Ubuntu-zw Digest, Vol 27, Issue 3
Daniel Zinyengere
daniel at reliant.co.zw
Mon Aug 3 17:26:19 BST 2009
You put that superbly mate nice!
regards
-----Original Message-----
From: ubuntu-zw-bounces at lists.ubuntu.com
[mailto:ubuntu-zw-bounces at lists.ubuntu.com] On Behalf Of
ubuntu-zw-request at lists.ubuntu.com
Sent: Monday, August 03, 2009 9:53 AM
To: ubuntu-zw at lists.ubuntu.com
Subject: Ubuntu-zw Digest, Vol 27, Issue 3
Send Ubuntu-zw mailing list submissions to
ubuntu-zw at lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-zw
or, via email, send a message with subject or body 'help' to
ubuntu-zw-request at lists.ubuntu.com
You can reach the person managing the list at
ubuntu-zw-owner at lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Ubuntu-zw digest..."
Today's Topics:
1. Re: Poor Man's Router - Howto (Kalpesh Thaker)
2. Meeting reminder (Kalpesh Thaker)
----------------------------------------------------------------------
Message: 1
Date: Mon, 3 Aug 2009 09:49:45 +0200
From: Kalpesh Thaker <luminary06 at gmail.com>
Subject: Re: Poor Man's Router - Howto
To: Alan Paardenkooper <abetherabe at gmail.com>
Cc: ubuntu-zw at lists.ubuntu.com
Message-ID:
<5b344b960908030049m3db5a6bcnf70f8b9deb958757 at mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"
Hi Alan,
Welcome to ubuntu-zw group!
Thanks for posting the NAT how to... it definitely will help alot of people
out there....
kind regards
kalpesh.
On Sat, Aug 1, 2009 at 8:43 AM, Alan Paardenkooper
<abetherabe at gmail.com>wrote:
> Hi all,
>
> This is my first post to this mailing list. I've noticed that there are a
> lot of servers out there running standard squid proxy as the only means
> for clients to share an internet connection. Not because of any reason
> in particular other than the person setting up the server simply doesn't
> know how to set up a simple NAT/router. If proxy has been chosen to help
> conserve bandwidth or to control browsing, then fair enough. But if it's
> just because guys don't know how to set up network address translation
> or only know of squid as the only means to connect more than one
> computer to the internet at one time on a linux machine here's a simple
> howto... A sort of internet connection sharing for debian flavours of
> linux.
>
> Hope this helps.
>
> HOWTO
>
> The Poor Man's Router with NAT & IP Forwarding in Ubuntu 9.04 Part 1
> (Routing between the internet and 1 subnet)
>
>
> You will need the following:
>
> * A small, but reliable PC which can be set to turn itself
> on after a power failure. (Trust me this saves you a lot
> of headaches)
> * A CDROM/DVDROM drive
> * 2 x Ethernet Network Interface Cards installed before
> you install the OS.
> * An ubuntu 9.04 server cd rom
> * A broadband internet connection (ADSL/UHF/VSAT) and the
> connection details: e.g. Your static ip address or PPPOE
> account settings (provided by the ISP)
> * A UTP/wireless switch of some sort
> * A lot of patience
>
> Start by performing a default installation of the OS onto the PC by
> booting up from the CDROM drive. When asked for your default interface
> choose the interface that will connect to the LAN. I like to choose
> eth1. (This is because the 1 helps me to remember i.e. 1 for the L in
> LAN). When asked for a machine name, type gw.example.org (short for
> gateway).
> When asked what type of server you want to install, choose LAMP and SSH
> from
> the options. (I use these because it allows room for expansion later. If
> needed.) That's it. Wait for the OS to finish installing, (you will be
> asked to configure a user. I like to use ???administrator?? unfortunately
> ???admin?? is already taken.) Now move onto the next step.
>
> Now we need to configure the interfaces file. This is so that we can
> connect to the server remotely from another machine on the network if
> needed and also so that we can update the OS from either the
> international repository or from the local one (kindly hosted by Yo!
> Africa). Which one you will use depends on the type of internet
> connection. I hope all you people using VSAT have licenced your
> equipment with POTRAZ... hehe :) type the following:
>
> -----------------------------------------------------------------------
> $sudo vi /etc/network/interfaces
> -----------------------------------------------------------------------
>
> Edit it so that it reads like this. (Don't forget to press
> insert before typing in the vim editor.)
>
> ####################################################################
>
> # This file describes the network interfaces available on your system
> # and how to activate them. For more information, see interfaces(5).
> #
> # The loopback network interface
> auto lo
> iface lo inet loopback
>
> # The LAN (Primary network interface)
> auto eth1
> iface eth1 inet static
> address 192.168.0.1
> netmask 255.255.255.0
> network 192.168.0.0
> broadcast 192.168.0.255
>
> # The Internet
> auto eth0
> iface eth0 inet static
> address 192.168.254.2
> netmask 255.255.255.0
> network 192.168.254.0
> broadcast 192.168.254.255
> gateway 192.168.254.1
>
> ####################################################################
>
> As you can see I've created the new interface which connects to my ADSL
> modem (gateway 192.168.254.1). If you're doing PPPOE... You're on your
> own, there's quite a bit of help out there on the net though. Maybe I'll
> look into this for my next project.
>
> Now we have to configure the Hosts file so that the PC can resolve its
> own hostname... I.e. we don't want to have to refer to the machine as
> 192.168.0.1 or 127.0.0.1, so lets edit the file. Type the following:
>
> -----------------------------------------------------------------------
> $sudo vi /etc/hosts
> -----------------------------------------------------------------------
>
> Edit it so that reads like so:
>
> ####################################################################
>
> 127.0.0.1 localhost
> 192.168.0.1 gw.example.org gw
> 192.168.254.2 gw.example.org gw
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 localhost ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> ff02::3 ip6-allhosts
>
> ####################################################################
>
> We will also have to edit the hostname file. Type the following:
>
> -----------------------------------------------------------------------
> $sudo vi /etc/hostname
> -----------------------------------------------------------------------
>
> Edit it so that it reads:
>
> ####################################################################
> gw.example.org
> ####################################################################
>
> Now we have to edit a file called sysctl.conf in /etc/ so that we tell
> the PC to forward traffic.
>
> A lot of people tend to create a shell script which they place into
> the /etc/init.d/ with the following line:
>
> echo 1 > /proc/sys/net/ipv4/ip_forward.
>
> What this does is to change the value of this file each time the
> computer starts up. I prefer the following as it is a much more elegant
> way. Plus we can also forward IP ver. 6 traffic too if we want.
>
> -----------------------------------------------------------------------
> $sudo vi /etc/sysctl.conf
> -----------------------------------------------------------------------
>
> Uncomment the line which reads net.ipv4.ip_forward = 1
>
> Here's what mine looks like:
>
> ####################################################################
> #
> # /etc/sysctl.conf - Configuration file for setting system variables
> # See /etc/sysctl.d/ for additional system variables.
> # See sysctl.conf (5) for information.
> #
> #kernel.domainname = example.com
>
> # Uncomment the following to stop low-level messages on console
> #kernel.printk = 4 4 1 7
> #
> # Functions previously found in netbase
> # Uncomment the next two lines to enable Spoof protection (reverse-path
> #filter)
> # Turn on Source Address Verification in all interfaces to
> # prevent some spoofing attacks
> #net.ipv4.conf.default.rp_filter=1
> #net.ipv4.conf.all.rp_filter=1
> # Uncomment the next line to enable TCP/IP SYN cookies
> # This disables TCP Window Scaling (http://lkml.org/lkml/2008/2/5/167),
> # and is not recommended.
> #net.ipv4.tcp_syncookies=1
> # Uncomment the next line to enable packet forwarding for IPv4
> net.ipv4.ip_forward=1 <------------ I uncommented here
> # Uncomment the next line to enable packet forwarding for IPv6
> net.ipv6.conf.all.forwarding=1 <----------- I uncommented here
> #
> # Additional settings - these settings can improve the network
> # security of the host and prevent against some network attacks
> # including spoofing attacks and man in the middle attacks through
> # redirection. Some network environments, however, require that these
> # settings are disabled so review and enable them as needed.
> #
> # Ignore ICMP broadcasts
> #net.ipv4.icmp_echo_ignore_broadcasts = 1
> #
> # Ignore bogus ICMP errors
> #net.ipv4.icmp_ignore_bogus_error_responses = 1
> #
> # Do not accept ICMP redirects (prevent MITM attacks)
> #net.ipv4.conf.all.accept_redirects = 0
> #net.ipv6.conf.all.accept_redirects = 0
> # _or_
> # Accept ICMP redirects only for gateways listed in our default
> # gateway list (enabled by default)
> # net.ipv4.conf.all.secure_redirects = 1
> #
> # Do not send ICMP redirects (we are not a router)
> #net.ipv4.conf.all.send_redirects = 0
> #
> # Do not accept IP source route packets (we are not a router)
> #net.ipv4.conf.all.accept_source_route = 0
> #net.ipv6.conf.all.accept_source_route = 0
> #
> # Log Martian Packets
> #net.ipv4.conf.all.log_martians = 1
> #
> # The contents of /proc/<pid>/maps and smaps files are only visible to
> # readers that are allowed to ptrace() the process
> # kernel.maps_protect = 1
> ####################################################################
>
> As you have probably figured out... The only line(s) you really need in
> this file is(are) the one(s) for forwarding the traffic. Play with the
> others at your own risk.
>
> Now we need to create some rules for the NAT and tell iptables to load
> them each time the eth0 interface comes up. I'm going to do it the
> proper way without using webmin or some new fangled automated way. Lets
> get down and dirty with the nitty gritty details. Type the following:
>
> -----------------------------------------------------------------------
> $sudo iptables -t nat -A POSTROUTING -o eth0 -J SNAT --to 192.168.254.2
> -----------------------------------------------------------------------
>
> Explanation:
>
> I'm telling iptables to append (-A) a rule to the POSTROUTING chain in
> the nat table (-t nat). The rule states that any traffic going out (-o)
> of the eth0 interface should be source natted (-J SNAT) to
> 192.168.254.2. I.e. we are making all outgoing traffic think it is
> coming from 192.168.254.2 and not the actual computer it was sent from.
> Don't worry... when the reply packets come back the kernel generally
> remembers who the packet was originally from and reverses this.
>
> Now type the following:
>
> -----------------------------------------------------------------------
> $sudo iptables-save > /etc/iptables.up.rules
> -----------------------------------------------------------------------
>
> We are basically saving the active iptables rules to a file in /etc/
> called iptables.up.rules (you could call it anything you like...)
>
> Now we need to tell iptables to load these rules everytime the eth0
> interface comes up. In order to do this, we now edit
> the /etc/network/interfaces file again and add the following line at the
> bottom below the configuration of the eth0 interface.
>
> #####################################################################
> post-up iptables-restore < /etc/iptables.up.rules
> #####################################################################
>
> My /etc/network/interfaces file now looks like this:
>
> #####################################################################
> # This file describes the network interfaces available on your system
> # and how to activate them. For more information, see interfaces(5).
>
> # The loopback network interface
> auto lo
> iface lo inet loopback
>
> # The LAN (Primary network interface)
> auto eth1
> iface eth1 inet static
> address 192.168.0.1
> netmask 255.255.255.0
> network 192.168.0.0
> broadcast 192.168.0.255
>
> # The Internet
> auto eth0
> iface eth0 inet static
> address 192.168.254.2
> netmask 255.255.255.0
> network 192.168.254.0
> broadcast 192.168.254.255
> gateway 192.168.254.1
> post-up iptables-restore < /etc/iptables.up.rules
>
> #####################################################################
>
> Right... Hopefully all is well. Now it's time to see if what we've done
> works! Reboot the machine. Type: sudo reboot and press enter. Once you
> have rebooted, you should be able to ping your modem 192.168.254.1
> from your lan. Provided your machine's default gateway points to
> 192.168.0.1 and you are on the 192.168.0.0/24 subnet.
>
> I'll leave it up to http://www.ubuntu.org.zw to explain how to change
> your sources.list file to the local repository and keep your server
> software up to date. Next issue I'll expand this for more subnets and
> throw in some bandwidth monitoring and basic firewalling. I'll end off
> with basic traffic shaping.
>
> Alan Paardenkooper
> Cell: 0913 415 034
> skype: abetherabe
>
> B-)
>
>
> --
> Ubuntu-zw mailing list
> Ubuntu-zw at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-zw
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
https://lists.ubuntu.com/archives/ubuntu-zw/attachments/20090803/ce51d5c8/at
tachment-0001.htm
------------------------------
Message: 2
Date: Mon, 3 Aug 2009 09:53:13 +0200
From: Kalpesh Thaker <luminary06 at gmail.com>
Subject: Meeting reminder
To: ubuntu-zw <ubuntu-zw at lists.ubuntu.com>
Message-ID:
<5b344b960908030053s52af973aie29cf793c2ca023c at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Hey Guys,
Just a short reminder about the Ubuntu LoCo team meeting tomorrow evening.
Hope to see you all there. Apparently there will be drinks available for
sale at harvest,
otherwise, you are free to bring your own drinks.
hope to see you all there.
kt.
*Venue:
Tuesday 4th August, 2009*
6.00pm for 6.30pm
336 Herbert Chitepo St.
Harare
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
https://lists.ubuntu.com/archives/ubuntu-zw/attachments/20090803/38f6b5e7/at
tachment.htm
------------------------------
--
Ubuntu-zw mailing list
Ubuntu-zw at lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-zw
End of Ubuntu-zw Digest, Vol 27, Issue 3
****************************************
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Ubuntu-zw
mailing list