Very Computer

I am attempting to set up my Linux machine to serve as a point of
connection to my ISP via dialup.  I am able to get the Linux box
connected to the ISP and see the 'Net from there, but am still
struggling with establishing a connection through that box to the
'Net.  I've been wallowing through the various HOWTOs --but I'm not
quite sure where to focus in -- there's so much stuff there to pick
through.  It looks to me like I need to be focusing in on configuring
ipchains and masquerading, plus a caching DNS(?).

I'm not so much looking for what to do as to where to zero in in the
docs. Could someone steer me in the right direction?

My configs info follows ... just for the heck of it.

Kernel 2.4.7
--------------------------------------
/etc/resolv.conf:
======================================
search .
nameserver 192.168.1.1
nameserver 207.69.188.185
nameserver 207.69.188.186
<nidx>nameserver

--------------------------------------
/etc/named.conf:
======================================
// generated by named-bootconf.pl

options {
        directory "/var/named";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        // query-source address * port 53;

Quote:};

//
// a caching only nameserver config
//
controls {
        inet 127.0.0.1 allow { localhost; } keys { rndckey; };

Quote:};

zone "." IN {
        type hint;
        file "named.ca";

Quote:};

zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };

Quote:};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };

Quote:};

include "/etc/rndc.key";

--------------------------------------
output of ipchains -L:
======================================
Chain input (policy ACCEPT):
target     prot opt     source                destination          
ports
ACCEPT     udp  ------  nikto.wildwisconsin.com anywhere            
domain ->   1025:65535
ACCEPT     tcp  -y----  anywhere             anywhere              any
->   smtp
ACCEPT     tcp  -y----  anywhere             anywhere              any
->   http
ACCEPT     tcp  -y----  anywhere             anywhere              any
->   ftp
ACCEPT     tcp  -y----  anywhere             anywhere              any
->   ssh
ACCEPT     tcp  -y----  anywhere             anywhere              any
->   telnet
ACCEPT     udp  ------  anywhere             anywhere            
bootps:bootpc ->   bootps:bootpc
ACCEPT     udp  ------  anywhere             anywhere            
bootps:bootpc ->   bootps:bootpc
ACCEPT     all  ------  anywhere             anywhere              n/a
REJECT     tcp  -y----  anywhere             anywhere              any
->   0:1023
REJECT     tcp  -y----  anywhere             anywhere              any
->   nfs
REJECT     udp  ------  anywhere             anywhere              any
->   0:1023
REJECT     udp  ------  anywhere             anywhere              any
->   nfs
REJECT     tcp  -y----  anywhere             anywhere              any
->   x11:6009
REJECT     tcp  -y----  anywhere             anywhere              any
->   xfs
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):

So you basically want the linux box to be a gateway through which you
can connect your local lan to the net, a.k.a connection sharing?

If that's all you want, then all you have to do is setup masquerading.
This can be done very easily with iptables, so I think it's worth
changing from ipchains to iptables (there are other benefits as well).

For information about iptables look at
www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html
especially the "Mixing NAT and Packet Filtering" section.

All this, assuming you have ip addresses worked out (either static or
through dhcp).
Don't forget to set the linux machine as the default gateway of all the
other machines.
Why do you need to use a caching dns? Do you have a really large
network? If not, just give them the ip addresses of your ISP's nameservers.

That's basically it in a nutshell.
Gad

ps: I think you might consider upgrading your linux machine. Kernel
2.4.7 is very old. Any distribution would have a way to upgrade the system.

Yep.

Quote:

> If that's all you want, then all you have to do is setup masquerading.
> This can be done very easily with iptables, so I think it's worth
> changing from ipchains to iptables (there are other benefits as well).

Ok -- I'll look at that.  I've been giving myself headaches trying to
understand ipchains and trying to isolate the stuff specific to my
situation.

Quote:> For information about iptables look at
> www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html
> especially the "Mixing NAT and Packet Filtering" section.

Excellent.  Thanks.

Quote:

> All this, assuming you have ip addresses worked out (either static or
> through dhcp).

Ok.

Quote:> Don't forget to set the linux machine as the default gateway of all the
> other machines.

Ok.

Quote:> Why do you need to use a caching dns? Do you have a really large
> network? If not, just give them the ip addresses of your ISP's nameservers.

I don't -- I thought I'd read somewhere that caching was the
preferable route.
Guess I got lost in the morass of howtos.

Quote:

> That's basically it in a nutshell.
> Gad

> ps: I think you might consider upgrading your linux machine. Kernel
> 2.4.7 is very old. Any distribution would have a way to upgrade the system.

Cool.  Thanks.

: > So you basically want the linux box to be a gateway through which you
: > can connect your local lan to the net, a.k.a connection sharing?

: Yep.

: >
: > If that's all you want, then all you have to do is setup masquerading.
: > This can be done very easily with iptables, so I think it's worth
: > changing from ipchains to iptables (there are other benefits as well).

: Ok -- I'll look at that.  I've been giving myself headaches trying to
: understand ipchains and trying to isolate the stuff specific to my
: situation.

: > For information about iptables look at
: > www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html
: > especially the "Mixing NAT and Packet Filtering" section.

: Excellent.  Thanks.

: >
: > All this, assuming you have ip addresses worked out (either static or
: > through dhcp).

: Ok.

: > Don't forget to set the linux machine as the default gateway of all the
: > other machines.

: Ok.

: > Why do you need to use a caching dns? Do you have a really large
: > network? If not, just give them the ip addresses of your ISP's nameservers.

: I don't -- I thought I'd read somewhere that caching was the
: preferable route.
: Guess I got lost in the morass of howtos.

Caching DNS is a convenient way to administer your internal network
because none of your internal machines need to point to the outside
resources.  When you have more than one ISP connection or change ISP,
none of your internal machines require changes.

: >
: > That's basically it in a nutshell.
: > Gad
: >
: > ps: I think you might consider upgrading your linux machine. Kernel
: > 2.4.7 is very old. Any distribution would have a way to upgrade the system.

: Cool.  Thanks.