> > I don't have access to that bible. Fortunately I'm paid to know this > stuff, and do it all the time. Here's my quick and dirty: > > Set up your eth0 to get a dhcp address from your ISP. > > Put a fixed address on eth1 of your linux machine (it does have two > network interfaces, doesn't it?) like 192.168.1.254. The netmask should > be 255.255.255.0 Don't set a gateway, your gateway and DNS servers will > be inherited from your ISP's dhcp server on eth0. > > Set a fixed IP on the Windows box of 192.168.1.1, using a netmask of > 255.255.255.0, and a gateway address of 192.168.0.254. Set the DNS > servers to your ISP's for now. (I don't do Windows, don't ask how.) > > Edit /etc/sysctl.conf and change the existing line to read: > > # Controls IP packet forwarding > net.ipv4.ip_forward = 1 > > Install a nat firewall. A nice quick one can be gotten from: > > http://people.redhat.com/mgahagan/firewall/fwiptables/RPM/noarch/fwiptables-1.0-3.noarch.rpm > > Install the rpm, If you used the IP addresses I suggested, then the > config file /etc/sysconfig/fwiptables.conf will work as is, although no > inbound traffic will be allowed at all except for traffic relating to > the outbound requests you make. You can edit the fwiptables.conf file to > allow individual ports for whatever services you desire. For instance if > you want to access your machine remotely via ssh, and host a web server, > make the TCP_ALLOW line read: > > TCP_ALLOW="22 80 443". > > When ready, run the following commands: > > # sysctl -p > # chkconfig --level 35 ipchains off > # chkconfig --level 35 iptables off > # chkconfig --level 35 fwiptables on > # service ipchains stop > # service iptables stop > # rmmod ipchains (may be unnecessary, or show an error. No problem) > # service fwiptables start > > You should now be able to ping/browse from the Windows box. > > >From this point it's up to you to configure other services (like dhcpd > on eth1 only!, named, ntpd, smtp, pop/imap, etc) as you desire, but you > can ignore those if you use the manually configured fixed IP's and tell > your machines to use your ISP's name server and mail server(s). (Might > want to list your local machines in /etc/hosts on all local machines in > this case). > > Good luck. This is probably not the purpose of this list but it took me hours and hours to figure this out (I'll admit it, I am Linux challenged) ... I have this set up at my home. I am using the Linux box for firewall and NAT (I only get 1 IP address from my ISP). Using iptables I just override the fedora settins with: ------------------IPTABLES SETUP SCRIPT----------------------------- #Disable port forwarding while we fix-up the filewall rules for NAT echo 0 > /proc/sys/net/ipv4/ip_forward #Flush all the current rules (for now at least). /sbin/iptables -F # Masquerade out eth1 /sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE # Disallow NEW and INVALID incoming or forwarded packets from eth1. /sbin/iptables -A INPUT -i eth1 -m state --state NEW,INVALID -j DROP /sbin/iptables -A FORWARD -i eth1 -m state --state NEW,INVALID -j DROP # Turn on IP forwarding echo 1 > /proc/sys/net/ipv4/ip_forward -------------------- END SCRIPT----------------------------------- eth1 goes to my DSL modem and eth0 goes to the hub so that the other computers in my home can share the internet. I setup eth0 and eth1 during the install. I did not have to make any changes to them. Note that this configuration does have some limitations. For example, it will not allow you to do FTP except in passive mode (there's an option to have IE use passive mode.) Passive mode is more secure (at least from the client side) and I believe that most ftp servers support it. This may also block some games from working. dhcp is not that much harder to setup once you figure out where the scripts are. You can go to the service app under system configuration and turn on dhcpd. Then you need to edit /etc/dhcp.conf Here's mine. It probably a little simplistic (just like my firewall) ... ----------------- dhcp.conf------------------------------------- ddns-update-style interim; max-lease-time 120; default-lease-time 120; subnet 192.168.1.0 netmask 255.255.255.0 { option routers 192.168.1.254; option subnet-mask 255.255.255.0; option domain-name "micasa.com"; option domain-name-servers 207.69.188.185, 207.68.188.186; range 192.168.1.100 192.168.1.120; } -------------------end dhcp.conf---------------------------------- I am not sure what I should put in the domain-name option so I just made something up. Also, you MUST edit the domain-name-servers option and change it the the one(s) you use. This will assign IP address in the range of 192.168.1.1xx computers. I only have a few computers hooked up to my network so I limitted the number of adress to 21-- the last line does this "range ...' If you need more just change this line.