Installing and Configuring a Simple Gateway Server

Anybody that wants to learn how to install a gateway GNU/Linux server can read this tutorial. However, it assumes that the reader has some experience with GNU/Linux and it does not explain everything in details. The intended audience is the newbie GNU/Linux admins, not the newbie GNU/Linux users. So, if you have no previous experience with GNU/Linux, it will be hard to understand and to follow the instructions in the tutorial, and you have better to start with some introductory tutorials first, e.g. Introduction to Linux -- A Hands on Guide

In order to help you understand whether you can follow this tutorial easily, try to answer the following questions. If you can answer them positively, then most probably you can follow the instructions easily.

This tutorial is based on a concrete example, which will be described here. Suppose that a small organization (or company, institution, etc.) has a small network of computers and it is connected to Internet using a small router/modem. The diagram below shows how the components of the network are connected physically. The router and the computers are connected in an ethernet network by means of a HUB (which is represented in the picture by the thick line).

Figure 1. Physical diagram of the network

What we want to do is to place a GNU/Linux server between the router and the rest of the local network, so that it serves as a gateway for it. This way it can protect the network with a firewall, it can serve as a web server for the company, etc. We want to use SNAT (Source Network Address Translation, called also Masquerading ), so that the local computers can access the Internet, but they cannot be accessed from outside. However, we want to be able to access from outside the port 1972 of a database server that is in the local network. For this, we are going to use DNAT (Destination Network Address Translation, also called port forwarding ).

Another goal is to make this change in network configuration seamlessly and painlessly, so that the staff of the organization does not experience any interruption in the Internet connection, and we don't have to work all the night in order to do it. For this reason we are going to do it in two steps. First we are going to configure the server according to the following diagram:

Figure 2. First configuration of the network

In this network configuration the GNU/Linux server can perform all of its functions: gateway, web server, port-forwarding, etc. However the other computers can choose either the GNU/Linux server, or the router itself as gateway. This ensures that the Internet connection is not interrupted for the local network, during the time that the server is installed and tested. Also, the switch to the new gateway can be done gracefully, one by one, without Internet connection interruption.

Once the server is installed and tested, and once all the computers switch to the new gateway, we can change the configuration of the network as shown in the diagram below:

Figure 3. Second configuration of the network

In this configuration the local network can access the Internet only through the GNU/Linux server. However, the local computers don't need to change the gateway, it is the same as before: 10.10.3.100. The physical connection doesn't need to be changed as well: the router, the server and the local machines are still connected to the HUB, same as before.

During the configuration of the server we will take care so that we can switch instantly from the first configuration to the second configuration (we will see later how).

The minimal requirements for the GNU/Linux server are: