Router:Linux - Debian: Difference between revisions

Router:Linux - Debian (view source)

Revision as of 04:52, 26 November 2015

955 bytes added , 26 November 2015

m

Formatting fix.

TomJepp

51

edits

Revision as of 15:53, 22 October 2015 (view source) TomJepp (talk \| contribs) (Add the pre-up line to the "block of IP addresses" section, too) ← Older edit		Revision as of 04:52, 26 November 2015 (view source) TomJepp (talk \| contribs) m (Formatting fix.) Newer edit →
(3 intermediate revisions by the same user not shown)
* '''eth0''' is plugged directly into your modem or ONT * '''eth1''' will be used for your LAN = Enabling IP forwarding = To tell our Linux router to actually forward traffic, you must first enable IP forwarding in '''/etc/sysctl.conf'''. Look for this section in '''/etc/sysctl.conf''': # Uncomment the next line to enable packet forwarding for IPv4 #net.ipv4.ip_forward=1 # Uncomment the next line to enable packet forwarding for IPv6 # Enabling this option disables Stateless Address Autoconfiguration # based on Router Advertisements for this host #net.ipv6.conf.all.forwarding=1 Uncomment the two lines starting with "net": # Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1 # Uncomment the next line to enable packet forwarding for IPv6 # Enabling this option disables Stateless Address Autoconfiguration # based on Router Advertisements for this host net.ipv6.conf.all.forwarding=1 Now run: sysctl -p This will reload '''/etc/sysctl.conf''' - applying our changes. = Setting up pppd = apt-get update apt-get install ~~pppd~~ppp pppoe iproute2 pppd uses several different configuration files: iptables -A INPUT -p icmp -m comment --comment "Accept all ICMP" -j ACCEPT iptables -A INPUT -i eth1 -m comment --comment "Accept all from the LAN" -j ACCEPT iptables -A INPUT -i pppoe-aaisp -m state --state RELATED,ESTABLISHED -m comment --comment "Allow return traffic" -j ACCEPT iptables -A INPUT -m comment --comment "Reject all remaining traffic" -j REJECT iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -o pppoe-aaisp -m comment --comment "Clamp MSS for traffic going via PPP" -j TCPMSS --clamp-mss-to-pmtu iptables -A FORWARD -i eth1 -o pppoe-aaisp -m comment --comment "Allow traffic from LAN -> internet" -j ACCEPT iptables -A FORWARD -i pppoe-aaisp -o eth1 -m state --state RELATED,ESTABLISHED -m comment --comment "Allow return traffic from internet -> LAN" -j ACCEPT iptables -A FORWARD -m comment --comment "Reject all remaining traffic" -j REJECT