“Nobody puts Baby in a corner.” Dirty Dancing, 1987

Linux Based Home Gateway

As I promised, I have put together a tutorial of how to setup a Linux Gateway (and router).

First I want explain why some people may want to do something like this, especially when someone can spend $50 and use a network wizard to create their home network or their ISP provides a modem and router combo, with free setup.

I want to comment that the ISP provided Modem/Routers tend to be rather cheap and are designed poorly.  If you can, opt to purchase your own modem and router, as these tend to a bit more stable,  don’t have hidden limitations coded into them, and could save you money in the long run. (Some ISPs charge a monthly rental of as much as $7 for their modem/router.)

Now back to why someone would want to do this.  First reason would be  performance/quality of service and hardware.  I kind of hit on this in the bit about ISP provided modems and routers, but to give you an idea, one of the ISPs i had a tiny tiny (128k) connection table.  For your average DSL using, web browsing, email checking older couple, that would be fine, they would never fill that connection table because as connections closes they clear from the table.  But for your average gamer (and/or users on cable/fiber), that table is going to be chewed through quick, and even less time if there is more then one gamer (or user).  The result becomes connection instability, anger and general grumpiness.

Another reason would be for control. When you build your own router/gateway, you control what applications you run, as well what passes through it.  Want to limit someones internet access to certain hours, or filter the websites they are allowed to go to? You can install applications on the Linux gateway to do that.  Want to rate limit a user on your network to prevent them from crashing the entire network? You can do that too.

The last reason I can think of is a person is bored/or just because they can.  The best way I have found to learn is just start doing.  I started with contribs.org, which does everything I am going to cover here (and then some) for you automatically with their custom CentOS 4.7 distribution.  I switched to doing my own because I needed CentOS5.x for some software I was running.  Now, without further adieu…

How to Setup Linux Based Gateway/Router

Hardware requirements : any old computer, preferably PIII or better with a CD-Rom/DVD-Rom drive and at least 256mb of ram and at least a 10GB hard Drive.  To setup a gateway, you must have two NICs.

If your a novice, I recommend that you look at contribs.org as it is a lot easier to manage for beginners.

——————————————————

So to start creating your own gateway, download CentOS 5 from Centos.org.  You will need to know what version you need.  If you need to do CDs, you really only need the first 3 CDs, not all 6.

Install CentOS 5 on your box that you are going to use for your gateway (be sure you added your two NIC cards). You don’t need to install anything fancy, just the bare setup should be fine. Once you have it installed, login as root and this is where we start configuring the server.

First, you need to decide which NIC is going to be your internal and which is going to be your eternal interface.  For this walkthrough I my external is eth0 and my internal is eth1.

You need to install IPtables, Bind and DHCP for this to work, so run:

yum install iptables* bind* dhcp*

After that, you will need to setup the system to allow for ip forwarding, you do this by running:

echo 1 > /proc/sys/net/ipv4/ip_forward

Now before we get too far ahead of ourselves, you will want to make sure you have your NICs Setup. In my case, eth0 is setup for DHCP and eth1 is setup for static. Below are copies of my conf files (located in /etc/sysconfig/network-scripts/).

[[email protected] ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
HWADDR=00:1A:70:0F:E1:AF
ONBOOT=yes
DHCP_HOSTNAME=vger
PEERDNS=yes

[[email protected] ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
HWADDR=00:1D:92:6A:6E:0E
ONBOOT=yes
IPADDR=192.168.0.1
NETMASK=255.255.255.0
PEERDNS=yes

Once you have your IPs set, restart your network devices:

service network restart

Next, you need to setup iptables to handle the data from both NICs and route it correctly.

iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
/etc/init.d/iptables save
service iptables restart

Congrats, the first part is done. Now on to DHCP. The trickiest part of DHCP is the conf file, but I am going to copy mine that I setup so that you can copy it. If you feel brave you can change it as you want.

[[email protected] ~]# cat /etc/dhcpd.conf
ddns-update-style interim;
ignore client-updates;

subnet 192.168.0.0 netmask 255.255.255.0 {

# --- default gateway
        option routers                  192.168.0.1;
        option subnet-mask              255.255.255.0;
        option broadcast-address        192.168.0.255;

        option domain-name-servers      192.168.0.1;

        option time-offset              -18000; # Eastern Standard Time

        range dynamic-bootp 192.168.0.75 192.168.0.254;
        default-lease-time 21600;
        max-lease-time 43200;

}

Once you copied the above into /etc/dhcpd.conf and saved it, run:

/usr/sbin/dhcpd eth0

Now the easy stuff is done. We move on to Bind, which was the one application that gave me trouble. The reason it gave me so much trouble is I insist on using chroot. To setup named (bind) edit /var/named/chroot/etc/named.conf and insert the following:

 options {
 directory "/var/named";
 pid-file "/var/run/named/named.pid";
 version "get lost";
  forward first;
   forwarders {
    //Replace these IPs with your ISP's Nameservers, or use your prefer DNS service.
                71.9.127.107;
                68.190.192.35;
};
listen-on { 192.168.0.1; };
};
// typically /var/log/messages
//
  logging{
  channel example_log{
   file "/var/log/named.log" versions 3 size 2m;
   severity info;
   print-severity yes;
   print-time yes;
   print-category yes;
 };
};
 //required local host domain
zone "localhost" in{
  type master;
  file "localhost.zone";
  allow-update{none;};
};

Then Run the following commands:

ln -s /var/named/chroot/etc/named.conf /etc/named.conf
ln -s /var/named/chroot/var/named/master.localhost /var/named/chroot/var/named/localhost.zone
ln -s  /var/named/chroot/var/named/localhost.zone /var/named/chroot/var/named/master.localhost
chkconfig --level 345 named on
service named start

Congratulations, your basic linux gateway is now complete. From here you can add Wireless access points or switches or any other networking device to provide service to your systems. You can also customize your server with services and programs to add greater functionality. Most commonly used programs would be Samba, for Windows File Sharing; Apache, for an in house webserver; mysql for an in house databases; and media tomb for media streaming.

If you have any questions let me know.

p.s. Yes I am working on the History of The Internet Part 2, and Yes Al Gore is in it….

Posted in