Tuesday, March 28, 2006

Router Installation for RedHat 9

This is about my little experience when I was setup our faculty's computer as router with RedHat 9 (Linux 2.4.20-8/gcc 3.2.2). This work was done at March 2004. Why I want to write this old thing at here? I want to make a little documention about my 'old' experience so I can always read it again and remember what I have done. :D

The specification of the computer is Intel Pentium 4 2,6 GHz, RAM 1 GByte, HD 40 GByte. Here are some services that already run well on our faculty:
  • as router that connected between two networks, ie. engineering faculty network (192.168.3.0/24) and university network (192.168.1.0/24)
  • as firewall (I use iptables and masquerading). I was configured this computer to deny all of ICMP requests from outside 192.168.3.0

  • as file sharing with Samba

  • as many services provider MySQL, PostgreSQL, FTP, Apache, etc.



Here are the wins server and wins proxy configuration. With this configuration, from 192.168.3.0/24 network can explore all of microsoft file sharing services in 192.168.1.0/24 network.
  • in the /etc/samba/smb.conf file, at global section I have configured like this:
[global]
workgroup = teknik
server string = samba teknikrh9 server
hosts allow = 192.168.1. 192.168.3. 127.
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 1000
lanman auth = no
netbios name = teknikrh9
encrypt passwords = yes
unix password sync = Yes
passwd program = /usr/bin/passwd %u
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = 192.168.1.37/24 192.168.3.1/24
local master = no
security = user
syslog only = no
syslog = 0
name resolve order = lmhosts host wins bcast
time server = yes
os level = 34
wins support = yes
guest account = nobody
invalid users = root
username map = /etc/samba/smbusers
dns proxy = no
preserve case = yes
short preserve case = yes

The important parameter is 'wins support' that enable SAMBA can ack as WINS SERVER. We have tested that configuration in our network. Here are some steps that we have tried:
  1. create a file and save as as lmhost and place it at windows or WINNT directory. Here are the sample:
    192.168.3.1 teknikrh9
    192.168.1.224 xxxxxx (<- nama komputer yang akan diakses)
  2. then right click My Network Place icon at desktop, choose Properties menu
  3. right click Local Area Connection icon and choose Properties menu
  4. click Internet Protocol (TCP/IP) item and then click Properties button
  5. windows will show you a TCP/IP Properties dialog. Click Advanced... button
  6. click WINS tab, then click Add button to add WINS server
  7. enter the IP address of computer router (RH9), ie. 192.168.3.1 or 192.168.1.37
  8. then click Add button
  9. please ensure that "Enable LMHOSTS lookup" checkbox is active
  10. click "Import LMHOSTS" button
  11. choose the lmhost file from windows or WINNT directory
  12. please check for "Enable NetBIOS over TCP/IP" checkbox
  13. then click OK button, OK button, OK button... :D
  14. try to search a computer that you have write it at lmhost file

For Firewall setting, here are some configuration (iptable rules) that I have implemented :
  • /etc/sysctl.conf
    change the value of parameter below with 1
    net.ipv4.ip_forward = 1

  • Add some iptables command at /etc/init.d/network file :
    # ini untuk mendefinisikan masquerading forwading dari internet ke 192.168.1.0/24
    iptables -A POSTROUTING -j MASQUERADE -t nat -s 192.168.3.0/24 -o eth0

    # khusus untuk port 20 (FTP control) di definisikan untuk diterima
    iptables -A INPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT

    iptables -A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT

    # modul kernel ini dipanggil untuk menangani forwarding dari port data FTP
    /sbin/insmod ip_conntrack_ftp
    /sbin/insmod ip_nat_ftp

No comments: