You are not logged in.

#1 2004-08-22 03:42:47

yowwww
Member
Registered: 2003-09-04
Posts: 112

Arch as Router/Gateway/Firewall with Dsl connection

Im looking at setting up an Arch box as a file server (just local files, nothing huge) and with two nics so it can give out ips via dhcp to a switch.

Here is the setup I am likely doing:

Dsl modem ---> eth0 of Arch box (goes through gateway/firewall) and has file sharing setup (not so much concerned about file sharing thru smb) --> then out of eth1 and then into the switch to give out ips via dhcp.

I have two nics in this case and have the required pkgs it seems including rp-pppoe and ppp as well as firestarter and dhcpcd / dhcp and iptables. I am using a custom kernel with the necessary options enabled as far as I can tell. I havent actually set this up yet because it I can really simulate it at my location but I want to get it as close to full working capacity before I move it to the location where it will reside.

If anyone has done this before and has tips specifically on how to configure the rc.conf file for this setup or anything else, further insight would be appreciated.

Thanks in advance.

Offline

#2 2004-08-22 06:56:20

sarah31
Member
From: Middle of Canada
Registered: 2002-08-20
Posts: 2,975
Website

Re: Arch as Router/Gateway/Firewall with Dsl connection

i have an old i586 running an older i586 port for arch and all i did was add an extra entry for the eth1 and made sure iptables was installed as well as rp-pppoe. i also added "adsl" to the daemons array in rc.conf.


AKA uknowme

I am not your friend

Offline

#3 2004-08-22 17:47:27

yowwww
Member
Registered: 2003-09-04
Posts: 112

Re: Arch as Router/Gateway/Firewall with Dsl connection

you make it sound so easy, I hope you are right  wink

I ended up having to build my nics in as modules into the kernel so that I could name them modprobe.conf accordingly, otherwise, they both showed up as eth0.

did you have a similar setup as the one I described above?

Offline

#4 2004-08-22 21:36:28

sarah31
Member
From: Middle of Canada
Registered: 2002-08-20
Posts: 2,975
Website

Re: Arch as Router/Gateway/Firewall with Dsl connection

pretty much:

dsl modem --> i586 arch box eth0 --> eth1 out to hub which two othe computers connect to. there is an iptables firewall on the i586 and rp-pppoe.

the two nic are different makes to avoid any potential issues.


AKA uknowme

I am not your friend

Offline

#5 2004-08-23 14:16:33

yowwww
Member
Registered: 2003-09-04
Posts: 112

Re: Arch as Router/Gateway/Firewall with Dsl connection

was there anything special that needed to be done to tell eth1 to give out a signal to the hub so the other comps could get ips via dhcp? I feel like there is something missing. Perhaps something in rc.conf? Maybe you could post your network related section (with sample ips) if you dont mind.

TIA

Offline

#6 2004-09-12 23:23:40

yowwww
Member
Registered: 2003-09-04
Posts: 112

Re: Arch as Router/Gateway/Firewall with Dsl connection

well, for anyone else who is going to do this, it is a LOT more complicated that just plugging stuff in.

main points of interest:

1- compile the appropriate support into the kernel
2 - edit the rc.conf so that both eth devices (or one if you are using ppp-oe) is set up.
3 - get the dhcp package and take a good look at /etc/dhcp.conf and rewrite it to suit your settings.
4 - enable a firewall as well if you like to block unwanted traffic

more to it than that, but that is a good basic start

Offline

#7 2004-09-13 02:23:14

kleptophobiac
Member
From: Sunnyvale, CA
Registered: 2004-04-25
Posts: 488

Re: Arch as Router/Gateway/Firewall with Dsl connection

To be real honest, I don't think arch is very well suited to this task. I personally use OpenBSD for this job. pf (packet filter) is just incredible to work with an has blazing performance and all sorts of nifty features. OpenBSD is also very secure out of the box, and has a decent packages and ports system.

I don't run it on any of my other boxes because it is much more of a pain to configure to do anything but route and run very basic services. Arch dominates my network for various servers and a couple user boxen.

So, look into OpenBSD with pf as a possible alternative. The other plus is that it will run on everything down to a 386!

Offline

Board footer

Powered by FluxBB