Friday, January 20, 2006

Linux Gateway - Connecting External FTP Servers

This is written mainly for people who want to use ftp over a Linux Gateway System.

Setting up Linux as an Internet gateway is not difficult to do. A Linux gateway allows two or more computers to use internet at the same time.

While doing so, only the gateway's IP address will be visible on the Internet. The rest of the computers will be ``hidden'' behind the gateway. This is called IP masquerading.

There are certain things that may need your attention, and I will discuss them for
linux to be used as gateway.

First of all, you need a working TCP/IP network. I assume your network is up and running, and all your machines are able to ``see'' each other.

Let me explain my scenario :

Systems in my Network -

I have two systems linux and freebsd

Linux -

(Internet)eth0 ---- 10.33.16.220 /30 ----- Gw - 10.33.16.250
(Private)eth0:1 ---- 192.168.0.10/255.255.255.0

FreeBSD -

lnc0 - 192.168.0.30/255.255.255.0 ---GW-192.168.0.10

I Need to use the freebsd in my network to connect to Internet.

This is vey simple , what you do is add the gateway of linux to freebsd
and set the ip_forward flag to 1 in Linux and mention the DNS entries
/etc/resolv.conf in Freebsd.

In Linux (Gateway)

echo "1" > /proc/sys/net/ipv4/ip_forward

Make sure this is added to /etc/rc.local so that it is set during boot.

In Freebsd

I added the below lines in /etc/resolv.conf

nameserver 192.168.0.30
nameserver 202.x.x.x < ----- Provided by your ISP

Now this will ping and should resolve domain names.

For Eg. If you ping yahoo.com in your freebsd system it will resolve to the public IP. Now the Problems you will have is with things like ftp ... From freebsd system you wont be able to ftp to External IP's We will have to load a few kernel modules using

either insmod or modprobe:

For Kernel 2.4.x which uses IPtables

I used the kernel 2.4.22-21mdk-i686-up-4GB (Mandrake - Linux Gateway)

/sbin/insmod ip_conntrack_ftp

/sbin/insmod ip_nat_ftp

Next, enable Source Network Address Translation (SNAT) so that your client machines can use the Internet transparently

I used,

#iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE

This should enable you to use external ftp server over freebsd system.

I did not have the IPtables support in kernel, so I had to recompile

Here's what I did :

#cd /usr/src/linux-2.4.22-21mdk

#make xconfig

This Will List --- Linux Kernel Configuration

- Click Network Option

Next,

- IP:Netfilter Configuration

I Selected,
y
--for -->IP tables support (required for filtering/masq/NAt)

then I ran

#make dep
#make clean

If you have enabled loadable modules support in the kernel during configuring, then you have to now execute the commands

# make modules
# make modules_install

Loadable modules are installed in the /lib/modules directory

This Worked !!!

Now I am able to connect to external FTP Servers from freebsd.


No comments: