Need help setting up Linux router - will pay or trade

[tankman1989]

I've been stuck on a project for some time now. I want to create a router from an Ubuntu 10.04 install and I know the basics but I'm kind of stuck making sure that it is a DHCP and DNS server and assigning the internal LAN address/info in /etc/network/interfaces. I don't think this will take too long to do as most of it is ready to go. I'd like to find someone here that knows how to do this and I would like to watch while you do it via a remote support app (like Teamviewer).

I know there are distros like untangle, pFsense and others but I have my reasons for doing it this way. I can prep whatever is needed before you connect to do your voodoo.

I also want to install and setup squid and maybe Dan'sguardian to test them out but I think I can handle those as I already installed them on another system but never configured them. I'm also using Webmin if that matters.

So, if you are interested please PM me with your rates. I have a for sale page and would be happy to trade as well or give you something like an Intel Pro dual gigabit PCI-e NIC, 500GB SATAII drives or whatever you like within reason.

Here is a link to my forsale stuff
http://www.technibble.com/forums/sho...702#post284702

If you reply, please let me know if you have setup a linux router before, I don't want to pay for someone to learn while they are tinkering.

[SouthernTech]

I'm gonna guess BIND is being a PITA.

[tankman1989]

Quote:

Originally Posted by SouthernTech

I'm gonna guess BIND is being a PITA.

IDK if that is it. I think I have the /etc/network/interfaces setup correctly and the routing setup but it seems that no other computers can get outside the network. I hookup the WAN port to the modem and the LAN to the switch. I can then ping outside my network but no other computers can get out.

I asked the same question on another forum and got a lot of responses telling me that I should use Debian instead of Ubuntu or even better a BSD flavor. I downloaded FreeBSD but am having the same problem I always had with it, I can't get past the first step of install, it always stops on an error (freeBSD 9.0). IDK if it is because I'm using Virtualbox or not.

[coffee]

Currently I run a dhcp server / nat forwarding (iptables) server so that I can hookup a windows box and assign it an ip address and access the internet for updates/ downloads / installs. Works quite well with fedora. But the steps involved are about the same no matter what distro you use. If your using ubuntu then get ubuntu 10.x that has longterm support. Below is some info on how mine is setup that will help you along.

First, Since you are setting up a router from linux you need 2 nics in the box. One is the internet access nic and is connected straight to the internet modem. The other is your internal network nic. This will connect to your simple switch. Mine is connected to a 16 port switch. Then all computers are connected to the switch.

DHCPD

This is the software that assigns network ip addresses and other settings pertaining to your internal network setup. The config file for it is commonly found here --> /etc/dhcpd.conf

Here is my dhcpd.conf file contents to help you. Keep in mind the way to set this up (IMHO) is to get a basic working dhcpd.conf going and then back it up. Then make small changes to tweek it.

Quote:

# DHCP configuration generated by coffee
ddns-update-style interim;
ignore client-updates;

subnet 10.0.1.0 netmask 255.255.255.0 {
option routers 10.0.1.1;
option subnet-mask 255.255.255.0;
option domain-name-servers 68.87.72.134, 68.87.77.134;
option ip-forwarding off;
range dynamic-bootp 10.0.1.160 10.0.1.165;
default-lease-time 21600;
max-lease-time 43200;
}

Note that I provide only 5 leases to internal computers. All my systems (besides those being tested) are static ipaddresses and associated settings.

Please change the lines as needed but do not forget the curly brackets.

Then we need to restart the dhcpd server so that changes take effect. We also want to make sure it starts after a reboot.

Quote:

service dhcpd start

chkconfig dhcpd on

If you get no errors you have completed the basic setup of your dhcpd server. Now we move on to getting the other computers to recognize and access it.

In my setup I have security turned off on the internal network as no one really has access to it except my static systems. Therefore, Turn off selinux.

On your dhcpd server we setup a simple firewall using the GUI program. Please check to make sure its called this (Gufw) its the gnome firewall graphic frontend. Fedora and Ubuntu probably have different names for it.

Quote:

apt-get install Gufw

Run the config program for your firewall and tell it:

1. Your internal nic is trusted.
2. Forward connections coming in on internal network.

Most mistakes in setting up network access are because packet forwarding is not turned on.

You can turn on packet forwarding manually by running the command below:

Quote:

echo 1 > /proc/sys/net/ipv4/ip_forward

Make sure your internal nic is wide open as far as security goes for testing purposes. After everything is running fine you can tweek it. I would suggest you install the nmap program and run it on your internal server ipaddress.

Thats the setup in a nutshell. Important to remember that on this basic setup there is little internal security and that internal security is handled on a individual machine basis. I run all linux machines so its not really a problem. To help steamline the procedure and provide a quicker troublefree setup I always do these setups in this fashion:

1. Install server software and make sure internet access to/from server is established.
2. Install firewall frontend program and adjust settings.
3. Turn on packet forwarding on server and test with laptop with static ipaddress.
4. Setup and run DHCPD server.
5. Test again with laptop with dynamic settings for network.
6. Start hooking up boxes for final install.

To make things easier if your having sever problems you can use the program "firestarter" to graphically walk you thru the setup of your firewall and ip forwarding. Then backup your iptables settings with the command below and remove firestarter as I dont think its well supported anymore.

Quote:

iptables-save > <filename>

Ping is your friend. If your having problems accessing sites see if you can ping their ipaddress first. If you can then the problem is in your DNS settings for the network. If not its most likely a forwarding problem or firewall issue.

I hope this helps. Iam self taught and not a certified professional. However, Sometimes self-taught is better as you understand more.

contact me if you still have issues and I will be glad to help a fellow tech.

coffee

[lcoughey]

I know that you said that you have your reasons for using Ubuntu, but I thought I'd mention IPCop for those who are just looking for a good simple solution.

[Slaters Kustum Machines]

Quote:

Originally Posted by lcoughey

I know that you said that you have your reasons for using Ubuntu, but I thought I'd mention IPCop for those who are just looking for a good simple solution.

I have used ipcop and it is very easy to setup and use. Just started dabbling into Untangle myself.