Linux Headquarters: ipchains Configuration

Home | Guides and Tutorials | What's New? | Comments | About

ipchains Configuration

by Tammy Fox
Last Modified: Wednesday, 19-May-2004 11:54:09 EDT

Introduction

The utility ipchains can be used within a network to distribute an internet connection to all the computers within the network. One central computer is connected to the internet through any means such as dial-up, cable modem, ISDN, DSL, or T1, runs the ipchains utility, and thus acts as the firewall to the internet. It is NOT a proxy. For an internet proxy see Squid Proxy Server Configuration.

Configuring ipchains Server

Issue the following two commands to enable ipchains:

echo 1 > /proc/sys/net/ipv4/ip_forward
ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0

The first line enables ip_forwarding, and the second line tells the server which network to grant internet share priviledges to. In the above example the subnet 192.168.1.* is allowed to share the internet connect. Replace the subnet with yours. The two commands must be issued by root. To start ipchains at boot time, just add the two lines above to the end of the /etc/rc.d/rc.local file.

Configuring ipchains Clients

The clients must be configured to use ipchains. There are two crucial steps involved.

Set the gateway to the IP address of the server.
Set the DNS numbers to the DNS numbers of the Internet provider(the same DNS as the server).

This can be done in a variety of different ways including issuing the commands from a command line, editing the configuration files by hand, using linuxconf, or using netcfg, a Red Hat utility. If you want to edit the files by hand, the gateway is located in the file /etc/sysconfig/network and the DNS numbers should be listed in the /etc/resolv.conf file.

Sample /etc/sysconfig/network file:
NETWORKING=yes
FORWARD_IPV4=no
HOSTNAME=hostname.domain.net
DOMAINNAME=domain.net
GATEWAY=192.168.1.1
GATEWAYDEV=eth0

Sample /etc/resolv.conf file:


search domain.com

nameserver 207.217.120.92

nameserver 207.217.126.91

nameserver 207.217.77.90

What's Related

All Rights Reserved Linux Headquarters © 2000-2007
Linux is a registered trademark of Linus Torvalds
All logos are registered trademarks of their respective owners
Last modified: Wednesday, May 19, 2004