   RedHat Linux 6.x  Internet Gateway   
  Paul Ramsey <pramsey@refractions.net>
  22  2000

          RedHat 6  
  ,     Internet gateway '    
     .    ,  
   (masquerading),  DNS,  DHCP,   
  .
  ______________________________________________________________________

  Table of Contents


  1. 

     1.1 
     1.2 Copyright

  2.   

     2.1  hub
     2.2  hub
     2.3     

  3.   

     3.1   driver 
        3.1.1     
     3.2      
        3.2.1   
        3.2.2  DHCP server
        3.2.3  client /
        3.2.4  DNS server
        3.2.5    
     3.3    
        3.3.1    IP
        3.3.2   DHCP
        3.3.3   
           3.3.3.1 PPP   Ethernet (PPPoE)
           3.3.3.2     DHCP
           3.3.3.3   Road Runner
        3.3.4     
     3.4 

  4.   (masquerading)

  5. 

     5.1  ICQ  
     5.2  Caldera 2.x,  RedHat 6.x
     5.3      /     Web server 


  ______________________________________________________________________

  [1m1.  [0m

            RedHat 6.x
   Internet gateway    ,    
  .        :  
    ,     ,  
       ,  
     :


         ADSL   Internet.

           RedHat 6.x 
         / .     
           RedHat,   Mandrake 6.x, 
        MacMillan Publishing    
      .

      /    Linux     
      ,      Linux   .

       ethernet hub,     
       ,   cross-over,    
     /.

           text  / 
     Linux.

         /  root.   
       RPM   cd-roms  Linux.

       ,    
       .

      ,      
   . ,     
  ,   .       
   ,       
     ,  '    ,  
           
  .           
      --,      
      ,     
     GUI's,     RedHat.   
  ,       ' , . 
   , ,         
      Linux,   .  (,
      X-Windows  ,     headless
  server.)

  [1m1.1.  [0m

           
  http://www.coastnet.com/~pramsey/linux/homenet.html ( HTML),  
  http://www.coastnet.com/~pramsey/linux/homenet.sgml ( SGML).


    21  1999 :  .

    2  2000 :    John Mellor,  
        .

    22  2000 :       
        ,     IP aliasing  
     Chris Lea.

    16  2000 :       
     name server       Caldera Linux, 
      Nelson Gibbs.

    22  2000 :       
     RedHat 6.2 .     PPPoE (PPP over
     Ethernet),   Kerr First.



  [1m1.2.  Copyright[0m

  Copyright  2000, Paul Ramsey.

      '     , 
  ,     :


        copyright      
             ,  
     .

             
      ,  .

          ,  
               
     ,    ,      .

          '  
       ,      ,  
         ,      
     .

    ,       :
       .    
  ,    ,  ,    
  ,    .

  [1m2.    [0m

       hub  ,     
   .        RJ45 (
        ,   ),
        .    
      /    hub,  
       , .    
  ,          .

  [1m2.1.   hub[0m

    hub,      '   
  <http://www.coastnet.com/~pramsey/linux/w_hub.gif>.

      eth0  /     (cable)
  modem,      ADSL,    
            . (,
         '   .)  
    ,     cable modems 
     crossover,       
  .         ,  
    .

      eth1  /    hub,  
  .        / .

  [1m2.2.   hub[0m

       hub,      / 
   /    Linux,   crossover.    
     
  <http://www.coastnet.com/~pramsey/linux/wo_hub.gif>.

      eth0   cable modem,    
   ADSL,      
  .     eth1    /,
    crossover.

  [1m2.3.      [0m

       . '   ,   
           , 
       cracking ( =   
  hackers).  ,     
  ,  [4m[24m.     .

     Linux     "IP aliasing", 
         ethernet   
   IP . (     
        RedHat   Mandrake.) 
     gateway     ethernet,  
       eth1   eth0:0.

      , [4m[24m     DHCP
  server.

     /    cable modem  (   
   ADSL)  hub.    ,  .

  [1m3.    [0m

   ,      Linux  /, 
    gateway .     '   
     ,      Internet. , '
     ,         .

   login  root.       
     login  root.

