How To Configure Linux As Internet Gateway For Small Office

詳見:http://linuxpoison.blogspot.tw/2009/02/how-to-configure-linux-as-internet.html
 


 
這篇教學主旨為:
如何於一個Linux作業系統上,設定 network-address-translation(NAT),並且加入適當的 iptables 規則
使得此系統可以充當一個 gateway,利用單一 public IP address 就能提供外部 internet 給多台 host 使用
 

 
Note: 本篇教學使用 CentOS 6 作為範例說明
 

 


 
Step 1. Add 2 Network cards to the Linux box
 
Step 2. Verify the Network cards, check if they installed properly or not
 
Step 3. Configure eth0 for Internet with a Public (External network or Internet)

vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:50:BA:88:72:D4    # Optional, 根據你的MAC來填
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=none
PEERDNS=yes
NETMASK=255.255.255.0    # Provided by the ISP
IPV6INIT=no
IPADDR=140.92.25.x    # 可以先用dhclient取一個來看看
USERCTL=no
GATEWAY=140.92.25.1    # Provided by the ISP

 
Step 4. Configure eth1 for LAN with a Private IP (Internal private network)
vim /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
HWADDR=00:50:8B:CF:9C:05    # Optional, 根據你的MAC來填
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=none
PEERDNS=yes
NETMASK=255.255.0.0        # Specify based on your requirement
BROADCAST=""
IPV6INIT=no
IPADDR=172.16.0.1        # Gateway of the LAN
USERCTL=no

 
Step 5. Host Configuration (Optional)
vim /etc/hosts
127.0.0.1       localhost.localdomain localhost nat

 
Step 6. Gateway Configuration
vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=nat
GATEWAY=140.92.25.1    # Internet Gateway, provided by the ISP
DNS1="208.67.222.222"
DNS2="208.67.220.220"

 
Step 7. DNS Configuration
vim /etc/resolv.conf
nameserver 208.67.222.222      # Primary DNS Server provided by the ISP
nameserver 208.67.220.220      # Secondary DNS Server provided by the ISP
vim /etc/sysconfig/network

 
Step 8. NAT configuration with IP Tables
First of all you have to flush and delete existing firewall rules. So flush rules by typing in terminal:
iptables -F
iptables -t nat -F
iptables -t mangle -F

Now delete these chains:

iptables -X
iptables -t nat -X
iptables -t mangle -X

Set up IP FORWARDing and Masquerading

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT

Enables packet forwarding by kernel

echo 1 > /proc/sys/net/ipv4/ip_forward

Apply the configuration

service iptables save
service iptables restart

Check if iptables is set to start during boot up

chkconfig --list iptables
chkconfig iptables on

 
Step 9. Testing
Ping the Gateway of the network from client system:
ping 172.16.0.1

Try it on your client systems:

ping google.com

 
Step 10. Configuring PCs on the network (Clients)
  • All PC's on the private office network should set their gateway to be the local private network IP address of the Linux gateway computer.
  • The DNS should be set to that of the ISP on the internet.
除非特別註明,本頁內容採用以下授權方式: Creative Commons Attribution-ShareAlike 3.0 License