iptables is the inbuilt firewall in Linux kernel. It can be used for allowing and blocking the traffic passing trough the system.
Configuring iptables to work Linux as a router:
For Linux to work as a router, there should be two NICs normally.
Here we implement the router with below network settings with two NICs
eth1 -> 192.168.15.100, net mask =255.255.255.0, Gateway: 192.168.15.1 -> connected with modem and hence internet, No other system in my LAN des not have direct acces to this modem.
eth0 -> 192.168.1.1, netmask 255.255.255.0 connected with LAN, All system in the LAN has to communicate to internet trough this host.
For Linux to act as route, 2 settings must be done.
1. IP forwarding: This can be achieved temporary by setting the status to 1 as below.
#echo 1 >/proc/sys/net/ipv4/ip_forward
For making it permanet and active on next reboot, we have to enable it by editing /etc/sysctl.conf and edit as below:
net.ipv4.ip_forward = 1
To enable this chage, run the command
sysctl -p /etc/sysctl
2. Adding iptables entry for packets routing:
Before you add any entry, make sure iptables service is running.
[root@shimna /]# chkconfig --list|grep iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
If its on yet on service level 2-5, make it on using below command.
[root@shimna /]# chkconfig iptables on
Make sure you don't have any unwanted iptables running currently
[root@shimna /]# iptables -nvL
If any unwanted iptables are running, flush all the rules using -F option and save the same.
[root@shimna /]# iptables -F
[root@shimna scripts]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@shimna scripts]#
Now you can add the entry to route the packets:
[root@shimna scripts]# iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j MASQUERADE
The above setting can be verified by below command:
[root@shimna scripts]# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 19 packets, 1554 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * eth1 192.168.1.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 19 packets, 1554 bytes)
pkts bytes target prot opt in out source destination
Now your Linux system is ready to act as a router. You can configure all other system the LAN gate way as the Linux host LAN IP.
Now your Linux system is ready to act as a router. You can configure all other system the LAN gate way as the Linux host LAN IP.
No comments:
Post a Comment