     Linux    ethernet    eth0
   eth1,      '    '   
  .  , ,       . 
   ""    ,    
   50%   :   /      
  motherboard   ,      . ( 
     ,       
  .)  eth0      -     
       . ,  '    
        eth0,   eth1.

  ,       eth0   eth1  
    .  : ifconfig eth0  : ifconfig eth1. 
    ,       ,
          (    
  , ,   ) :


   eth0   Link encap: Ethernet   HWaddr 00:60:67:4A:02:0A
          inet addr:0.0.0.0  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:466 errors:0 dropped:0 overruns:0 frame:0
          TX packets:448 errors:0 dropped:0 overruns:0 carrier:0
          collisions:85 txqueuelen:100
          Interrupt:10 Base address:0xe400




          ,   
      :


   eth0: error fetching interface information: Device not found.




  [1m3.1.    driver [0m

    Linux      ,    .
  ,   .

           ,    .
       . ,   , 
          .   
  ,    '  .   ,  
   ,    Ethernet HOWTO. , ,
      :


    [4m[24m [4m[24m [4mPCI[24m [4m[24m [4m.[24m    ,
          ,    
      drivers ' . , ,    
            (  ' 
     ),   /proc/pci    
     .

    [4m[24m [4m[24m [4mISA[24m [4m[24m [4m.[24m     
         IO   IRQ  .   
      , ;   ,     site 
      ,      on-line  
     . ,         DOS,
              
      (         
      IRQ).

    [4m[24m [4m[24m [4mISA[24m [4mPlug'n'Play[24m [4m[24m [4m.[24m    
         -   Plug'n'Play HOWTO. , 
          ,     
        IO   IRQ .

  ,      -   eth0  eth1, 
        Ethernet HOWTO,    
    .    driver,   
     ,      .

       '   !    
  ,   /etc/conf.modules.     text editor
    .      , 
       ,    
         gateway.   PCI 
   10/100 Mbps,     VIA Rhine,  
   ISA    NE2000,  10 Mbps.  
    100 Mbps    ,   10  
      .    /etc/conf.modules 
     :


   alias parport_lowlevel parport_pc
   alias eth0 ne
   options ne io=0x300 irq=10
   alias eth1 via-rhine




       conf.modules      :

              
     .       ,  
        .

       (alias eth0 ne)     
      ne driver    eth0.

       (options ne io=0x300 irq=10)   ne driver 
       IO    IRQ    ISA .   
        ISA,      
       . ,   driver   IO 
     irq       .

       (alias eth1 via-rhine)    
        eth1  driver   via-
     rhine. , ,  eth1    PCI,   
         io  irq :   PCI  
      .

        alias    
      conf.modules ,      
      ISA  .     
    conf.modules,    ethernet   
   

       conf.modules,  
   ifconfig eth0  ifconfig eth1.     
   ,     IO   IRQs, 
       .

  [1m3.1.1.      [0m

    ,       , 
         ;  ,  '
           
    /etc/conf.modules.   ,   IO
    IRQ's     ,   
          NE2000
  (     ).    
  /etc/conf.modules     :


   alias eth0 ne
   alias eth1 ne
   options ne io=0x330,0x360 irq=7,9




         ,  
         eth0.   
  eth1.

  [1m3.2.       [0m

   ""   ,       /
       .  ""    ,
   Internet,     gateway / .   
   ,        
        gateway /,     
  firewall  .

  [1m3.2.1.    [0m

     drivers   ,      
  eth0   eth1   ifconfig,      
   .         
  eth1,      eth0.

         ,    
       : 192.168.1.0.   
  "   C",      
    .

  ,        .
     /etc/sysconfig/network,    
     :


   NETWORKING=yes
   FORWARD_IPV4=yes




       Linux     
        /.   
    Linux      IP (IP
  forwarding).       
  (masquerading),      4  HowTo.

  [4m[24m [4m[24m [4m[24m [4mRedHat[24m [4m:[24m  RedHat 6.2    
  /etc/sysctl.conf,      IP forwarding  
  masquerading.        
      :


   net.ipv4.ip_forward = 1
   net.ipv4.ip_always_defrag = 1




        RedHat     
  RedHat   ,  directory /etc/sysconfig/network-
  scripts directory.  cd '   directory,    
  ,  ifcfg-eth1.  '     :


   DEVICE=eth1
   IPADDR=192.168.1.1
   ONBOOT=yes




       scripts     eth1 
   ,        IP.
           
   : /etc/rc.d/init.d/network restart

  [1m3.2.2.   DHCP server[0m

   DHCP server    IP  / 
       .   ,
     / :      
  /  ,     .    DHCP
  server    ,     .

        DHCP server  .
   mount  CD  Linux ,     dhcp RPM.
  ,    /etc/dhcpd.conf,     (
   ) :


   subnet 192.168.1.0 netmask 255.255.255.0 {
   range 192.168.1.2 192.168.1.60;
   default-lease-time 86400;
   max-lease-time 86400;
   option routers 192.168.1.1;
   option ip-forwarding off;
   option broadcast-address 192.168.1.255;
   option subnet-mask 255.255.255.0;
   }




       Linux /   caching domain name
  server,     :


   option domain-name-servers 192.168.1.1;




      DNS  ,  [4m[24m  
    Linux /  DNS,    
  ( x.x.x.x  y.y.y.y   IP  DNS servers) :


   option domain-name-servers x.x.x.x, y.y.y.y;




             Samba
   Linux /  (   /   Windows),  
   ,   Linux /      WINS 
  browsing server :


   option netbios-name-servers 192.168.1.1;
   option netbios-dd-server 192.168.1.1;
   option netbios-node-type 8;
   option netbios-scope "";




     Samba  WINS       
   .    ,   
  SMB HOWTO,    .

     . ,   
  /etc/rc.d/init.d/dhcpd,        :


   /sbin/route add -host 255.255.255.255 dev eth1




   DHCP clients  Windows    
     DHCP,      
  TCP/IP stack  Linux   .      
      , [4m[24m [4m[24m.  [4m[24m  
  ,       ,   eth1.

      '    /etc/rc.d/init.d/dhcpd,
      default   eth1.   
  :


   daemon /usr/sbin/dhcpd




   :


   daemon /usr/sbin/dhcpd eth1




        DHCP.    DHCP
  server,    : /etc/rc.d/init.d/dhcpd start.

  ,      DHCP server    
  .   RPM  DHCP server   ,
       server    ,   
     ,    : chkconfig dhcpd
  on.

       RedHat    script  
  dhcp   directories  runlevels,    /etc/rc.d. 
  DHCP server   runlevels 3  5 (multiuser  
  multiuser X).  runlevels 0, 1  6 (shutdown,  
  reboot),  DHCP server .

  [1m3.2.3.   client /[0m

       DHCP,       
  client /  :      DHCP.  / 
  Windows,   '     ("Control
  Panel"),      ("Networking").  
   "TCP/IP",    ("Configure").  
   ,        TCP/IP
  ("Configure TCP/IP address automatically"),    ,
   .

   , ,  server,      
   : tail -f /var/log/messages.     logs
   Linux.    ,     Windows / 
       IP,   DHCP server ' .
  (  tail -f ,   Control-C.)

       DHCP,     
  .    ("Networking")   
  ("Control Panel"),       TCP/IP.
      client /    
   192.168.1.0 ,   192.168.1.0 (.   
    ),  192.168.1.255 (.   broadcast),
    192.168.1.1 (   Linux server /).  
      IP   /.    "Gateway"
  192.168.1.1,           
  gateway /.

   IP Masquerading HOWTO     
    clients,    .

  ,     client /,   
   DHCP,          
  192.168.1.x,  gateway 192.168.1.1 .  DNS server   
    192.168.1.1,    caching DNS server ( ),
      DNS       Internet
  Provider .

  [1m3.2.4.   DNS server[0m

    Linux /   caching DNS server,  
  ()   ,    
   DNS      ,    
     ' .

