Making a Linux box as Simple router and Firewall

 Scenario:
1 One Linux Box as a firewall having 2 Lan cards or 1 lan card and one internet modem connection.
2. eth0 –> Connected to Broadband. IP is 192.168.1.2  in case of dialup it can be “ppp0”
3. eth1 –> Connected to Local LAN IP is 192.168.2.1
Note: In case of broadband your default gateway should be IP of Router  In our example – 192.168.1.1

You want to share Broadband accros the LAN and it should restrict traffice outside the LAN.

Step 1. In /etc/sysctl.conf put following line: net.ipv4.ip_forward=1

Step 2. Need flush iptables to start with

# iptables -F
# iptables -t nat -F
# iptables -t mangle -F

Step 2. Setup Masquerading
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

In case of Dialup please replace eth0 with ppp0.

Step 3. Firewalling:

# iptables -A FORWARD -s 192.168.2.0/24 -j ACCEPT
# iptables -A FORWARD -d 192.168.2.0/24 -j ACCEPT
# iptables -A FORWARD -s ! 192.168.2.0/24 -j DROP

# iptables-save

or you can put these lines from step 2 and step3 in /etc/rc.local or in rc script to start with boot.

And here is your router and Firewall ready.

Neelesh Gurjar has written 122 articles

Leave a Reply