HowTo Gateway your Linux machine

Dear IsmailiaLUG,

How are you ... ?

At this days i configure a server(Ofcours Fedora)
The services it should to run is (Gateway,DHCP,DNS,Samba,HTTP,Database)
And in the time i configure this services i'll write howto RUN this services

All i just finished of this services is the Gateway
So that let's start with Gateway machine
The target of gateway here is to make your LAN client connect to the Internet throw your machine

First you need two physical Ethernet in your machine
One of them will connect to ISP and the other one will connect to LAN

eth0 #Connect to your LAN
eth1 #connect to Your modem (ISP)

Now your machine connected to ISP throw eth1
And you have your LAN clients connected to you throw eth0

All we need now is FORWARD packets from LAN (eth0) to World wild(ISP) and back throw my machine
This mation can done by iptables because as you see we need to FORWARD packets from eth0 eth1 to and back

Basically we need to have two sets of rules
*Allow outgoing packets from the LAN (via eth0)
*Allow established connections to return

Note:
I'll explain here each rule of gateway only i'll ignore any other cases
The command starts with iptables ,Be careful don't copy the rule line number

# Always accept loop back traffic it's safe
1- iptables -t filter -A INPUT -i lo -j ACCEPT

# Allow established connections, and those not coming from the outside
2- iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
3- iptables -t filter -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT

1- iptables -t filter -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT


# Allow outgoing connections from the LAN side.
2 -iptables -t filter -A FORWARD -i eth0 -o eth1 -j ACCEPT


# Masquerade.
1 - iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE


And after you enter this rules in iptables run this commend
/etc/init.d/iptables save
Or
iptables-save

Then run this commend for enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward

#This's the explain of the iptables commends

iptables -t filter -A INPUT -i lo -j ACCEPT
Accept all connections (traffic) come from localhost


iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Accept all connection that they status is ESTABLISHED or RELATED
ESTABLISHED and RELATED means the connection requested from my machine and the answer of the request is RELATED or ESTABLISHED connection


iptables -t filter -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
Accept all NEW connection that not come from eth1

iptables -t filter -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
Accept any ESTABLISHED or RELATED connection that come World wild to eth1 and forward it to eth0

iptables -t filter -A FORWARD -i eth0 -o eth1 -j ACCEPT
Accept any connection come from eth0 forwarded to eth1

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
MASQUERADE eth1
Source Network Address is eth1
rewrite the Source address in the header of the packet
Forwarding all packets going out from our local network(eth0) to the World Wild (eth1) of the Internet connection.


Note About masquerade :
masquerade target is used only in POSTROUTING chain in nat table
masquerade target as snat target but with a little difference
to use snat you should to have a static ip address
But with masquerade does not require any ip address
masquerade made for working with dynamic ip address

Note:
The all this configured under Fedora distribution

Some references:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html#NATINTRO

http://www.debian.org/doc/manuals/reference/ch-gateway.en.html

http://www.linuxquestions.org/questions/linux-networking-3/gateway-problems-on-fedora-c6-533657/

http://www.debian-administration.org/articles/23
---
Please if you need to ask any thing about gateway you can write me back
Wait for me in DHCP
Thank you
Sherif Sayed