You are not logged in.

#1 2004-10-29 20:04:30

flex_strongo
Member
Registered: 2003-12-02
Posts: 55

Setting up an arch router

Hey guys, I've been struggling trying to get my LAN setup with arch as a router.  My setup is going to be:  internet -> arch router -> hub -> other computers.

I've searched the forums but I'm pretty lost on what's going on with the networking.  I was able to use Coyote Linux to get this to work out, but I'd much rather have a concrete Arch setup running my server.  Please help with anything you can.

Offline

#2 2004-10-29 20:33:09

flex_strongo
Member
Registered: 2003-12-02
Posts: 55

Re: Setting up an arch router

As a little addition, I'd like to add, this internet connection is coming from a cable modem, into eth0 and going out on eth1.

Offline

#3 2004-10-29 20:48:13

phrakture
Arch Overlord
From: behind you
Registered: 2003-10-29
Posts: 7,879
Website

Re: Setting up an arch router

what is the problem with it? what doesn't work?

Offline

#4 2004-10-29 22:07:29

flex_strongo
Member
Registered: 2003-12-02
Posts: 55

Re: Setting up an arch router

There's no internet connection sharing, which is really what I'm trying to get to happen.

Offline

#5 2004-10-29 22:08:20

lanrat
Member
From: Poland
Registered: 2003-10-28
Posts: 1,274

Re: Setting up an arch router

Please, first check arch fourms and wiki - there are similar threads already.

Also (almost) any linux networking guide should be working with arch - and there are plenty of them. 

You should search for iptables nat (network address translation) and packet forwarding. Basic configuration should be quite easy but it depends on your internet and local network configuration (software and hardware).

Offline

#6 2004-10-29 22:10:19

lanrat
Member
From: Poland
Registered: 2003-10-28
Posts: 1,274

Re: Setting up an arch router

Offline

#7 2004-10-29 23:18:38

flex_strongo
Member
Registered: 2003-12-02
Posts: 55

Re: Setting up an arch router

Ok guys, I've run through a lot of iptables and nat links and tried some things. But I still can't get the internet shared.  The client computers still can't connect to the router.  Is there something in rc.conf I need to change?  I've already messed with the gateway option, but it's done nothing.  Would this still need to have the dhcp option on the client to load?  I'm vey confused/

Offline

#8 2004-10-29 23:28:19

flex_strongo
Member
Registered: 2003-12-02
Posts: 55

Re: Setting up an arch router

here's some more info for anyone that wants to take a peek:

rc.conf of router:

# /etc/rc.conf - Main Configuration for Arch Linux
#

#
# Localization
#
# HARDWARECLOCK: set to "UTC" or "localtime"
# TIMEZONE: timezones are found in /usr/share/zoneinfo
# KEYMAP: keymaps are found in /usr/share/kbd/keymaps
# CONSOLEFONT: fount in /usr/share/kbd/consolefonts (only needed for non-us)
# USECOLOR: use ANSI color sequences in startup messages
#
HARDWARECLOCK="localtime"
TIMEZONE=Canada/Pacific
KEYMAP=us
CONSOLEFONT=
USECOLOR="yes"

# Scan for LVM volume groups at startup, required if you use LVM
USELVM="no"

#
# Networking
#
HOSTNAME="YourDad"

#
# Module to load at boot-up (in this order)
#   (prefix a module with a ! to disable it)
#
MODULES=(!usbserial !ide-scsi natsemi 3c509 sr_mod hw_random parport_pc parport ohci_hcd snd_ens1371 snd_rawmidi snd_seq_device snd_pcm snd_page_alloc snd_timer snd_ac97_codec snd soundcore gameport shpchp pci_hotplug tsdev evdev crc32 rtc lp)

#
# Interfaces to start at boot-up (in this order)
# Declare each interface then list in INTERFACES
#   (prefix an interface in INTERFACES with a ! to disable it)
#
# Note: to use DHCP, set your interface to be "dhcp" (eth0="dhcp")
#
lo="lo 127.0.0.1"
eth0="dhcp"
#eth1="dhcp"
eth1="eth1 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255"
INTERFACES=(lo eth0 eth1)

#
# Routes to start at boot-up (in this order)
# Declare each route then list in ROUTES
#   (prefix a route in ROUTES with a ! to disable it)
#
gateway="default gw 192.168.0.1"
#gateway="default gw 65.24.88.1"
ROUTES=(!gateway)

#
# Daemons to start at boot-up (in this order)
#   (prefix a daemon with a ! to disable it)
#
DAEMONS=(syslog-ng hotplug !pcmcia network netfs crond sshd rc.ipmasq !iptables proftpd)

# End of file

And here's the iptables nat setup I used:

#!/bin/sh

IPTABLES=/usr/sbin/iptables

#All The lines below are NAT routing

# flush any old rules
$IPTABLES -F -t nat

iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i eth1 -s 192.168.0.1/24 -d 0/0 -j ACCEPT
iptables -A FORWARD -i eth1 -s 192.168.0.1/24 -d 0/0 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j DROP
iptables -A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT




# enable IP forwarding (of incoming packets)
echo 1 > /proc/sys/net/ipv4/ip_forward

and finally an ifconfig:

eth0      Link encap:Ethernet  HWaddr 00:A0:CC:76:0D:38  
          inet addr:165.45.15.107  Bcast:255.255.255.255  Mask:255.255.248.0
          inet6 addr: fe80::2a0:ccff:fe76:d38/64 Scope:Link
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:12450 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1149 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1748956 (1.6 Mb)  TX bytes:161417 (157.6 Kb)
          Interrupt:10 Base address:0x7000 

eth1      Link encap:Ethernet  HWaddr 00:50:04:88:25:B6  
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::250:4ff:fe88:25b6/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:28 errors:0 dropped:0 overruns:0 frame:0
          TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:6232 (6.0 Kb)  TX bytes:1854 (1.8 Kb)
          Interrupt:11 Base address:0xdc00 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:544 (544.0 b)  TX bytes:544 (544.0 b)

Offline

#9 2004-10-30 00:00:07

jlvsimoes
Member
From: portugal
Registered: 2002-12-23
Posts: 392
Website

Re: Setting up an arch router

i did a similar simple set up on the distcc machines
i used http://bbs.archlinux.org/viewtopic.php? … ight=arnos
this to nat its nice and easy


-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GU/ d- s: a- C L U P+ L+++ E--- W+
N 0+ K- W-- !O !M V-- PS+ PE- V++ PGP T 5 Z+ R* TV+ B+
DI-- D- G-- e-- h! r++ z+ z*
------END GEEK CODE BLOCK------

Offline

#10 2004-10-30 04:03:22

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: Setting up an arch router

did you enable ip forwarding?

Not sure how up to date this is, but I did a quick google, and it looked promising.
http://www.wfu.edu/~mudayja/router.html


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#11 2004-11-01 20:17:59

ScottTFrazer
Member
Registered: 2004-10-20
Posts: 47

Re: Setting up an arch router

Have you looked into IPcop?

very clean little distro that sets up all this stuff automatically.  Might be worth it to have that setup and then poke around in there until you get a better understanding of how the configuration is supposed to look.

Offline

#12 2004-11-01 21:25:23

phrakture
Arch Overlord
From: behind you
Registered: 2003-10-29
Posts: 7,879
Website

Re: Setting up an arch router

I used Smoothwall for the longest time - smoothwall is very nice - and built on top of IPcop

Offline

#13 2004-11-02 00:24:38

dadexter
Member
From: Dorval, QC, Canada
Registered: 2004-09-07
Posts: 274
Website

Re: Setting up an arch router

flex_strongo wrote:
MODULES=(!usbserial !ide-scsi natsemi 3c509 sr_mod hw_random parport_pc parport ohci_hcd snd_ens1371 snd_rawmidi snd_seq_device snd_pcm snd_page_alloc snd_timer snd_ac97_codec snd soundcore gameport shpchp pci_hotplug tsdev evdev crc32 rtc lp)

Thanks for showing me that... now I'm gonna have nightmares tongue

Offline

#14 2004-11-03 00:18:23

Skee
Member
From: Bucuresti, Romania
Registered: 2004-10-29
Posts: 23
Website

Re: Setting up an arch router

eth1 192.168.0.1

gateway="default gw 192.168.0.1"

Now that can't be right. You need to set up your ISP's gateway, not your own IP.

EDIT: And it's disabled. Oops. Yeah, it's dhcp.

Offline

#15 2004-11-03 12:52:38

flex_strongo
Member
Registered: 2003-12-02
Posts: 55

Re: Setting up an arch router

Well, I just ended up turning my old box into a FreeBSD server, which happened to be pretty easy to setup.  Thanks for the help anyway, everyone.  You guys are great.

Offline

#16 2004-11-03 16:04:42

oscar
Member
From: Kiruna, Sweden
Registered: 2004-08-13
Posts: 457

Re: Setting up an arch router

I once had a OpenBSD router.
when the harddrive failed, I installed FreeBSD and tried to run pf with it.

after 2 days of struggle, I ended up installing Gentoo.
gentoo sucks on the desktop, but as a server, gentoo is great.


To err is human... to really foul up requires the root password.

Offline

#17 2004-11-07 17:34:58

cmf
Member
Registered: 2003-10-18
Posts: 86

Re: Setting up an arch router

Why not just d/l a 20mb iso of ipcop and install that, it's a dedicated routing/firewall distro and is very nice and easy to setup, all web-based gui.

It's very very very nice. and it's all gpl wink

Offline

#18 2004-11-08 00:24:22

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: Setting up an arch router

how up to date is ipcop. last time i checked there hadn't been much going on it seemed devel/release wise.


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#19 2004-11-08 09:44:18

ScottTFrazer
Member
Registered: 2004-10-20
Posts: 47

Re: Setting up an arch router

Kernel-wise, it's 2.4.27

The 1.4.0 release was made public on 10/1/2004, so that's pretty recent.

The snort version installed is 2.1.3, which is the last of the 2.1.x line, so that's not horribly out-of-date.

I've been really happy with it so far...  it's even got audio alerts for the box going up/down and the interfaces changing state so it's easier to run it with no monitor.

Offline

#20 2004-11-08 10:34:22

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: Setting up an arch router

cool. so it is more up to date than I remembered. They must have been doing lots of work "behind the scenes".

8)


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#21 2004-12-21 20:38:13

oscar
Member
From: Kiruna, Sweden
Registered: 2004-08-13
Posts: 457

Re: Setting up an arch router

try m0n0wall - you can fit the default install into a 8 MByte compact flash disc smile


To err is human... to really foul up requires the root password.

Offline

Board footer

Powered by FluxBB