How to setup Linux as a router for DSL, T1 line etc

last updated in Categories Howto, Iptables, Linux, Networking, RedHat/Fedora Linux, Tips, Ubuntu Linux

There are a few ways to set up a Linux machine as route. Here is a relatively straight forward and common method. This method requires that the system use iptables for Network Address Translation (NAT).

This step by step small howto will help you to setup Linux router only in 2 minutes.

Configuration steps

=> First enable packet forwarding
=> Next setup Network Address Translation using IPTABLES MASQUERADE targets
=> Save the changes
=> Verify everything is working

I’m assuming that your setup is as follows:
A) You are using any Linux distro

B) eth0 is internet interface (connected to router for example) and eth1 connected to your internal lan (connected to your HUB/Switch for example).

My Linux   eth0  --> Internet
box       eth1  --> Lan

Step # 1 Turn on ip forwarding in kernel

1) Open linux kernel configuration file (you must be a root user or use su – command to become a root user):
# vi /etc/sysctl.conf

2) Add/modify following line:
net.ipv4.ip_forward = 1

Step # 2 Restart network
# /etc/init.d/network restartOR# service network restart

Step # 3 Setup IP forwarding and Masquerading (to act as router), you need to use NAT option of iptables as follows (add following rules to your iptables shell script) :
# iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
# iptables --append FORWARD --in-interface eth1 -j ACCEPT

Step # 4 You are done! Test it with ping or dig:
# ping your-isp.com
# dig yahoo.com

Step # 5 Point all desktop client to your eth1 IP address as Router/Gateway. Or use DHCP to distribute this information (recommended)

Step # 6 Put code described in step # 3 to script and call it from /etc/rc.local file.

FreeBSD How to restart inetd service / daemon

last updated in Categories FreeBSD, Networking, Sys admin, Tips

inetd is referred to as the Internet Super-Server because it manages connections for several services. When a connection is received by inetd, it determines which program the connection is destined for, spawns the particular process and delegates the socket to it. First login as a root user.

FreeBSD version 5.0/6.0 or later

Newer version of FreeBSD has special start, stop, restart script, you can use this script restart inetd:

#/etc/rc.d/inetd restart

Old method (works on all variant of UNIX/Linux/BSD oses)
Once you made changes to inetd (internet super-server)configuration file (/etc/inetd.conf) you can use kill or killall command as follows to restart inetd:

# killall -HUP inetd

OR

# kill -HUP inetd

OR

# kill -HUP `cat /var/run/inetd.pid`

This causes the inetd program to restart and examine its configuration files. This is especially useful if you have changed the configuration settings.

See also:

  • BSD start services article it explains rc.conf and other concepts related to bsd services.

How to force sshd server to display login banner before login (change the ssh server login banner)

last updated in Categories Debian Linux, FreeBSD, Gentoo Linux, Howto, Linux, Networking, OpenBSD, RedHat/Fedora Linux, Security, Tips, Ubuntu Linux, UNIX

Pre login banner is use for sending a warning message before authentication may be relevant for getting legal protection or just give out information to users. The contents of the specified file are sent to the remote user before authentication is allowed. This option is only available for protocol version 2. By default, no banner is displayed (if you are using latest version of Linux/UNIX then you do not have to worry about version issue).

Procedure to change OpenSSH pre login banner

1) By default sshd server turns off this feature.

2) Login as the root user; create your login banner file:

# vi /etc/ssh/sshd-banner

Append text:
Welcome to nixCraft Remote Login!

3) Open sshd configuration file /etc/sshd/sshd_config using a text editor:

# vi /etc/sshd/sshd_config

4) Add/edit the following line:

Banner /etc/ssh/sshd-banner

5) Save file and restart the sshd server:

# /etc/init.d/sshd restart

6) Test your new banner (from Linux or UNIX workstation or use any other ssh client):

$ ssh vivek@rh3es.nixcraft.org

Output:
Welcome to nixCraft Labs!
vivek@ rh3es.nixcraft.org’s password:

Please note that this feature may not work with third party ssh client such as Putty.