Use CDlinux for firewall and Internet sharing

Source: Internet
Author: User
Article title: use CDlinux for firewall and Internet sharing. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
   Why linux?
Linux is stable, secure, and has low requirements on computer hardware.
  
   What is CDlinux?
CDlinux is based on linux and runs on a CD, but it can also be installed on hard disks and USB flash drives. See http://cdlinux.berlios.de/
  
   Why should I use CDlinux?
Because CDlinux is small in size (only 20 MB hard disk space is required), it is easy to customize (the software package uses the standard tgz package), and basically has all the functions of the complete linux, theoretically, you can install any linux version of the software, and the kernel is updated very quickly (version 0.4.7 kernel is 2.4.23, version 0.4.8 kernel is 2.4.25). using it as a firewall can fully meet your needs.
  
Hardware configuration 586, 24 m memory, 40 m hard disk two NICs.
  
1. download cdlinuxfrom http://cdlinux.berlios.de. Install it on the hard disk according to the help documentation.
  
2. create the/etc/rc. d/rc. local script.
  
The content is as follows:
#! /Bin/sh
/Etc/rc. d/netshare
# Perform Nic configuration
/Etc/rc. d/firewall
# Execute the firewall script
  
3. create a/etc/rc. d/netshare script.
  
The content is as follows:
#! /Bin/sh
If [-f \ "/etc/dhcpc/dhcpcd-eth0.pid \"]; then
Rm/etc/dhcpc/dhcpcd-eth0.pid-rf
Fi
# Eth0 is the external network card, and our internet access method is dynamic IP. if not, change it ......
# Determine whether dhcpcd has been run, if yes, delete the generated dhcpcd-eth0.pid file and obtain the IP address again
Dhcpcd eth0
Ifconfig eth1 192.168.0.254
#192.168.0.254 is the internal gateway address, and eth1 is the internal Nic
If [-f \ "/etc/dhcpc/dhcpcd-eth0.pid \"]; then
Rm/etc/dhcpc/dhcpcd-eth0.pid-rf
Fi
Dhcpcd eth0
  
# In my system, it seems a little abnormal to get the ip address for the first time, so I executed it again. check the situation.
  
4. create a/etc/rc. d/firewall script.
  
Firewall scripts and iptables are very powerful, so no content is provided. you can refer to other scripts to create them.
  
  
5. delete the default user OK and modify the root password. This step is very important. otherwise ........
  
6. for version 0.4.7, replace the dhcpcd-1.3.22-pl4-cdl.tgz (with a problem running on 586cpu) with the corresponding package in version 0.4.8 (I have not tried it, I modified the package on the basis of 0.4.7. if there is any problem, simply use version 0.4.8 ).
  
Delete unused packages (required, because the memory of the sub-host is only 24 MB; otherwise, it is abnormal. don't blame me for not telling you). keep the following packages:
  
Cce-0.50-20031205-cdl.md (if you want to display and enter Chinese characters)
Dcron-2.3.3-cdl.tgz (should be retained if you want to control the firewall based on time)
Dhcpcd-1.3.22-pl4-cdl.tgz (required)
Iptables-1.2.9-cdl.tgz (required)
Kernel-modules-2.4.23-cdl.md (required)
Smbmount-samba-2.2.8a-cdl.tgz (with the network Machine sub-communication is convenient, but not conducive to safety. After the firewall is configured, we recommend that you remove it)
Ssh-1.2.33-cdl.tgz (remote management available)
System-extra-cdl.tgz (required)
  
7. the above configuration is complete. for future management convenience, make the following script:
  
#! /Bin/sh
Chmod + x/etc/rc. d/netshare/etc/rc. d/firewall/etc/rc. d/rc. local/root/net1_config
  
If [-f \ "/mnt/CDlinux/cdlinux/extra/rc. local-cdl.tgz \"]; then
Rm/mnt/CDlinux/cdlinux/extra/rc. local-cdl.tgz
Fi
# Delete the original package rc. local-cdl.tgz
  
If [-f \ "/mnt/CDlinux/cdlinux/extra/netshare-cdl.tgz \"]; then
Rm/mnt/CDlinux/cdlinux/extra/netshare-cdl.tgz
Fi
#
  
If [-f \ "/mnt/CDlinux/cdlinux/extra/root-cdl.tgz \"]; then
Rm/mnt/CDlinux/cdlinux/extra/root-cdl.tgz
Fi
  
#
  
Tar czPfc/mnt/CDlinux/CD Linux/extra/rc. local-cdl.tgz/etc/rc. d/rc. local
# Generating new package rc. local-cdl.tgz
Tar czPfc/mnt/CDlinux/cdlinux/extra/netshare-cdl.tgz/etc/rc. d/netshare/etc/rc. d/firewall/usr/local/lib
  
#
Netshare is the Nic initialization script, firewall is the firewall script, and lib is the Library Connection file =>/usr/lib (a bug in iptables of CDlinux0.4.7, which is not required in CDlinux0.4.8)
Tar czPfc/mnt/CDlinux/cdlinux/extra/root-cdl.tgz/etc/passwd/etc/shadow/root/net1_config
  
# Passwd, shadow is the password-related file after the user is modified (very important), and netappsconfig is the file itself (otherwise it will not be available next time)
  
Save it as/root/netdomainconfig
  
Execute sh/root/net1_config (after the execution, net1_config will have the executable attribute, and it will be executed next time). The program will generate the following files and place them in the hard disk cdlinux \ extra directory.
  
Netshare-cdl.tgz
Rc local-cdl.tgz
Root-cdl.tgz
  
Note: to modify any configuration file, make sure that the script is executed after the test is normal. Otherwise, the configuration file will be lost after the startup.
  
8. restart the computer to see if everything is normal.
  
Of course, like standard linux, CDlinux has far more functions than standard linux. you can also install various Agent software on it, build a powerful firewall and transparent proxy system. It is often used to maintain the system. It is up to you to decide what you use it.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.