[CLUE-Tech] Linux Router

Jim Ockers ockers at ockers.net
Tue Oct 28 17:18:55 MST 2003 

Willard,

Sterling, Willard wrote:
> 
> I am using a USB ricochet modem connected to my Linux box for my internet
> connection this box also has an internal ethernet card.  I would like to
> setup eth0 as a gateway routing packets to PPP0 ( the ricochet modem ) but
> all documentation I have been able to find is for LRP.  I want to do this
> with RH 9 since it is my primary desktop not extra hardware I have laying
> around.  I am also running IP chains with the eth0 as a trusted device.  Any
> suggestions or howto links?

By "gateway" I assume you mean that your Linux box will be routing
packets destined for the Internet which originate from your internal
home network.

Let's say your network at home is 192.168.168.0 with netmask 255.255.255.0.
Let's say you have the routing table set up like this, with a ricochet
PPP IP address of a.b.c.d.

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.168.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
a.b.c.d         0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         a.b.c.d         0.0.0.0         UG    0      0        0 ppp0

You could issue this command to make masquerading work on your Linux
box, assuming you are using iptables.  If you are using ipchains, I
would recommend switching to iptables.

iptables -t nat -I POSTROUTING -s 192.168.168.0/24 -j MASQUERADE
iptables -t filter -I FORWARD -s 192.168.168.0/24 -j ACCEPT
iptables-save > /etc/sysconfig/iptables

You'll also change /etc/sysctl.conf so that net.ipv4.ip_forward = 1
of course.  If you don't want to reboot you can set this at run-time
but you'll have to google that one.  :)

Naturally the other hosts on your LAN will need to have the ethernet 
eth0 IP address of your Linux box as *their* default gateway, for this 
to work.

You might find it helpful to do "modprobe ip_nat_ftp ; modprobe ip_conntrack_ftp" 
and "modprobe ip_nat_irc ; modprobe ip_conntrack_irc" if you use either of 
those protocols.  I run those commands from /etc/rc.d/rc.local since for
some reason they don't get loaded automatically.

Hope this helps,
Jim

-- 
Jim Ockers, P.Eng. (ockers at ockers.net)
Contact info: please see http://www.ockers.net/

More information about the clue-tech mailing list