Comments on CentOS 5 - Home Gateway Firewall With DHCP Server For Connection Sharing

Hi !

 I had no need for the route add -host command, dhcp worked out of the box.

 About the ip_forward beeing permanent, it seems more reliable to edit /etc/sysctl.conf as the /etc/sysconfig/network didn't work for me.

 At last, maybe a DNS cache would be a good thing to add to this tutorial. With DNS filtering beeing deployed by a growing number of ISP, beeing able to aggregate answers from public DNS may be better than relying sollely on your ISP' DNS to handle every requests. It's also way faster on high lantency connections.

Now this is awesome! Easy to follow through! I am planning on building a CentOS server for a specialized WAP based portal. Will try to post the results asap.

Cheers

Hi,

I tried your setup but instead of modem connection to my eth0, i used a load balancer router.

I have 2 internet connection and it goes to a load balancer and gateway IP becomes 192.168.0.1 and I set my eth0 and eth1 to the ff IP:

eth0 - 192.168.0.255 , eth1 - 192.168.2.1

eth1 goes to our main switch.

set sysctl.conf - net.ipv4.ip_forward = 1

dhcpd.conf to the following 

-----------------------

ddns-update-style interim;
ignore client-updates;
DHCPARGS=eth1;
subnet 192.168.2.0 netmask 255.255.255.0 {

# --- default gateway
        option routers                       192.168.0.1;
        option subnet-mask              255.255.255.0;

        option nis-domain                   "static.pldt.net";
        option domain-name              "static.pldt.net";
        option domain-name-servers      58.69.254.3, 58.69.254.8;

          option time-offset                      -18000; # Eastern Standard Time
#       option ntp-servers                      192.168.1.1;
#       option netbios-name-servers     192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
#       option netbios-node-type 2;

        range dynamic-bootp 192.168.2.100 192.168.2.254;
        default-lease-time 21600;
        max-lease-time 43200;

        # we want the nameserver to appear at a fixed address
        host ns {
                next-server static.pldt.net;
                hardware ethernet 1C:BD:B9:80:07:6E;
                fixed-address 58.69.254.8, 58.69.254.3;
        }
}

 --------------

eth0 and eth1 are al static IP

is it possible to route internet connection this way?

my server is getting internet access but routing at eth1 is not.

any help will be greatly appreciate.

Thanks

Hi,

 Thanks for this great tutorial, however I think there is a slight adjustment needed.

You need to add the route for which the DHCP server should listen out on before you start the it otherwise you get a fail.

Please feel free to correct me if I'm wrong.

Rich

Is there any chance of giving IP address on the diagram as an example of what going on.

For example.  eth0 - IP, Eth1 IP  - cable modem settings , DNS setting etc.

How about some info on how YOUR network IS set so then change and settings can actually be x-ref etc to suit. rather than simply stating Quote: your network might be different than mine

 Is YOUR eth0 card set to 192.168.0.1 or 184.64.87.112 ????
If YOUR Eth0 card is 192.168.0.1 and mine is 192.168.1.10 then I can simply change the setting at the appropriate places to suit.

This tutorial needs some corrections to properly work.
My hope is that people read this comment so a few things can be corrected.

`echo 1 > /proc/sys/net/ipv4/ip_forward` won't cut it.  Once you do something like `service network restart`, the 1 in ip_forward will be a 0 again -- that is a major problem with this tutorial.

Edit sysctl.conf with `vi /etc/sysctl.conf` and change the 0 in this line to a 1:  net.ipv4.ip_forward = 0 ... from there restart networking to route traffic properly.

Unlike this article, I have two NICs - eth0 and eth1. I also added a few FORWARD rules to specify the source/destination subnets to allow and drop the rest (shown below).

If you're using RedHat/CentOS - any RHEL-based distro that retains the RH-Firewall-1-INPUT custom chain, you'll need to add those rules in the custom chain instead of using the boiler-plate commands I gave above. I just modified `vi /etc/sysconfig/iptables` to configure it.  Once your rules are applied either via commands or manually editing the file, save them and restart iptables.

Can I ask what IP addresses your using, ie are they the IP addresses of your ISP?

 Also do I need the MAC addresses of my ISP definately for the DHCP config?

If so how would I be able to get these so I can put them in?

Sorry just a little confused here, looks good though, will be getting a new computer and want to use a light server for my gateway and then using another as a website development test bed.

 I am fairly good with networking things though, always on aim to improve my ability within network management, should be allot of fun setting this up.

This kind of half baked articles makes me sick, a firewall setup is by far nothing to be taken lightly. I advise all hobbyists to look a some dedicated distro for a firewall/dhcp/gateway solution such as pfsense, m0n0wall, etc. These run on ALIX mini-boards, and can cover even small-business needs (not to speak about power consumption!).

@silvertip257

Please explain what are the ip addresses of your 2 intefaces. and which one faces outside or inside in this example.

Hello,

Please can anyone explain me or recommend a link about how to configure different DHCP scopes in CentOS server? I have 7 different subnets on 7 VLANs,  I easily manage to create the DHCP scopes in WinServer2012 but I can't see any material on CentOS server how to create DHCP SCOPES.

Please advice.

Best regards,

Jamal