My workstation was already using the Road Runner connection and was assigned a dynamic IP address with dhcpcd.
I shut down networking with this command: "/etc/init.d/networking stop". I then unplugged the power from
the cable modem for 30 seconds or more. While the modem was unplugged, I ran the Ethernet cable from the
modem to the first NIC (eth0) in the firewall. I then ran the crossover cable from the second NIC (eth1) in the firewall to my workstation. I plugged in the cable modem
and booted into the Linux install on the firewall.
I installed RedHat 7.3 using the "Custom" install. The install described here
only takes around 300mb but you'll need extra room for logs, installing updates, etc.. I created two partitions, a 650mb root partition, and a 128mb swap partition.
During the install I set eth0 to use dhcp and enabled it at boot. I also set eth1 to use dhcp as well since I did not know the information to plug in for it yet, but
I did not set it to be enabled it at boot. After the install was complete, I went back and configured eth1 correctly.
In the package selection part, I deselected
everything except the Networking, firewall/router, and the Emacs options (I refuse to live without Emacs). I used the "select individual packages" option to deselect things
like "Finger, Finger Server, Telnet, Telnet Server", etc.. that didn't want on a firewall.
After the install was complete,
I rebooted into Linux. If everything goes smoothly, the computer should have gotten an IP from Road Runner and the firewall should now be connected to the Internet. You can try pinging a server like yahoo.com to see if it worked. You can also use the "ifconfig" command to check the eth0 interface and see if it was assigned an IP address.
I then edited my /etc/hosts.allow file to allow ssh connections from my local network. I added this line:
sshd : 192.168.0.0/255.255.255.0 : ALLOW
I then updated my system using RedHat's up2date service.
RedHat uses ipchains as the default firewall tool, but I prefer iptables. I Ran the "setup" command as root and used the "System services" tool to disable ipchains and enable iptables. I also took this opportunity to disable any other services I didn't want running.
I rebooted at this point to enable the kernel updates and the other changes I had made.
I then used the Linux IP Masquerade How-To to create a set of firewall rules to enable NAT and allow my workstation to use the firewall to connect to the Internet. To keep things simple, I trimmed their rules down to the following script:#!/bin/sh IPTABLES=/sbin/iptables
I named this file "rc.firewall-2.4", made it executable (chmod 700 rc.firewall-2.4), and placed it in the /etc/rc.d directory. I then added the following line to the end of the /etc/rc.d/rc.local file:
That will enable the firewall rules when the system boots up. I ran the firewall script manually so that NAT would be enabled without having to reboot.
Now it was time to go back and configure the eth1 interface. I edited /etc/sysconfig/network-scripts/ifcfg-eth1 to contain these three lines:
DEVICE=eth1 IPADDR=192.168.0.1 ONBOOT=yes
I restarted the networking services by running "/etc/init.d/network restart".
I used linuxconf to configure my client. Under Networking -> Host name and IP network devices, I configured "Adapter 1", eth0, to use manual configuration. I gave it an IP address of 192.168.0.2 and a Netmask of 255.255.255.0. I left the other options alone. Then under Networking -> Routing and gateways, I clicked the "set" button and set the gateway as 192.168.0.1. I left the "enable routing" option un-checked. On the firewall, DHCP set the DNS server information for me, but since I entered the IP manually on the client I need to set the DNS server information myself. I just copied the information in the /etc/resolv.conf file on the firewall, to the /etc/resolv.conf file on the client. It should look something like this:
nameserver x.x.x.x search domain.com
I then restarted the networking services on the client by running "/etc/init.d/network restart" and that was it.
Thanks to broadband, now we can truly enjoy a dedicated server. This of course means more easy uploading of any web design. Not compromising on website design is something we have been looking for, for years. This has also made online advertising fairly simple, that has eventually contributed to online marketing as well.