Linux DHCP/Router/VPN Server
The following guide is a work in progress!
I'm writing this article as a reference (for myself), and to help
anyone who plans on a similar setup. This was done with Debian 3.1
(sarge), but could be done with any distro.
The building I live in has a 768/768 connection with 5 static
IP addresses. The current setup is a mess; it's basically a few hubs,
and store bought routers.
I would like one computer that handles everything. Here's a list of features I'm looking forward to:
-
Manage the forwarding of multiple IP addresses across several interfaces
-
Not allow traffic to pass between the private networks
-
Manage DHCP, along with reservations
-
Allow users to log in via VPN to access services on their home computer(s)
-
Be able to view traffic in once place, and identify any offending users
First let's add all our IP addresses to /etc/network/interfaces.
/etc/network/interfaces
Notice that eth1 and eth2 both have what we would usually
consider a 'gateway' address. Make sure to 'if down eth#' and 'if up
eth#' for each interface.
Since this computer will not rely on anything else for DHCP,
let's set up DHCPD. We want each external IP to preside over it's own
network.
/etc/dhcpd.conf
To start dhcpd, run 'dhcpd eth1 eth2', or whatever gateway interfaces you have.
To be sure that dhcpd starts at boot: S20dhcpd
Put this file in /etc/rc2.d
Now we can enable our iptables script. This first version doesn't do much, but it works.
iptables_script
To start it at boot time, put the following file in /etc/rc2.d/S20firewall
S22firewall
Only port 80 is allowed to both networks at the moment (both to
192.168.#.10). This leaves all other ports left to the router itself
(including SSH). This is fine for now.
Don't forget to put your ISPs DNS servers into /etc/resolv.conf
Now, to make sure everything works, I suggest you restart your
computer. If you're going to test this by connecting other computers
directly to this router, use crossover cables.