----- Original Message -----
From: Simon Bryan <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 29, 2000 6:00 PM
Subject: [SLUG] Want to replace WinNT gateway with Linux gateway
> Hi,
> Here is the situation.
> I currently use a WinNT server as a gateway on my home network, running
> Wingate software. I want to replace that with a Linux server.
> I have RH7.0 and SuSe7.0 available.
For a gateway box I'd actually suggest debian [in fact, I'd suggest debian
for anything ;)]. I'm not familiar with SuSE however, so I'll relate any
comments to RedHat 7.
> I do not have large HDD available (between 500Mb and 1Gb).
You definately want Debian... Debian fits nicely into "tight" disk
situations [I run a full ADSL router/firewall/Masq proxy with sendmail &
bind on a 160MB disk - without stripping down the distro]. in 500Mb to 1Gb,
you could easily build a nice sane system, and still have enough space to
run a `decent sized' squid proxy.
> I have setup SuSe7.0 on a 500MB HDD and have setup RH and Mandrake in the
past.
> I do not need a GUI as this machine should run headless and transparently
> to everyone else.
debian has the "Don't want it? don't install it" advantage there - we have
emacs packages without X11 support availible.
> I will not run a proxy server - at least not with a large cache of any
kind.
You don't need to with IP Masquerading. However, I do recommend running a
local forwarding named/bind. If you have the space to run squid, squid is a
good idea when you only have a analogue modem, since it does cut down on
traffic to some extent.
> I am connecting to the Sydney branch of Optusnet (am an old Microplex
customer)
> The setup did not find or recognise the modem attached (Maestro Companion)
> - also have a Spirit Ranger 56 Internal modem available.
Any maestro modem will work fine. To dial up, use wvdial - this is the
least painful option for most ISPs - there are only a few cases where it
won't work. I'm pretty sure OptusNet is not one of them.
> Question: remembering I am pretty much a dunce at this.
> Once I have the server up and running (am going to try RH on a slightly
> larger HDD, or should I stick to SuSe), how do I get it to recognise the
> modem and how do I setup the routing? I need filenames that I have to edit
> and possible suggestions as to what should go in them.
Generic:
Symlink the serial port your modem is on to /dev/modem. Make sure your PPP
dialer [be it pppd, or an app layered over pppd] knows the correct device,
and the port speed. Migrating from the DOS world, COM1: traditionally is
/dev/ttyS0, COM2: is /dev/ttyS1... check `dmesg' to make sure.
A minimum Masquerading ipchains ruleset can be built using:
ipchains -F forward
ipchains -P forward DENY
ipchains -A forward -s 192.168.0.0/24 -d 0.0.0.0/0 -j MASQ
This assumes that your home subnet is on 192.168.0.0, with a subnet of
255.255.255.0 - adjust values if necessary. I suggest you learn a little
about IP Firewalling and write a real ruleset.
RedHat:
Once an ipchains ruleset has been built, it can be saved using the
ipchains-save and ipchains-restore scripts - IIRC, saving the chains this
way into /etc/ipchains.conf will cause the system to restore the chains at
boot time.
RedHat 6:
enable ipv4 forwarding by editing /etc/sysconfig/network
RedHat 7:
enable ipv4 forwarding by editing /etc/sysctl.conf
> Haven't had much luck looking for FAQ's etc as I don't know what I am
> looking for, can someone point me in the right direction please.
You want the ipchains, IP Masquerading and PPP FAQs/HOWTOs at a bare
minimum.
Also, be sure to lock the box down tight - shut down any unnecessary network
services to minimize the chance of them being attacked.
+-================================================-+
| Crossfire | This message was brought to you |
| [EMAIL PROTECTED] | on 100% recycled electrons |
+-================================================-+
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
