Setting up a dhcp, firewall/router, and samba server

[force5]

Hello, I was given a project of getting a RedHat 9 server set up as a dhcp server, a samba server, eventually an apache server, and also to act as a firewall/router. This is a very small office environment with only 6 windows' boxes and 1 RedHat 9 server. The server has 2 interfaces, eth0 and eth1. eth0 is set static with the IP that their ISP gave them and it is connected directly to the DSL modem. eth1 is connected to the LAN and I set it static to 10.10.10.1. This eth1 is currenly handling dhcp successfully. The bad thing is, I can't seem to get the Internet to work on the server or the LAN. I have started on troubleshooting the iptables and I THINK I have everything set right. I even tried to ALLOW all traffic on eth0 but that did not fix the problem. I can ping everywhere inside the LAN, but nothing on the outside. Any input would be greatly appreciated or even if you could point me to some good reference material. I have already read tons of man pages and other "google" stuff.

Thanks

Force5

 

[ericbrunson]

The iptables is secondary to the routing. Is the server set up to act as a router (ip forwarding set to on)? Are each of the clients set to use the server as their default route?

I'd recommend using some sort of fw admin package to set up the firewalling. I'm fond of fwbuilder (on sourceforge.net), but there are many people who recommend Jay's firewall or IPCops.

Putting services like apache directly on your firewall will probably draw criticism. I run my firewall on a 333Mhz P1, if you have something else laying around.

 

[force5]

Mr. ericbrunson...you are always quick with a reply. Thanks greatly!!
I will look into those programs. This company is tight with $$$ so I am not sure they would be open to a seperate server but I can surely recommend it!
I will touch base later, I have another ? for you.

Thanks again

Force5

 

[thedaver]

Force5, I will send you a computer to be a firewall if you'll pay the cost of shipping!!! Cmon, somebody's gotta have Pentium I-II with 166Mhz and 64MB+ of RAM around. That's probably a doorstop or the thing under the pile of filing boxes in the closet. Linux can run a firewall on such a box!

Hosting Solutions for Home or Business.

http://www.surfinbox.com/hosting/

 

[force5]

Thanks thedaver! What are the specifications of the box that you are offering to give me? They may take you up on it! I have convinced them to purchase a seperate server to run the webserver ONLY on. So that is taken care of. So that leaves me with their old system and I need it to do the following:
--Serve as a firewall of a 6 PC LAN
--Serve as a router
--Serve as a dhcp server <which it is already doing>
--Run Samba Services

 

[Castor66]

Have a look on eBay as well. I saw 10 x Dell GX1 PIII 600Mhz, 256MB, 6.4GB HDD for UKP400! There are loads of offers on exceptionally cheap units which are ideal to run something like Smoothwall and do low-end web-serving.

 

[thedaver]

Force5, I'm sorry but I wasn't entirely serious about giving away machines. Castor66 is right in recommending Ebay as a parts/PC depot. Frankly, Dell is selling $400 PC's with a monitor right now.

The meat of this discussion should be that:

FIREWALL PC:
Run a firewall (routing) tool such as Jay's Firewall, etc.
Run DHCP on the PRIVATE FACING INTERFACE ONLY!!!!!!

OTHER PC/SERVER:
Run EVERYTHING else you need on another machine that is on your private network and protected from the world by your firewall router.


You raise your risks of hack and/or network performance hits by running services (Apache, Samba) on your Firewall PC.




Hosting Solutions for Home or Business.

http://www.surfinbox.com/hosting/