        DNS,   
      .   DNS HOWTO ,  
   DNS and BIND    (  )  
  .

      caching server  client / ,  
  ,     Linux gateway   
  DNS server .      ,   
     DHCP,     3.2.2 .   
     client / ,  '    
  DNS           
  IP.

      DNS server,     bind
  RPM,    caching-nameserver RPM. '   , 
   .

   caching server         
  . ,     IP  DNS servers
   Internet Provider  (  "ISP" - ...),  '
      ,    /etc/named.conf,
          directory (
  x.x.x.x  y.y.y.y        DNS
  servers) :


   forwarders { x.x.x.x; y.y.y.y; };




       DNS server     DNS servers
   ISP,    Internet    
  .   servers  ISP     
  ,        '
  ,      server.

   daemon named       12,
            ,  
        ,  '  
    .


  1.     bind ,    
       8.2.2.   site   RedHat, 
        Mandrake,       
     .

  2.     name server ,     
       .    allow-query { 192.168.1/24;
     127.0.0.1/32; };   /etc/named.conf,   
     forwarders.
  3.     name server   root.   server
       root,    server     
       root.    server    
     ,   nobody,     
       name server.     name server 
     nobody,    /etc/rc.d/init.d/named,   
      daemon named  daemon named -u nobody -g nobody.

     DNS server      boot :
  chkconfig named on. ,     server  
    runlevels (3  5)   boot.

  ,      DNS server  :
  /etc/rc.d/init.d/named start

  [1m3.2.5.     [0m

   DNS         , (
        DNS servers   Internet),
      ping      
  .

      (MS-DOS) '    client /
  ,   : ping 192.168.1.1.       
       Linux / ,    
   .    ,     
    .

  [1m3.3.     [0m

         .  
     ,        Linux 
  ISP .   ,   ADSL mini-HOWTO,  
      ADSL  .    
  Cable Modem HOWTO,   link  ' .

           [4m[24m [4m[0m
  [4m[24m [4m[24m [4m[24m [4mIP[24m.  ISPs    IP
      cable () modem  ADSL,  ' 
       . ,   ISPs
         (
  !) DHCP.      Linux /    DHCP
  [4mserver[24m    eth1 interface,  DHCP [4mclient[24m  
   eth0.

  ,  ISPs      
  ,        Windows.
   '         
  3.3.2. .

  [1m3.3.1.     IP[0m

    ISP      IP,  . 
       ,  /etc/sysconfig/network-
  scripts/ifcfg-eth0,       :


   DEVICE=eth0
   IPADDR=x.x.x.x
   NETMASK=y.y.y.y
   ONBOOT=yes





     x.x.x.x  y.y.y.y      
   ISP. ,    /etc/resolv.conf,   
    :


   search provider_domain_here
   nameserver n.n.n.n
   nameserver m.m.m.m




   provider_domain        ISP . ,
       DNS servers  
  n.n.n.n  m.m.m.m .     Linux /  DNS server,
           nameservers :
  nameserver 127.0.0.1.     Linux server  
   caching server,      servers
    DNS.

  [1m3.3.2.    DHCP[0m

    ISP     DHCP,      
    ,  /etc/sysconfig/network-scripts/ifcfg-eth0,
       :


   DEVICE=eth0
   BOOTPROTO=dhcp
   ONBOOT=yes




  ,    dhcpcd client daemon   
   .   Linux CD ,    
  dhcpcd RPM.

            
  .     /etc/rc.d/init.d/network restart.
  ,  ping     .  ping '
   /  Internet,   www.yahoo.com,   
    .

  [1m3.3.3.    [0m

              
     .   
      ,  links  
     .   John Mellor,  
    links        .

  [1m3.3.3.1.  PPP   Ethernet (PPPoE)[0m

   ADSL providers (  Bell Atlantic)   
          "PPP over
  Ethernet" (PPPoE).    ,    
   client   Windows :     
   Linux.  , ,  PPPoE    , 
           Linux.


      Kerr First    Roaring Penguin PPPoE
     Client.


