Linux(Centos) Gateway Server Configuration: Step by Step Procedure

If you’re trying to set up a home network, you probably want to set up a permiter facing computer connected to your DSL/Cable modem, and then put all of your computers behind that firewall box to keep them safe. This tutorialwill show you how to use a single external connection on the gateway computer (using Iptables firewall), and a second internal connection on the same box so you can connect the computers on the inside of your home/office to it, and automatically give them IP’s when you hook them up (using DHCP server). Iptables can be very complicated, we will only configure a basic firewall, you can add more security later without breaking things. In Linux there are many ways to do this, this one is hopefully simple enough and will teach you the basics. I did this on a CentOS 6 box, though it would work on Debian variants with only slight modifications. During this tutorial I’m logged in as root, which you should generally NOT do, but it makes the tutorial simpler, but if you prefer to do it more securely, add “sudo” before each command and it will work.
The computers on the inside of your office will also be able to talk to each other, so you can hook up printers, computers and share network connections through the switch as well. You can also set up things on your Gateway server box later like a network backup drive for all your computers using Samba relatively simply. There’s a lot of expandability in this setup, but we’ll keep it simple for now.
The first thing to do on your Gateway server is configure and enable Iptables, the default firewall that comes with CentOS. We will tell it to allow outbound traffic from your eth1 interface to the internet. You have to add an Iptables entry, save it and restart Iptables.

Step 1. Add 2 Network cards to the Linux box
Step 2. Verify the Network cards, check if they installed properly or not
Step 3. Configure eth0 for Internet with a Public (External network or Internet)
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
HWADDR=00:0c:29:d2:c2:75
IPADDR=192.168.1.10
BROADCAST=192.168.1.255
NETMASK=255.255.255.0
NETWORK=192.168.1.0
GATEWAY=192.168.1.1
DNS1=8.8.8.8
DNS2=8.8.4.4
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
Step 4. Configure eth1 for LAN with a Private IP (Internal private network)
# vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
BOOTPROTO=static
HWADDR=00:0c:29:d2:c2:7f
IPADDR=192.168.10.1
BROADCAST=192.168.10.255
NETMASK=255.255.255.0
NETWORK=192.168.10.0
GATEWAY=192.168.1.10       # Enter Ip of eth0
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
If you get error can’t bringing up interface eth1, and type:
# service NetworkManager stop
# chkconfig NetworkManager off
# service network start
# chkconfig network on
Step 5. Host Configuration (Optional)
# vi /etc/hosts
127.0.0.1 nat localhost.localdomain localhost
Step 6. Gateway Configuration
# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=nat
GATEWAY=192.168.1.1  # Internet Gateway, provided by the ISP
Step 7. DNS Configuration
# vi /etc/resolv.conf
nameserver 8.8.8.8 # Primary DNS Server provided by the ISP
nameserver 8.8.4.4 # Secondary DNS Server provided by the ISP
Step 8. Configure DHCP server to give out the IP’s to the computers on the inside of the LAN
We do that by installing the DHCP server like this:
# yum install dhcp
Configure a DHCP Server:
# vi /etc/dhcp/dhcpd.conf
option domain-name    "vjetnamnet.com";
option domain-name-servers 8.8.8.8, 8.8.4.4;
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
authoritative;
subnet 192.168.10.0 netmask 255.255.255.0 {
  range dynamic-bootp 192.168.10.10 192.168.10.20;
  option broadcast-address 192.168.10.255;
  option routers 192.168.10.1;
}
Step 9. NAT configuration with IP Tables
First of all you have to flush and delete existing firewall rules. So flush rules by typing in terminal:
# iptables -F
# iptables -t nat -F
# iptables -t mangle -F
Now delete these chains:
# iptables -X
# iptables -t nat -X
# iptables -t mangle -X
Set up IP FORWARDing and Masquerading
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -i eth1 -j ACCEPT
Enables packet forwarding by kernel (save this setting in /etc/sysctl.conf file)
# echo 1 > /proc/sys/net/ipv4/ip_forward
and edit to make the change permanent
# vi /etc/sysctl.conf
net.ipv4.ip_forward=1
Apply the configuration
# service iptables save
# service iptables restart
Check if iptables is set to start during boot up
# chkconfig --list iptables
Step 10. Testing
Ping the Gateway of the network from client system:
# ping 192.168.10.1
Try it on your client systems:
# ping google.com
Configuring PCs on the network (Clients)
All PC’s on the private office network should set their “gateway” to be the local private network IP address of the Linux gateway computer.
The DNS should be set to that of the ISP on the internet.