Linux DHCP/Router/VPN Server

The following guide is a work in progress!

I'm writing this article as a reference (for myself), and to help anyone who plans on a similar setup. This was done with Debian 3.1 (sarge), but could be done with any distro.

The building I live in has a 768/768 connection with 5 static IP addresses. The current setup is a mess; it's basically a few hubs, and store bought routers.

I would like one computer that handles everything. Here's a list of features I'm looking forward to:

First let's add all our IP addresses to /etc/network/interfaces.


Notice that eth1 and eth2 both have what we would usually consider a 'gateway' address. Make sure to 'if down eth#' and 'if up eth#' for each interface.

Since this computer will not rely on anything else for DHCP, let's set up DHCPD. We want each external IP to preside over it's own network.


To start dhcpd, run 'dhcpd eth1 eth2', or whatever gateway interfaces you have.

To be sure that dhcpd starts at boot: S20dhcpd

Put this file in /etc/rc2.d

Now we can enable our iptables script. This first version doesn't do much, but it works.


To start it at boot time, put the following file in /etc/rc2.d/S20firewall


Only port 80 is allowed to both networks at the moment (both to 192.168.#.10). This leaves all other ports left to the router itself (including SSH). This is fine for now.

Don't forget to put your ISPs DNS servers into /etc/resolv.conf

Now, to make sure everything works, I suggest you restart your computer. If you're going to test this by connecting other computers directly to this router, use crossover cables.