       PPPoE on Linux for Bell Sympatico,

      General Info  Linux Info.

  [1m3.3.3.2.      DHCP[0m

        ISPs      '  
   host name,         
   .      '   
   /   ,    hub. (,   Linux
   masquerading       ,  
  ISP        !!)

    ISP    host name,      Windows
  /    ,       
  ,       Linux /  
     host name,       DHCP
  server.

    dhcp  BOOTPROTO,     ,
     RedHat DHCP client,   '   
  host name.       host name  RedHat 6.1,
     /etc/sysconfig/network,     :

  HOSTNAME=

     :

  HOSTNAME=your_isp_assigned_name

           RedHat.  
  ,   /sbin/ifup script      
  dhcpcd  pump    -h $HOSTNAME.  ,
   ,        : /sbin/dhcpcd -i
  $DEVICE -h $HOSTNAME  /sbin/pump -i $DEVICE -h $HOSTNAME.

  [1m3.3.3.3.    Road Runner[0m

      Road Runner    
  login,        server. ,
     Linux Road Runner HOWTO.

  [1m3.3.4.      [0m

  ,      .  ifconfig,   
      .    gateway /, 
    :



















   eth0  Link encap:Ethernet  HWaddr 00:60:67:4A:02:0A
         inet addr:24.65.182.43  Bcast:24.65.182.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500 Metric:1
         RX packets:487167 errors:0 dropped:0 overruns:0 frame:0
         TX packets:467064 errors:0 dropped:0 overruns:0 carrier:0
         collisions:89 txqueuelen:100
         Interrupt:10 Base address:0xe400
   eth1  Link encap:Ethernet  HWaddr 00:80:C8:D3:30:2C
         inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500 Metric:1
         RX packets:284112 errors:0 dropped:0 overruns:0 frame:1
         TX packets:311533 errors:0 dropped:0 overruns:0 carrier:0
         collisions:37938 txqueuelen:100
         Interrupt:5 Base address:0xe800
   lo    Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         UP LOOPBACK RUNNING  MTU:3924  Metric:1
         RX packets:12598 errors:0 dropped:0 overruns:0 frame:0
         TX packets:12598 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0




      eth0     
  IP,    eth1    .

      routes  ,    route.
   gateway / ,      :


    Kernel IP routing table
    Destination     Gateway      Genmask         Flags Metric Ref Use Iface
    255.255.255.255 *            255.255.255.255 UH    0      0     0 eth1
    192.168.1.0     *            255.255.255.0   U     0      0     0 eth1
    24.65.182.0     *            255.255.255.0   U     0      0     0 eth0
    127.0.0.0       *            255.0.0.0       U     0      0     0 lo
    default         24.65.182.1  0.0.0.0         UG    0      0     0 eth0




           , 
     ,    ,  
   broadcast 255.255.255.255 ,   default route 
      gateway  ISP. !

      ,   .  '   
   . ,        
      ' .

  [1m3.4.  [0m

          Internet  ADSL 
   modem,    /     
      24   , 7   .  
    Linux  gateway   ,   
    /    :     Internet,
      Linux / .     
       ,   Linux / ,  '
          ,   
   .

  ,       .    ,
     /etc/hosts.deny,     
    :
   #
   # hosts.deny         host /, 
   #             **      
   #             INET,     "/usr/sbin/tcpd" server.
   #
   #                 portmap  ,   
   #                    portmap  
   #             hosts.deny   hosts.allow . ,   
   #                NFS   portmap!
   ALL: ALL




      "TCP wrappers" (    95% 
   )       host /.
      !       
     Linux /       ,
   . ,    .  
   /etc/hosts.allow,      :


   #
   # hosts.allow         host /, 
   #                    
   #              INET,     "/usr/sbin/tcpd" server.
   #
   ALL: 127.0.0.1
   ALL: 192.168.1.




      "TCP wrappers"    
          (local device,
  127.0.0.1),      (192.168.1.) .

       ,   .   
     ,     
  .   Security HOWTO      '  
  ,         '  
  Linux / .

