Making a Linux Router/firewall/proxy from a Dell Poweredge 1950 - need help

tuprox

Member
Apr 3, 2012
63
0
61
Ok, so what I want to do is make a router/firewall/proxy (maybe add webserver/FTP as well). Just to start off I want to say that I have moderate knowledge of Linux, enough to administer it from the CL. I have setup routers before but it was years ago and I've forgotten some of the details involved. What I do is a base LAMP install, with DNS, Samba, DHCP server, OpenSSH and then Webmin for easier administration. I've also installed EHCP (easy hosting control panel) in the past but have not at this point.

So, what I want to know is how do I setup the NIC's in the etc/network/interfaces file. Let's say that eth0 connects to the modem and eth1 & 2 are internal adapters. Currently my network is running a Linksys WRT54GL with DD-WRT and the router is set to DHCP for the WAN connection and DHCP is running on the internal network as well. The modem is at 192.168.254.254 and is giving the router an address of 192.168.254.1 my internal network is 192.168.1.1 (192.168.1.0/24). I would like to setup my internal router address to 192.168.1.1 so I guess I need to set it to static in my interfaces config and then set my eth0 to dhcp. Does this sound correct?

So if I do the above my only question is how do I setup the routing tables after that? I always get messed up when I need to make the switch from my Linksys router to my Linux box. I'm not worried about firewall rules at first I can change those once I have the router up and running. I just don't know if I need to make some kind of bridge to bridge the eth0 and eth1 (external NIC and internal NIC).

Can someone help me get past this troubling hurdle?
 

Pheran

Diamond Member
Apr 26, 2001
5,849
48
91
Why don't you just load a Linux router distro on your 1950, such as Smoothwall or Astaro?

You can do this manually, but you have to understand how to implement iptables NAT and firewall rules to accomplish that. Other than enabling ip routing, there are no routing tables to set up in your scenario, as long as DHCP is installing a default route out the external interface.
 
Last edited:

tuprox

Member
Apr 3, 2012
63
0
61
Why don't you just load a Linux router distro on your 1950, such as Smoothwall or Astaro?

You can do this manually, but you have to understand how to implement iptables NAT and firewall rules to accomplish that. Other than enabling ip routing, there are no routing tables to set up in your scenario, as long as DHCP is installing a default route out the external interface.

Thanks for the info! Is shorewall similar to smoothwall? I installed Webmin and Shorewall - is there a reason to remove shorewall and go with smoothwall?
 
Last edited:

robmurphy

Senior member
Feb 16, 2007
376
0
0
Shorewall is a utility to help setup the iptables. As it says its very powerfull but not helpfull.

I do not know what distribution you are running but with centos routing is disabled by default.

I have been trying to do something similar to what you are doing, but have not made much progress so far.

Clearos is worth looking at as it provides nearly all the lamp functionality and routing with multiple ethernet interfaces. Again if you have problems its not greatly helpful.

Other router distributions only tend to provide routing.

Rob.
 

drebo

Diamond Member
Feb 24, 2006
7,035
1
81
You're going to blow a LOT of $$$ in power on that thing.

Not sure what the point of this is.
 

tuprox

Member
Apr 3, 2012
63
0
61
You're going to blow a LOT of $$$ in power on that thing.

Not sure what the point of this is.

Yeah I was thinking about that. I'm going to put an ammeter on it. I need a better router than my Linksys WRT54GL alond with a proxy/VPN/web server. I have it so I'm going to use it till I upgrade to something a little smaller. I really dont' want to run this in a VM until I'm a little more familiar with networking with VM's using multiple NIC's.
 

drebo

Diamond Member
Feb 24, 2006
7,035
1
81
Is this for home use? If so, any one of a hundred $50 routers will suffice.

If it's for a business, you don't EVER want to run it in a VM and you sure as shit don't want to trust something which has no support. Cisco, Juniper or bust.
 

tuprox

Member
Apr 3, 2012
63
0
61
Is this for home use? If so, any one of a hundred $50 routers will suffice.

If it's for a business, you don't EVER want to run it in a VM and you sure as shit don't want to trust something which has no support. Cisco, Juniper or bust.

Thanks for the advice but I know many businesses that don't use Cisco or Juniper for their routers and they work just as well or better than commercial products at a fraction of the price. You might also want to say that if you are serious about web hosting it's Microsoft or bust. JMHO.
 

tuprox

Member
Apr 3, 2012
63
0
61
I want to thank anyone who can help in advance for any advice they can give!
I'm running Ubuntu 10.04LTS BTW
I know most of what I need to do to set up my router but I am stuck at the point of /etc/network/interfaces. I am setting up the external NIC as DHCP as it will get an IP from the modem (192.168.254.254) it assigns 192.168.254.1. I am setting the internal NIC to static with the following settings IF THE ARE CORRECT:
auto eth1
iface eth1 inet static
address 192.168.1.2
netmask 255.255.252.0
network 192.168.1.0
broadcast 192.168.1.255
gateway ???.???.???.???

Now I currently have a Linksys router that is set to IP address 192.168.1.1. I would like to make my linux router the same address so I know I will need to change the 192.168.1.2 address when I do the hardware change over.

Now here is where I am confused. My Linksys is set as the DNS server, gateway and DHCP server. I don't know what to set as the gateway on the internal NIC (the one above with the question marks). If this box is going to be the gateway/router/DNS/firewall/etc for the network do I set the gateway for the internal NIC (eth1) to point to the address 192.168.1.1 (once I do the hardware change and set/change the Linux box static IP from 192.168.1.2 to 192.168.1.1) or do I set the gateway to the modem address?
I'm using this guide to set things up and it is pretty good but it is still a little unclear. http://www.jonathanmoeller.com/screed/?p=1669

Finally I want to make sure I have DHCP server setup properly before I make the switch (I guess I could just make my computers static if it doesn't work) What can I do to make sure it is setup and running. In Webmin I see this:
dhcp.jpg


I also don't know if this is all setup for DNS as well. This is the pic from webmin
binddns.jpg

Is there a way to check to see if DNS and DHCP are going to work when I do the switchover?
 

tuprox

Member
Apr 3, 2012
63
0
61
I want to thank anyone who can help in advance for any advice they can give!
I'm running Ubuntu 10.04LTS BTW
I know most of what I need to do to set up my router but I am stuck at the point of /etc/network/interfaces. I am setting up the external NIC as DHCP as it will get an IP from the modem (192.168.254.254) it assigns 192.168.254.1. I am setting the internal NIC to static with the following settings IF THE ARE CORRECT:
auto eth1
iface eth1 inet static
address 192.168.1.2
netmask 255.255.252.0
network 192.168.1.0
broadcast 192.168.1.255
gateway ???.???.???.???

Now I currently have a Linksys router that is set to IP address 192.168.1.1. I would like to make my linux router the same address so I know I will need to change the 192.168.1.2 address when I do the hardware change over.

Now here is where I am confused. My Linksys is set as the DNS server, gateway and DHCP server. I don't know what to set as the gateway on the internal NIC (the one above with the question marks). If this box is going to be the gateway/router/DNS/firewall/etc for the network do I set the gateway for the internal NIC (eth1) to point to the address 192.168.1.1 (once I do the hardware change and set/change the Linux box static IP from 192.168.1.2 to 192.168.1.1) or do I set the gateway to the modem address?
I'm using this guide to set things up and it is pretty good but it is still a little unclear. http://www.jonathanmoeller.com/screed/?p=1669

Finally I want to make sure I have DHCP server setup properly before I make the switch (I guess I could just make my computers static if it doesn't work) What can I do to make sure it is setup and running. In Webmin I see this:
dhcp.jpg


I also don't know if this is all setup for DNS as well. This is the pic from webmin
binddns.jpg

Is there a way to check to see if DNS and DHCP are going to work when I do the switchover?
 

Pheran

Diamond Member
Apr 26, 2001
5,849
48
91
1. Your netmask and broadcast address don't correspond; one of them is wrong.

2. You don't configure a gateway on the internal NIC, it will be configured by the DHCP process on the external NIC. If you need Internet access for this box while still using your Linksys, you can temporarily configure it to 192.168.1.1.

3. If you try to run DHCP servers on the Linux box and Linksys router at the same time, you are going to hose your network. Disable one or the other. You can migrate DHCP over to the Linux box first if you wish, before it becomes the router.

I have no idea how to configure things with webmin so I won't comment other than to say it looks like nothing is configured on the DHCP server.
 

tuprox

Member
Apr 3, 2012
63
0
61
1. Your netmask and broadcast address don't correspond; one of them is wrong.

2. You don't configure a gateway on the internal NIC, it will be configured by the DHCP process on the external NIC. If you need Internet access for this box while still using your Linksys, you can temporarily configure it to 192.168.1.1.

3. If you try to run DHCP servers on the Linux box and Linksys router at the same time, you are going to hose your network. Disable one or the other. You can migrate DHCP over to the Linux box first if you wish, before it becomes the router.

I have no idea how to configure things with webmin so I won't comment other than to say it looks like nothing is configured on the DHCP server.

Thank you, those comments helped a lot and I think got me past a sticking point I've been in.