# Setting up gentoo as a router

## Durenunde

I'm sort of new to this concept and not sure how to go about it.

What software or such should I use? I know the concept of routers and have used them but they are all purpose built cisco switches (what I have been trained in), and I want to go about setting up my own. Could anyone point me where to start please. All help is appreciated. thanks.

Duren

----------

## Supermule

Do u plan to use it as a FireWall or just a Lan/Wan router?

----------

## TheCoop

have a look at the IP-Masquerade HOWTO at the LDP, I got most of what I needed from that. Basically you need iptables, dnsmasq, masquerade support in the kernel, and luck

----------

## Durenunde

 *Supermule wrote:*   

> Do u plan to use it as a FireWall or just a Lan/Wan router?

 

I plan to use it to route on a LAN enviroment as we ran out of our private class C address that we _have_ to use because of our providers proxy server (which annoys the hell out of me), so we have made a class B private range to suit our needs only thing is we have some ftp and web folder services that need to be got at by the class B range. So a firewall isnt really necessary as its all cut off from the internet by the router(thats owned by the ISP, we use this by the way, as its a free 1mb connection for schools  :Smile: , only downside is that it blocks a truly amazing amount of sites and trying to get them to unblock something is a complete nightmare sometimes. )

So its a basic route from one network to the other.

 *TheCoop wrote:*   

> have a look at the IP-Masquerade HOWTO at the LDP, I got most of what I needed from that. Basically you need iptables, dnsmasq, masquerade support in the kernel, and luck

 

Thanks will have a look at these, *shivers* have heard about iptables... and not all of it is good, as in setting up for the first time is a nightmare for some, though something I've wanted to learn so I'll get to it as soon as I can.

Thanks for the info.

Duren

----------

## psp

I would look at the lartc (http://www.lartc.org) for ip and tc. You might also want to look at zebra - very router-ish interface to routing.

----------

## Supermule

If u really just want high conf. router/firewall and dont have time to setup IP-tables yourself then have a look at: 

http://www.smoothwall.org/

I use it intensively and its very easy to setup/admin/maintain via webinterface.

Sad it aint gentoo behind  :Smile: 

----------

## bmichaelsen

apropos webinterface:

iptables can be configured with webmin.

That a webinterface for various admin tasks (even portage!)

take a look at the Gentoo security guide Chapter 6 Firewalls ...

Greetz, Björn

----------

## WizzleyPete

I thought I'd chime in real quick.   I just set up iptables for the first time, and I would like to give you some advice to help you out as it was a nightmare for me until I picked up some pointers from others.  Knowing just a few simple things, it's extremely easy  :Smile: 

1) Compile iptables and all of the supporting filters as modules.  Compile each and every supporting filter under iptables so that if you ever want to make a rule, you're guaranteed that your installation of iptables will support it.

2) Make sure that the following is enabled:

IP: Netfilter Configuration --->

<*> Connection tracking (required for masq/NAT)

I would compile this directly into the kernel rather as a module.

3) Make sure net filtering is enabled period.  I would compile that into the kernel rather than as a module as well.

Remember to type 'emerge iptables' after recompiling your kernel with iptables support.  That will install the required front end.  Then you can simply set rules on the command line on the fly.  For example:

#iptables -P INPUT DROP

that will tell iptables to drop all incoming traffic.

#iptables -P INPUT ACCEPT

this would tell iptables to allow incoming traffic.  Unless you have told it to drop incoming traffic already, it should accept it by default as you most likely haven't set any rules yet.

#iptables -F

This will flush your tables so you can start over again.  I've had a problem with this not actually doing that, but I'm sure it's just a simple thing I haven't found out yet.  I'm doing some googling on this as we speak  :Smile: 

I would make a startup script with all of your rules in it.  Then, put it in the etc/init.d/ directory, chmod 755 /etc/init.d/iptables, and type the following:

rc-update iptables add default

Then it will a;ways configure itself automatically every time you boot up into the default runlevel.  Hope this helps  :Smile: 

James

----------

## uzik

 *Durenunde wrote:*   

> I'm sort of new to this concept and not sure how to go about it.
> 
> What software or such should I use? I know the concept of routers and have used them but they are all purpose built cisco switches (what I have been trained in), and I want to go about setting up my own. Could anyone point me where to start please. All help is appreciated. thanks.
> 
> Duren

 

If you don't need to build it yourself just goto www.freesco.org and

download their latest. You make a floppy, boot it up, set menu options

and it works.

If you want to do it yourself you should really read the IPTABLES

how to. It explains how networking is handled in the linux kernel.

If you understand what it's doing it will help you a LOT. Then once

you know how to write your script you can enable iptables in gentoo

(which isn't trivial in itself).

----------

## jimbo

Yes, I agree...Freesco would be the simplest route (no pun intended). 

I had Freesco running from floppy on a dinosaur HP Vectra 100 w/16mb RAM, headless, no hard drive/CDROM, as a company router for 2 years with no problems (until the PSU finally quit).

If anything, Freesco is a great way to put some retired hardware back to good use (find yourself an old mobo, a couple of nics, a floppy drive, PSU, and duct-tape the whole thing down to a sheet of plywood!)

----------

## fatcat.00

If you really don't need a firewall, then simply setup a box with 2 or more interfaces and set some static routes.  Very simple and reliable:

1) Turn on ip forwarding: 

```
echo 1 > /proc/sys/net/ipv4/ip_forward
```

2) Setup each interface by editing /etc/conf.d/net appropriately.

3) Add route statements in your /etc/conf.d/local.start file.  You want to add routes for each network and next hop, if necessary.  Given your description, I think you will not need to do this step

Now, as for trusting your ISP to protect you...I would never do that but I am somewhat paranoid.  I strongly suggest you look into inserting a firewall between you and the Internet, in addition to setting up the router on your interior.  

To get started with iptables, I like to use Firestarter http://firestarter.sourceforge.net, and then edit the script after it generates the initial one.  Its much simpler than it sounds.  Also, there are many web interfaces for iptables (even Webmin), and even fwbuilder http://fwbuilder.sourceforge.net for more sophisticated needs.

Good Luck!

----------

