This is a quick intro in setting up Linux as a router. It is based on the SUSE installation described here, but should, possibly with some modifications, apply to other Linux distributions and versions as well.
This page is no longer maintained - but the information might still be helpful if you're struggling whit a SUSE Linux and want it to route. The Debian configuration described here is more recent, and more accurate
You need some hardware : a personal computer that will become the router. It will need to have at least 2 network adapters : one to connect to each network (or host) you want to route to.
Prepare the PC if it is not yet in working order. Put in 2 Network cards (labeled eth0, eth1). If the network cards are not PCI cards (i.e. you're working with truely old material) you may need to configure them so that the 2 of them use different IRQ's and I/O addresses. You'll need to search for a configuration tool or set jumpers. Write down which card has what IRQ and I/O base address : you'll need that. You don't need to do that with PCI cards, they will configure themselves at system boot and report their settings to the operating system so you don't need to know the settings.
Install Linux. Choose a custom setup so that you can limit the installation to a basic system. You only need text mode, no graphical desktop and all that. You can always add stuff later if you left them out in the original installation. You may also do a complete installation, but then you'll have a lot of ballast - and your old pentium at 75 Mhz (or even a 486?) with only 16 or 32 MB RAM might have trouble, especially to run graphical applications. It's up to you.
see also :
When installing Linux, the setup program detects one NIC, and lets you install a driver (a module) for it. Of course, you need the other NICs installed as well. You can do this with a setup tool such as YAST. The problem, however, is that the NICs will be detected in a certain order, and their names will (eth0, eth1, ...) will be attached in that order, so when the cards are detected in a different order, the names switch. That means that e.g. eth0 now is the interface to the internal network, instead of to the internet. That completely screws up the routing tables, and your router is useless.
What you want is to load the drivers so that you load them for a specific card and set the right name for it. This can usually be done by referring to the NIC's IRQ and/or I/O base address. So this is where disabling plug and play, and setting the IRQ and I/O base address to a known value (see hardware setup) pays off.
edit etc/modules.conf to have entries like the following :
alias eth0 3c509 alias eth1 3c509 options eth0 -o 3c509_0 irq=9 io=0x280 options eth0 -o 3c509_0 irq=10 io=0x300
3c509 is the name of the module (driver), while the values for irq and iobase should match the respective NIC's IRQ and I/O base address.
If this does not work (and it might not ... ) you can workaround by accepting the order in which linux detects the network cards : by MAX address; from low to high. So the NIC with the lowest mac address will be eth0, eth1 will be the next higher one, and so on. This works fine until you replace a card : then the order my get screwed up and you'll have to re-configure your system.
see also : Linux Networking Howto : multiple ethernet cards
etc/rc.config is a system-wide configuration file, it sets a number of important parameters. Edit this file, make sure to contain the following entries :
Here, You can also set parameters like KBD_NUMLOCK="yes" (or "no"), if you like, or names and addresses of DNS servers, proxy servers, ... , should you need them, load a mouse driver, and so on. YAST (or the setup tool for your system) may have created most entries already.
This is the first script to be executed by the system, and determines the runlevel the machine will boot to. Knowing the run level will come in handy when you need to add scripts that you want executed when entering or leaving that runlevel.
we assume the network will look something like this :
ifconfig can be used to configure network interface cards (set IP addresses, network masks, modes, IRQ, I/O base address, etc). To attach a static IP address to each of the NIC's, do the following :
ifconfig eth0 10.0.0.254 netmask 255.255.255.0 ifconfig eth1 10.0.1.254 netmask 255.255.255.0 ifconfig
Usually, ifconfig of the network cards is done while installing the Linux operating system, and the entries can be found in etc/rc.config, so you may not need this. Once it's done the configuration is saved, so you only need to do this once.
You now have a working Linux system. All that's left to do is tell it to route.
The routing table is modified with the route command, like this (re. man route) :
adding a route to each network (using 0.0.0.0. for any network, the internet) - the final 'route' (without parameters) will show the routing table after it has been modified.
route add -net -n 10.0.0.0 netmask 255.255.255.0 dev eth0 route add -net -n 10.0.1.0 netmask 255.255.255.0 dev eth1 route add -net -n 0.0.0.0 dev eth0 route
Likewise, deleting routes is done like this :
route del -net -n 10.0.0.0 netmask 255.255.255.0 dev eth0 route del -net -n 10.0.1.0 netmask 255.255.255.0 dev eth1 route del -net -n 0.0.0.0 dev eth0 route
And in fact that's all there's to it : your PC can now route between the 10.0.0.0/24 and the 10.0.1.0/24 network. For more than 2 networks, just repeat all steps for a 3th network card and add the relevant routes.
Don't forget to adjust the network settings (IP addresses, default router, ...) on the hosts in the kids' LAN.
To Do : put stuff here about allowing remote access by root
For remote control, we simply allow telnet sessions. We therefore enable telnet in /etc/xinetd.conf and /etc/xinetd.d/telnet (file locations may vary with Linux distribution : Red Hat, SuSE, ...)
Any remote user can now login to the router system by telnet, but because the router is on private networks (unroutable addresses), that should be ok. It can be secured further by setting the appropriate firewall rules. Secure Shell is a better solution than telnet.
Finally, you can, if the BIOS of the router PC allows it, disconnect the monitor and key board from the PC (You'll have to adjust some BIOS settings to avoid boot error messages), and put the router somewhere out of the way. It can be left on at all times (Linux systems hardly ever crash), and you can access it remotely if you need to configure anything.
