Network interfaces
Only eth0 is configured properly. Eth1 is recognized by the kernel module and brought up but as it is not connected, it is not getting configured in the network configuration sub system. Luckily this is fairly easy to do.
Edit the file /etc/network/interfaces in your favorite editor. Remember to sudo your edit command. Otherwise the file is read only.
Clone the eth0 entry and rename the device identifier with eth1. The config file should look something like this (bar the lo lines):
auto eth0 # Bring up eth0 automatically
iface eth0 inet dhcp # eth0 is an inet (TCP/IP) v4 based interface
# (as opposed to inet6 (TCP/IP v6), IPX etc protocols)
# It gets its network address, netmask, gateway,
# broadcast, DNS, etc address information from a
# DHCP server
auto eth1 # Bring up eth1 automatically
iface eth1 inet static # eth1 has a static address assigned by us
address 192.168.2.1
netmask 255.255.255.0
#sudo ifconfig eth1 up
I Selected to install the dhcp3 server in my HomeServer. The configuration file for this server is located at /etc/dhcp3/dhcpd.conf. Open the configuration file with root capabilities and edit the following lines:
Subnet 10.0.0.0 netmask 255.255.255.0 {
}
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.129 192.168.2.250;
option routers 192.168.2.1;
}
If you have additional nets please add them accordingly, using the above as a template.
Back to the global variables in the beginning of the file. Change these lines to your suit your setup. If you like you can change the ‘option domain-name’ line. Please note that this will not change internet behavior outside of your local setup. I would advise you to raise the lease time to something close to 12 or more hours. Remember to add your domain name servers with the ‘option domain-name-servers’ line :
Option domain-name-servers x.y.z.q1, x.y.z.q2;
Add as many as you like that are available to you.
Shoreline Firewall (Shorewall) minimum setup
The configuration files for Shoreline Firewall is not ready in the /etc/ structure. You need to copy the appropriate default files and edit them to suit your setup. As our initial setup is a two interface setup we copy the default files from /usr/share/doc/shorewall/examples/two-interfaces like this :
#sudo cp /usr/share/doc/shorewall/examples/two-interfaces /etc/shorewall
This will copy all necessary files plus the file README.txt. For now I am keeping this file as its contents remind me which default setup I have copied.
Modify the Shorewall policy file (/etc/shorewall/policy) to allow the firewall machine (our HomeServer) to access the net. We need this in order to update our ubuntu installation. Change the line :
$FW net REJECT info
to
$FW net ACCEPT
I decided to comment out the old line to preserve what the default setting is in my config file, copied and modified the copy. Remember to remove the info keyword to avoid your log file being cluttered with lines stating that your firewall accessed the internet.
Initial configuration of Shorewall is now done. We will have to modify the Shorewall setup to allow access to our services, e.g. Samba (providing SMB - Windows File Server protocol), Apache (webserver), MySQL (relational SQL data base server) etc. running on the HomeServer.
We are not yet quite done setting up shorewall. Remember to enable startup in the /etc/shorewall/shorewall.conf file; edit the line:
STARTUP_ENABLED=No
to =Yes
Remember to allow Shorewall to be started on debian based systems (ubuntu and its cousins are based upon debian). Modify the file /etc/default/shorewall line:
startup=0
to =1
Remember to compile and start shorewall:
#sudo shorewall start
To check whether the rules has been set up use the command
#sudo iptables –L
Congratulations! You now have a working Router/Firewall setup – the first step on our road to a HomeServer!
No comments:
Post a Comment