There are a few ways to set up a Linux machine as route. Here is a relatively straight forward and common method. This method requires that the system use iptables for Network Address Translation (NAT).
This step by step small howto will help you to setup Linux router only in 2 minutes.
=> First enable packet forwarding
=> Next setup Network Address Translation using IPTABLES MASQUERADE targets
=> Save the changes
=> Verify everything is working
I’m assuming that your setup is as follows:
A) You are using any Linux distro
B) eth0 is internet interface (connected to router for example) and eth1 connected to your internal lan (connected to your HUB/Switch for example).
My Linux eth0 --> Internet
box eth1 --> Lan
Step # 1 Turn on ip forwarding in kernel
1) Open linux kernel configuration file (you must be a root user or use su – command to become a root user):
# vi /etc/sysctl.conf
2) Add/modify following line:
net.ipv4.ip_forward = 1
Step # 2 Restart network
# /etc/init.d/network restartOR
# service network restart
Step # 3 Setup IP forwarding and Masquerading (to act as router), you need to use NAT option of iptables as follows (add following rules to your iptables shell script) :
# iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
# iptables --append FORWARD --in-interface eth1 -j ACCEPT
Step # 4 You are done! Test it with ping or dig:
# ping your-isp.com
# dig yahoo.com
Step # 5 Point all desktop client to your eth1 IP address as Router/Gateway. Or use DHCP to distribute this information (recommended)
Step # 6 Put code described in step # 3 to script and call it from /etc/rc.local file.
inetd is referred to as the Internet Super-Server because it manages connections for several services. When a connection is received by inetd, it determines which program the connection is destined for, spawns the particular process and delegates the socket to it. First login as a root user.
FreeBSD version 5.0/6.0 or later
Newer version of FreeBSD has special start, stop, restart script, you can use this script restart inetd:
Old method (works on all variant of UNIX/Linux/BSD oses)
Once you made changes to inetd (internet super-server)configuration file (/etc/inetd.conf) you can use kill or killall command as follows to restart inetd:
# killall -HUP inetd
# kill -HUP inetd
# kill -HUP `cat /var/run/inetd.pid`
This causes the inetd program to restart and examine its configuration files. This is especially useful if you have changed the configuration settings.
- BSD start services article it explains rc.conf and other concepts related to bsd services.
Pre login banner is use for sending a warning message before authentication may be relevant for getting legal protection or just give out information to users. The contents of the specified file are sent to the remote user before authentication is allowed. This option is only available for protocol version 2. By default, no banner is displayed (if you are using latest version of Linux/UNIX then you do not have to worry about version issue).
Procedure to change OpenSSH pre login banner
1) By default sshd server turns off this feature.
2) Login as the root user; create your login banner file:
# vi /etc/ssh/sshd-banner
Welcome to nixCraft Remote Login!
3) Open sshd configuration file /etc/sshd/sshd_config using a text editor:
# vi /etc/sshd/sshd_config
4) Add/edit the following line:
5) Save file and restart the sshd server:
# /etc/init.d/sshd restart
6) Test your new banner (from Linux or UNIX workstation or use any other ssh client):
$ ssh firstname.lastname@example.org
Welcome to nixCraft Labs!
vivek@ rh3es.nixcraft.org’s password:
Please note that this feature may not work with third party ssh client such as Putty.