Linux DHCP/Router/VPN Server
The following guide is a work in progress!
I'm writing this article as a reference (for myself), and to help
anyone who plans on a similar setup. This was done with Debian 3.1
(sarge), but could be done with any distro.
The building I live in has a 768/768 connection with 5 static
IP addresses. The current setup is a mess; it's basically a few hubs,
and store bought routers.
I would like one computer that handles everything. Here's a list of features I'm looking forward to:
First let's add all our IP addresses to /etc/network/interfaces.
Manage the forwarding of multiple IP addresses across several interfaces
Not allow traffic to pass between the private networks
Manage DHCP, along with reservations
Allow users to log in via VPN to access services on their home computer(s)
Be able to view traffic in once place, and identify any offending users
Notice that eth1 and eth2 both have what we would usually
consider a 'gateway' address. Make sure to 'if down eth#' and 'if up
eth#' for each interface.
Since this computer will not rely on anything else for DHCP,
let's set up DHCPD. We want each external IP to preside over it's own
To start dhcpd, run 'dhcpd eth1 eth2', or whatever gateway interfaces you have.
To be sure that dhcpd starts at boot: S20dhcpd
Put this file in /etc/rc2.d
Now we can enable our iptables script. This first version doesn't do much, but it works.
To start it at boot time, put the following file in /etc/rc2.d/S20firewall
Only port 80 is allowed to both networks at the moment (both to
192.168.#.10). This leaves all other ports left to the router itself
(including SSH). This is fine for now.
Don't forget to put your ISPs DNS servers into /etc/resolv.conf
Now, to make sure everything works, I suggest you restart your
computer. If you're going to test this by connecting other computers
directly to this router, use crossover cables.