First of all:
- I'm assuming you got RedHat successfully connected to the internet and your back-end PC, if not, set that up first. (post a new thread if you need help with that.)
- The first step below can mess up your system pretty good, so be careful!
- READ! When using my example script verify that you know what each line does, if unsure: ask! When compiling the kernel, read the associated help files! I may forget a step or make a mistake. Convince yourself that you know what is going to happen before you do it.
- I am also assuming you're working from the command line and not within X. Red Hat has some GUI tools for firewalling/forwarding but I've never used them so I can't help you with that. I think they are pretty well documented however so you could give them a try. (if you do: disregard the rest of this post as it assumes you do all by hand.)
- Some rules in the above post got commented, I will edit to remove the #'s.
- Because the first step is tricky and perhaps not even necessary as RedHat may have done it for you, you could skip it, and get back to it if you can't get forwarding to work.
Ok, here goes:
Well first of all you will need to recompile the kernel most likely.
I hope your friend can help you with that as it is a tricky process.
There are some tutorials to be found on the web, but even then things can go pretty wrong.
When recompiling the kernel you will need to select IP forwarding/masquerading(NAT) to be compiled in. Read through the subchoices to determine what specific functionality applies to you.
Note: The options you need to select in the kernel configuration depends highly on your system and preferences. Make sure you compile everything your system needs into the kernel (hardware support, filesystem support etc) or your system will not boot!
The first time you do this it will take a lot of time to read through all the options' help files so be prepared for that.(1-2 hours?)
If you've got that covered (by recompiling/installing or if Red Hat has it pre-installed)
You will need to create the script I posted above.
Read through it carefully!
(remember: lines starting with a hash (#) are comments)
Make sure the PRIVATE_IF and PUBLIC_IF are defined correctly.
If you use adsl/cable your PUBLIC_IF is likely ppp0 (check with ifconfig)
Also change PRIVATE_NET to the address space you use for your LAN. ( I use 10.0.0.1 for my gateway, and 10.0.0.X for my LAN)
Replace 10.0.0.0 with your general address space. the /16 allows for all IP's between 10.0.0.0 and 10.0.255.255 to be recognized as private IP's so you can probably leave the /16 (or better: /8) for your setup.
You might want to remove the line: "#Some bastard".... and the line following. I just left it there as an example.
I've yet to use multiple-port forwarding from Outside-To-LAN so I will need to look that up, but you will need something
like this:
Code:
/sbin/iptables -t nat -A PREROUTING -p tcp --destination-port [0..79] -i $PUBLIC_IF -j DNAT --to-destination 10.0.0.3
/sbin/iptables -t nat -A PREROUTING -p tcp --destination-port [81..442] -i $PUBLIC_IF -j DNAT --to-destination 10.0.0.3
/sbin/iptables -t nat -A PREROUTING -p tcp --destination-port [444..65535] -i $PUBLIC_IF -j DNAT --to-destination 10.0.0.3
Assuming 10.0.0.3 is your back-end's IP address.
(You will notice that these three rules forward all ports to your windows machine except ports 80 (http) and 443 (https). This allows traffic to those ports te be handled by processes on the gateway. The rules need to be edited to allow the dchub to run on the gateway, but I don't know which ports that uses.)
Note: Why do you want all traffic to be forwarded to your back-end? Why not let Red Hat block any odd windows vulnerabilities by blocking traffic? All traffic initiated from within your LAN is allowed to go outside, so you can browse/download anyway. Personally I would only forward outside-to-inside the necessary ports for gaming/file-sharing/IM's and such.
That is why I put those "Dungeon Siege" lines in there, so outside gamers could connect to my server behind the firewall.
If, however you don't want to be bothered by looking up all the necessary ports and defining rules for them, then something
like the above rules should do the trick
- save the script to disk (preferably to /etc/rc.d/init.d/my_fw_script)
- execute as root:
Code:
chmod +x /path/to/filename/name_of_script
/path/to/filename/name_of_script
(first line makes the script executable, the second executes the script)
(replace /path/to/filename/name_of_script with the path and name you saved the script as)
Now you should have ip forwarding so you can access the internet from your back-end machine.
If it works so far you can make it run at boot (as the last boot-step):
execute as root:
Code:
ln -s /path/to/filename/name_of_script /etc/rc.d/rc5.d/K99my_fw_script
(this line creates a link to your script so it is executed at startup)
Note: IIRC the default runlevel for RedHat is 5. If not, change "rc5.d" to "rcX.d" replacing X with the correct runlevel.
I hope I've covered everything, if not feel free to ask (or if someone wants to add, please do!)