Linux Networking: Using Ipchains - page 6

Multiple Machines, A Single Connection

Configuring Linux as a router with NAT support is not difficult but it can be confusing. What makes the job difficult is making sure the connection to the Internet is secure. The ipchains configuration is the first step. Additional steps are required if the router is running other services such as DNS, the Apache Web server, or an FTP server.

The /etc/inet.conf file is typically used to designate how IP-based services will be started if a request comes from another computer. The telnet and FTP services can be handled using inet.conf. This article will not go into any detail oninet.conf, but online help is available.

In addition, certain services will be started when Linux boots. The Apache Web server and the DNS server, BIND, are normally started this way. By default, these services, and the ones started via inet.conf, will work with any network adapter on the computer but it is possible to configure applications to work with specific adapters. For example, the Apache Web server keeps its configuration files in /etc/httpd/conf. The httpd.conf and access.conf files control what computers and what adapters can be used with the web server. If a statement like Listen 123.45.67.89:80 is in the configuration files then the Web server will ignore other adapters, such as an Ethernet adapter connected to the Internet, and only use port 80 on the adapter associated with the IP address 123.45.67.89. The linuxconf program can be used to set up this configuration instead of dealing with the configuration files directly.

Another possible option is to set up the DNS server so it can service the local network and transparently forward Internet requests to an ISP's DNS server. This makes configuration of local workstations easier but it requires an understanding of BIND.