<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi,<br>
Is your mint "firewall" something you will be using for more than
just the gateway and VPN endpoint? If you are only using it for a
firewall/gateway, I would recommend using "PFSense" or a different
firewall distro. It will make the task of building a firewall a lot
simpler.<br>
<br>
I do not know mint well, so there may be some easier way to do it
through a GUI or something. But here are the pieces you need.<br>
<br>
I will call the Linux computer a "firewall" as that is what it will
be serving as.<br>
<br>
<b>KERNEL</b><br>
You need to tell the Linux kernel on your firewall that it is to
allow packets to forward (route) through it. We do that by changing
the value in the kernel: /proc/sys/net/ipv4/ip_forward<br>
The way to do this is through "sysctl", which seems to be in
/etc/sysctl.conf (or a file in /etc/sysctl.d) that says:<br>
net.ipv4.ip_forward=1<br>
<br>
<b>IP ADDRESSING</b><br>
Then, you need to have two different IP addresses and IP address
pools on either network interface.<br>
Typically, people use 192.168.<b>1</b>.1 or 192.168.<b>0</b>.1 for
their IP addresses. Because you are wanting to do a VPN, you should
NOT use either of these. VPNs are a little tricky, and it usually
helps to have a different IP address pool than the one you are
accessing from. So it is usually good to pick a slightly more
obscure number.<br>
<br>
So, for kicks, let's add 20 to the default number, and we will use
these on the "inside" network card and outside network card.<br>
192.168.20.1<br>
192.168.21.1<br>
<br>
<b>FIREWALL RULE (Masquerading)</b><br>
Then, you need to set up MASQUERADING on the external network card.
This is done through an IPTables rule. If you are using something
like firewallbuilder or some other firewalling thing, it may do it
for you. But it boils down to a basic line that says something
like:<br>
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br>
<br>
<b>Done:</b><br>
That is the main bit of info. It looks like a possible mint faq
could be here:<br>
<a class="moz-txt-link-freetext" href="http://thesystemmaster.com/unix/gateway_mint.php">http://thesystemmaster.com/unix/gateway_mint.php</a><br>
<br>
Setting up a VPN may be a little bit harder. I would probably use
openvpn if you can.<br>
<br>
- Tim Young<br>
<br>
<div class="moz-cite-prefix">On 10/15/2014 6:01 PM,
<a class="moz-txt-link-abbreviated" href="mailto:davidm@hisfeet.net">davidm@hisfeet.net</a> wrote:<br>
</div>
<blockquote
cite="mid:b60d06d51bdb8dcf406ed91cacfe427a.squirrel@trinity.pjlhosting.com"
type="cite">
<pre wrap="">Well, really a gateway to the gateway. I want to connect to a VPN, or at
least to a private proxy, for use in Mexico, but I want each and all of
our Internet devices to be connected through it.
I have read that it is possible to set up a Linux box to interpose itself
between the Internet, and everything on the LAN, and still provide the
devices on the LAN to communicate with the WAN. I think the article I was
reading was for a Firewall, which would be OK, but my purpose is for a
VPN.
I have installed an extra communication card with an Ethernet connector,
and the computer does recognize that it is there, and identifies it
properly, but I haven't the faintest idea how to adjust the machine to my
purposes, or what information to look for in that regard.
I've just spent several hours looking for answer, but don't seem to be
getting anywhere. I'll be using Mint 11 I think.
_______________________________________________
ChristianSource FSLUG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Christiansource@ofb.biz">Christiansource@ofb.biz</a>
<a class="moz-txt-link-freetext" href="http://cs.uninetsolutions.com">http://cs.uninetsolutions.com</a>
</pre>
</blockquote>
<br>
</body>
</html>