[CS-FSLUG] Trying to set up my desktop to serve as a sort of "gateway"

Tim Young Tim.Young at LightSys.org
Wed Oct 15 18:47:22 CDT 2014 

Hi,
Is your mint "firewall" something you will be using for more than 
just the gateway and VPN endpoint?  If you are only using it for a 
firewall/gateway, I would recommend using "PFSense" or a different 
firewall distro.  It will make the task of building a firewall a lot 
simpler.

I do not know mint well, so there may be some easier way to do it 
through a GUI or something.  But here are the pieces you need.

I will call the Linux computer a "firewall" as that is what it will 
be serving as.

*KERNEL*
You need to tell the Linux kernel on your firewall that it is to 
allow packets to forward (route) through it.  We do that by changing 
the value in the kernel: /proc/sys/net/ipv4/ip_forward
The way to do this is through "sysctl", which seems to be in 
/etc/sysctl.conf (or a file in /etc/sysctl.d) that says:
net.ipv4.ip_forward=1

*IP ADDRESSING*
Then, you need to have two different IP addresses and IP address 
pools on either network interface.
Typically, people use 192.168.*1*.1 or 192.168.*0*.1 for their IP 
addresses.  Because you are wanting to do a VPN, you should NOT use 
either of these.  VPNs are a little tricky, and it usually helps to 
have a different IP address pool than the one you are accessing 
from.  So it is usually good to pick a slightly more obscure number.

So, for kicks, let's add 20 to the default number, and we will use 
these on the "inside" network card and outside network card.
192.168.20.1
192.168.21.1

*FIREWALL RULE (Masquerading)*
Then, you need to set up MASQUERADING on the external network card. 
This is done through an IPTables rule.  If you are using something 
like firewallbuilder or some other firewalling thing, it may do it 
for you.  But it boils down to a basic line that says something like:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

*Done:*
That is the main bit of info.  It looks like a possible mint faq 
could be here:
http://thesystemmaster.com/unix/gateway_mint.php

Setting up a VPN may be a little bit harder.  I would probably use 
openvpn if you can.

     - Tim Young

On 10/15/2014 6:01 PM, davidm at hisfeet.net wrote:
> Well, really a gateway to the gateway. I want to connect to a VPN, or at
> least to a private proxy, for use in Mexico, but I want each and all of
> our Internet devices to be connected through it.
>
> I have read that it is possible to set up a Linux box to interpose itself
> between the Internet, and everything on the LAN, and still provide the
> devices on the LAN to communicate with the WAN. I think the article I was
> reading was for a Firewall, which would be OK, but my purpose is for a
> VPN.
>
> I have installed an extra communication card with an Ethernet connector,
> and the computer does recognize that it is there, and identifies it
> properly, but I haven't the faintest idea how to adjust the machine to my
> purposes, or what information to look for in that regard.
>
> I've just spent several hours looking for answer, but don't seem to be
> getting anywhere. I'll be using Mint 11 I think.
>
>
>
> _______________________________________________
> ChristianSource FSLUG mailing list
> Christiansource at ofb.biz
> http://cs.uninetsolutions.com
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://ofb.biz/pipermail/christiansource_ofb.biz/attachments/20141015/0c928be7/attachment.htm>

More information about the Christiansource mailing list