  [1m4.    (masquerading)[0m

   !   ,     
  .    IP      
    Linux.       Windows, 
     ,    .   386
        IP    
   ,       Windows 95 - 
         Windows. (
  ,       Windows 2000 
   "  "   software.
          
  , "       "
  MicroSoft. ,      Windows 2000 
   386.)

   Linux      firewalling, 
            
  .     firewalling    ,
      Firewalling HOWTO    ,
    IPChains HOWTO       firewalling,
   ipchains,       2.2.x  Linux (, '
  ,  RedHat 6.x). ,      
   IP Masquerading HOWTO,     
     .

           ,  
            .
     /etc/rc.d/rc.local,    
      :


   # 1)    .
   /sbin/ipchains -F input
   /sbin/ipchains -F forward
   /sbin/ipchains -F output
   # 2)    MASQ      
   #   DHCP.
   /sbin/ipchains -M -S 7200 10 60
   /sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 68 -d 0/0 67 -p udp
   # 3)      ,    
   #  .   .
   /sbin/ipchains -P forward DENY
   /sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
   # 4)  modules    .
   /sbin/modprobe ip_masq_ftp
   /sbin/modprobe ip_masq_raudio




       modules  ,  
     FTP   RealAudio  /   .
     modules   ,    
  ,     :


    CUSeeMe (/sbin/modprobe ip_masq_cuseeme)

    Internet Relay Chat (/sbin/modprobe ip_masq_irc)

    Quake (/sbin/modprobe ip_masq_quake)

    VDOLive (/sbin/modprobe ip_masq_vdolive)

        !   rc.local
  script    /etc/rc.d/rc.local,  !  
    / ,      Internet. 
   ,    !

  [1m5.  [0m

              
         ,   
   .      
         .  
  '     ,       ,
     links   ,     
  ,     .   
    pramsey@refractions.net.

  [1m5.1.   ICQ  [0m

     ICQ      . 
      . ,   beta quality ICQ
  module  ,     (  )  
      ICQ   .   README
     source,     compile  module.
     compile   ,   :
  /sbin/modprobe ip_masq_icq.

  [1m5.2.   Caldera 2.x,  RedHat 6.x[0m

  ,         ! , 
  Nelson Gibbs (ngibbs@pacbell.net)   ,  
           Linux.
  ,         :


  1.   GATEWAY=xxx.xxx.xxx.xxx  
     /etc/sysconfig/network-scripts/ifcfg-eth0 & eth1    (
          IP   ,
           IP  gateway  ISP).

  2.    /etc/sysconfig/daemons/dhcpd script  
     ROUTE_DEVICE  eth1, [4m[24m eth0.

  3.  /etc/dhcpd.conf     (subnet)  
       .     ,    
      : subnet 216.102.154.201 netmask 255.255.255.255 { } 
      ,   DHCP server     eth0
      eth1,     (fallback).   DHCP server
       ,      .

  4. [4m[24m  host route 255.255.255.255, 
     /etc/rc.d/init.d/dhcpd script    Caldera 
         . [4m[24m    
       eth0  script  eth1.

  [1m5.3.       /     Web server [0m

  ! , [4m[24m [4m[24m [4m[24m [4m[24m [4m[24m [4mIP[24m,   
      .     IP, 
       scripts,    
    IP        ,
     .

            
  /   "" /   "" ' ,
  ,          
  .         
    Linux,       
           ,  
  utility ipmasqadm      .

    ,  ipmasqadm     
    RedHat   Mandrake,     
     web site    -   
  RPM  ,    source .

     RPM,  ,     
    /etc/rc.d/rc.local   :


   /usr/sbin/ipmasqadm portfw -f
   /usr/sbin/ipmasqadm portfw -a -P tcp -L x.x.x.x 80 -R 192.168.1.x 80




          (port forwarding
  rules),          80 
       80   /.  
      IP     x.x.x.x ,  
   IP   /     192.168.1.x .
  ,       80    
   80   .      
     telnet,      80  gateway  
      /  :     
       [4m[24m .





























































