set up a home network (CentOS)

If you’re trying to set up a home network, you probably want to set up a permiter facing computer connected to your DSL/Cable modem, and then put all of your computers behind that firewall box to keep them safe. This tutorialwill show you how to use a single external connection on the gateway computer (using Iptables firewall), and a second internal connection on the same box so you can connect the computers on the inside of your home/office to it, and automatically give them IP’s when you hook them up (using DHCP server). Iptables can be very complicated, we will only configure a basic firewall, you can add more security later without breaking things. In Linux there are many ways to do this, this one is hopefully simple enough and will teach you the basics. I did this on a CentOS 6 box, though it would work on Debian variants with only slight modifications. During this tutorial I’m logged in as root, which you should generally NOT do, but it makes the tutorial simpler, but if you prefer to do it more securely, add “sudo” before each command and it will work.

The computers on the inside of your office will also be able to talk to each other, so you can hook up printers, computers and share network connections through the switch as well. You can also set up things on your Gateway server box later like a network backup drive for all your computers using Samba relatively simply. There’s a lot of expandability in this setup, but we’ll keep it simple for now.

The first thing to do on your Gateway server is configure and enable Iptables, the default firewall that comes with CentOS. We will tell it to allow outbound traffic from your eth1 interface to the internet. You have to add an Iptables entry, save it and restart Iptables.

Step 1. Add 2 Network cards to the Linux box

Step 2. Verify the Network cards, check if they installed properly or not

Step 3. Configure eth0 for Internet with a Public (External network or Internet)

# vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0 BOOTPROTO=static HWADDR=00:0c:29:d2:c2:75 IPADDR=192.168.1.10 BROADCAST=192.168.1.255 NETMASK=255.255.255.0 NETWORK=192.168.1.0 GATEWAY=192.168.1.1 DNS1=8.8.8.8 DNS2=8.8.4.4 ONBOOT=yes TYPE=Ethernet USERCTL=no IPV6INIT=no PEERDNS=yes

Step 4. Configure eth1 for LAN with a Private IP (Internal private network)

# vi /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1 BOOTPROTO=static HWADDR=00:0c:29:d2:c2:7f IPADDR=192.168.10.1 BROADCAST=192.168.10.255 NETMASK=255.255.255.0 NETWORK=192.168.10.0 GATEWAY=192.168.1.10       # Enter Ip of eth0  ONBOOT=yes TYPE=Ethernet USERCTL=no IPV6INIT=no PEERDNS=yes

If you get error can’t bringing up interface eth1, and type:

# service NetworkManager stop # chkconfig NetworkManager off # service network start # chkconfig network on

Step 5. Host Configuration (Optional)

# vi /etc/hosts 127.0.0.1 nat localhost.localdomain localhost

Step 6. Gateway Configuration

# vi /etc/sysconfig/network

NETWORKING=yes HOSTNAME=nat GATEWAY=192.168.1.1  # Internet Gateway, provided by the ISP

Step 7. DNS Configuration

# vi /etc/resolv.conf

nameserver 8.8.8.8 # Primary DNS Server provided by the ISP nameserver 8.8.4.4 # Secondary DNS Server provided by the ISP

Step 8. Configure DHCP server to give out the IP’s to the computers on the inside of the LAN

We do that by installing the DHCP server like this:

# yum install dhcp

Configure a DHCP Server:

# vi /etc/dhcp/dhcpd.conf

option domain-name    "vjetnamnet.com"; option domain-name-servers 8.8.8.8, 8.8.4.4; default-lease-time 600; max-lease-time 7200; ddns-update-style none; authoritative; subnet 192.168.10.0 netmask 255.255.255.0 {   range dynamic-bootp 192.168.10.10 192.168.10.20;   option broadcast-address 192.168.10.255;   option routers 192.168.10.1; }

Step 9. NAT configuration with IP Tables

First of all you have to flush and delete existing firewall rules. So flush rules by typing in terminal:

# iptables -F # iptables -t nat -F # iptables -t mangle -F

Now delete these chains:

# iptables -X # iptables -t nat -X # iptables -t mangle -X

Set up IP FORWARDing and Masquerading

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # iptables -A FORWARD -i eth1 -j ACCEPT

Enables packet forwarding by kernel (save this setting in /etc/sysctl.conf file)

# echo 1 > /proc/sys/net/ipv4/ip_forward

and edit to make the change permanent

# vi /etc/sysctl.conf net.ipv4.ip_forward=1

Apply the configuration

# service iptables save # service iptables restart

Check if iptables is set to start during boot up

# chkconfig --list iptables

Step 10. Testing

Ping the Gateway of the network from client system:

# ping 192.168.10.1

Try it on your client systems:

# ping google.com

Configuring PCs on the network (Clients)

All PC’s on the private office network should set their “gateway” to be the local private network IP address of the Linux gateway computer.

The DNS should be set to that of the ISP on the internet.