How to Build a Gentoo Linux Router

1. configure the kernel
   1. emerge kernel source
   2. cd /usr/src/linux
   3. run this bash script to set all of the options for iptables
   4. choose the appropriate options for your hardware. When choosing drivers for the nic's it is better to choose modules, rather than building into the kernel.
   5. compile the kernel and modules. This is a convient command for doing this:
      make; make modules; make modules_install
   6. copy bzImage to /boot and reconfigure lilo:
      1. cp /arch/i386/bzImage /boot/kernel.router
      2. open /etc/lilo.conf in a text editor, and add this section:
         image=/boot/kernel.router
         label=GentooRouter
         root=/dev/hda1
         
      3. note that root=/dev/hda1 maybe be different in your lilo.conf. It is best to edit copy paste another lilo entry, and change image=Whatever to image=/boot/kernel.router and label=Whatever to label=GentooRouter
      4. change the line default=Whatever to default=GentooRouter
      5. run lilo
      6. reboot the computer
   7. compile and test iptables:
      emerge -v iptables
      /etc/init.d/iptables start
      At this point iptables should start, and you are done with the kernel. The output from the previous command should look like:
      * Caching service dependencies ... [ ok ]
      * Not starting iptables. First create some rules then run:
      * /etc/init.d/iptables save
      If iptables gives another error message then you probably have something missing in the kernel.
   8. stop iptables, and remove it from the start up scripts, if it was put there by an overzelious emerge. It is important that iptables does not run while the dhcp server, and LAN are being tested.
      • cd /etc/init.d
      • ./iptables stop
      • rc-update del iptables
2. configure the network
   • cd /etc/conf.d
   • open net and configure it similar to this for a static wan ip:
     config_eth0=( "70.88.61.53 broadcast 70.88.61.255 netmask 255.255.255.252" )
     routes_eth0=( "default via 70.88.61.54" )
     config_eth1=( "192.168.200.1 netmask 255.255.255.0 broadcast 192.168.200.255" )
     
   • or this for a dynamic wan ip:
     config_eth0=( "dhcp")
     config_eth1=( "192.168.200.1 netmask 255.255.255.0 broadcast 192.168.200.255" )
     
   • note that eth0 is the interface to the WAN and eth1 is the interface to the LAN. This example deals with a static WAN IP.
3. connect eth1 to another computer with a cross over cable, or two cat 5 cables and a switch. Start eth0, and eth1 with:
   • /etc/init.d/net.eth0 start
   • /etc/init.d/net.eth1 start
4. !!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!
   Some vendors install an extra cat-5 port in their switchs / hubs. It is sometimes labled "uplink". Do not put anything into the "uplink" socket. If you do, it will prevent that item from communicating with any other items in the switch, and can cause the item to drop packets on other ports, or go into a kernel panic.
5. give the other computer a static address, in the same subnet as eth1, in the example this is 192.168.200.000, and the test if the two computers can ping each other. Of course the two computers can't have the exact some address, so in the example, you would need to choose an address other than 192.168.200.1. If the computers can ping each other go to the next step. If they can't ping each other, then there is a problem somewhere which you must fix, before you can go further.
6. !!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!
   Some vendors send their cable modems with "smooth" connector cables. These are very convenient for sliping on and off of modems, but they are very unstable. In the process of moving cables and switches around, the slightest jar will disconnect this type of cable. I strongly recommend that you use only the screw type connectors.
7. connect eth0 to the cable modem, and try to ping something. If the cable modem has an ip, try to ping that. If not then try to ping 66.94.234.13, which is yahoo.com.
   
8. After the ping test have been passed, the next step is to install a dhcp server. I like dhcpcd:
   emerge -v dhcp
   
9. open /etc/dhcp/dhcpd.conf in a text editor. It should look like this:
   
   authoritative;
   ddns-update-style interim;
   subnet 192.168.200.0 netmask 255.255.255.0 {
   range 192.168.200.2 192.168.200.100;
   default-lease-time 259200;
   max-lease-time 518400;
   
   option broadcast-address 192.168.200.255;
   option routers 192.168.200.1;
   option subnet-mask 255.255.255.0;
   option domain-name-servers 192.168.200.1;
   }
   
   
10. You will need to change the 192.168.200 to the subnet mask of your LAN
11. start the dhcp server: /etc/init.d/dhcpcd start
12. test the dhcp server, by reconfiguring the other computer on the switch, as a dhcp client, and restarting it's ethernet connection.
13. Next you need to install a name server. I like bind.
    emerge -v bind
    
14. You will need to edit /etc/bind/named.conf. Open it in a text editor. And add the LAN ip to the listen-on variable:
    listen-on { 192.168.200.1; 127.0.0.1; };
15. It is also helpful to add in zones for your LAN:
    1. a zone for the servers on your network
    2. a reverse lookup zone, for your LAN
    3. zones to prevent the most frequent advertisers from wasting your bandwidth.
16. now add the dhcp, and dns server to your start up scripts
    cd /etc/init.d
    rc-update add dhcpcd default
    rc-update add named default
    
17. Next you need to configure and start iptables. This bash script is good template. You will need to change 192.168.200, to the subnet of your lan. Alter this script and run it.
18. You now need to add the port fowarding. This bash script is a good template. Change the ip's and ports in this script, appropriately, and run the script.
19. Save the changes to iptables, /etc/init.d/iptables save, and add iptables to the startup scripts:
    cd /etc/init.d rc-update add iptables default