your installation. You'll learn more and you'll be better prepared to manage it remotely as well.

Ubuntu or Fedora should work about equally as well for the task... really iptables is a tool that manipulates netfilter within the kernel... so it shouldn't matter much. I always disabled the stock junk and wrote my own bash script (easy, just a list of commands) for setting up iptables / netfilter. I just never liked how any of the stock setups handled it "like a service" rather than what it really was.
m
0
l
May 20, 2010 12:39:18 AM

Thanks for the answer, but I would love more details. And how I could optimize it for a Wifi network.
m
0
l
May 20, 2010 1:48:09 AM

I'm not real sure what your question is there, I would assume you could just treat the Wifi adapter like any other or use a separate access point connected to the internal interface of the linux box... however here is an example of my old bash script that I used to setup my firewall, maybe it'll help answer some of your questions?:

#!/bin/bash

#Set Variables

#Path to iptables
IPTABLES=/sbin/iptables

#External Interface
EXTIF=eth0

#Internal Interface
DMZIF=eth2
PRVIF=eth1

#Ensure that forwarding is enabled in the OS
echo 1 > /proc/sys/net/ipv4/ip_forward

#Define Local Networks
DMZNET=192.168.2.0/24
PRVNET=192.168.1.0/24

#Flush filter and nat tables
${IPTABLES} -F
${IPTABLES} -t nat -F

#Set default policy for standard filter chains
${IPTABLES} -P FORWARD DROP
${IPTABLES} -P INPUT DROP
${IPTABLES} -P OUTPUT ACCEPT

#Set forwarding rules to allow outside traffic into the DMZ network
${IPTABLES} -A FORWARD -i ${EXTIF} -o ${DMZIF} -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

#Set forwarding rules to allow established connections back in
${IPTABLES} -A FORWARD -i ${EXTIF} -o ${DMZIF} -m state --state ESTABLISHED,RELATED -j ACCEPT
${IPTABLES} -A FORWARD -i ${EXTIF} -o ${PRVIF} -m state --state ESTABLISHED,RELATED -j ACCEPT

#Set forwarding rules to allow traffic all traffic outbound from DMZ and Internal Networks
${IPTABLES} -A FORWARD -i ${DMZIF} -o ${EXTIF} -j ACCEPT
${IPTABLES} -A FORWARD -i ${PRVIF} -o ${EXTIF} -j ACCEPT

#Set outbound NAT to hide behind external interface
${IPTABLES} -t nat -A POSTROUTING -o ${EXTIF} -j MASQUERADE

#NAT selected traffic prior to allowing it in the FORWARD chain, this points to the internal web server in the DMZ network
${IPTABLES} -t nat -A PREROUTING -p tcp --dport 80 -i ${EXTIF} -j DNAT --to 192.168.2.100

#Allow all internal traffic to the firewall and bootp traffic for DCHP
${IPTABLES} -A INPUT -i ! ${EXTIF} -s ${DMZNET} -j ACCEPT
${IPTABLES} -A INPUT -i ${DMZIF} -p udp --dport 67 -j ACCEPT
${IPTABLES} -A INPUT -i ! ${EXTIF} -s ${PRVNET} -j ACCEPT
#${IPTABLES} -A INPUT -i ${EXTIF} -p udp --dport 67 -j ACCEPT

#Set inbound rules to allow returning traffic to the local machine and internal loopback traffic
${IPTABLES} -A INPUT -i ${EXTIF} -m state --state ESTABLISHED,RELATED -j ACCEPT
${IPTABLES} -A INPUT -i lo -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
m
0
l
May 23, 2010 4:17:20 PM

Hopefully it does I think I need a Linux guy to help me with it
m
0
l
May 24, 2010 1:16:25 AM

Well...

1) You can verify your interface names with "ifconfig -a"

2) To run the above script:
a) touch /etc/fwscript.sh
b) vi /etc/fwscript.sh
c) Press "i" to enter insert mode in vi
d) paste the above script (with your modifications)
e) Press escape
f) Press ":"
g) Type "wq" to "write and quit" vi
h) back at the command prompt type "chmod +x /etc/fwscript.sh" <enter>
i) Type /etc/fwscript.sh <enter>

If you want it to run everytime it starts you'll need to put "/etc/fwscript.sh" somewhere that runs @ each startup, which may vary depending on your distro. I want to say /etc/rc.local (going off memory here) will do it for Fedora / Red Hat derivatives. If you don't understand some aspect of the above script feel free to ask and I'll be happy to clear up any confusion.
m
0
l
!