Small Home Network

Peter de Freitas ghovs at ghovs.moo.ca
Sun Nov 26 02:46:37 PST 2000


On Sunday 26 November 2000 07:09, you wrote:
> Hi there I,am still a bit new to Linux but are enjoying it.
> I have two PC's on a home network. but how do I allow both PC,s to surf the
> net at once.
>
> What IP,s must I have in the resolv.conf file and what must my routes be.
> I still abit new to the routing commands.
>
> My Home network 192.168.4.101
>                 192.168.4.102
>
> My ISP                 196.25.1.1          P. Nameserver
>                            196.154.16.1      S.Nameserver
>
> Thank you
>
> Ian


What I'm telling you here is how to set up IP Masquerading, which is not the 
_only_ way of doing things, but a fairly nice way, and the one I like best.

What you need is to turn on the following things in a 2.2.* kernel:
In Networking options:
 ³ ³<*> Packet socket                                                    ³ ³  
 ³ ³[ ] Kernel/User netlink socket                                       ³ ³  
 ³ ³[*] Network firewalls                                                ³ ³  
 ³ ³[ ] Socket Filtering                                                 ³ ³  
 ³ ³<*> Unix domain sockets                                              ³ ³  
 ³ ³[*] TCP/IP networking                                                ³ ³  
 ³ ³[ ] IP: multicasting                                                 ³ ³  
 ³ ³[ ] IP: advanced router                                              ³ ³  
 ³ ³[ ] IP: kernel level autoconfiguration                               ³ ³  
 ³ ³[*] IP: firewalling                                                  ³ ³  
 ³ ³[ ] IP: transparent proxy support                                    ³ ³  
 ³ ³[*] IP: masquerading                                                 ³ ³  
 ³ ³--- Protocol-specific masquerading support will be built as modules. ³ ³  
 ³ ³[*] IP: ICMP masquerading                                            ³ ³  
 ³ ³--- Protocol-specific masquerading support will be built as modules. ³ ³ 

That's all that matters to IP Masquerading, for the kernel


What you also need is 3 network interfaces.
Keep in mind you need a crossover cable to link comp-1 to comp-2
(no hub)

COMP-1 <-->  COMP-2 <--> INTERNET

Ofcourse, some people have it like this:
(requiring only 2 NICs, and a hub)

COMP-1 <--> HUB <--> COMP-2
             |
         INTERNET

This is a fairly bad solution, security-wise.
I don't like it.
(yes, Jesse, I know, with a switch you're not leaking packets)

You also need to get ipchains.
I forget where exactly to get it, but the kernel docs and freshmeat.net both 
know where it is.

You also need to find out what your gateway is.

do a `route -n` on your linux box when it's online, or check the network 
properties->tcp/ip setting of your windows box.

So now you have booted into a system with a new kernel, with the right NICs 
and the right software so now what?

On comp-1, it's simple.

ifconfig eth0 192.168.4.101
route add default gw 192.168.4.102

And edit /etc/resolv.conf to have your ISP's DNS server IPs in it.

on comp-2, it's less simple.

First, find out which interface is called what.
I personally have it pretty easy since one is ISA and the other is PCI, so I 
can just check dmesg (run it as `dmesg | less`) and see which is which.

I am assuming eth0 is the one to comp-1 and eth1 is to the internet.
If doesn't work one way, swap them around.
I am also assuming your ISP doesn't condemn you to DHCP

ifconfig eth0 192.168.4.102
ifconfig eth1 $ISP_IP netmask $IP_NETMASK broadcast $ISP_BROADCAST
route add default gw $ISP_GATEWAY

That brings up your interfaces.

Now, do the following ipchains commands:

ipchains -P forward DENY
ipchains -I forward -j MASQ -s 192.468.4.0/8 -d any/0

Then to make this thing work:

echo 1 > /proc/sys/net/ipv4/ip_forward

After all this, you should have perfectly alright connections from comp-1 to 
the internet.

Also, for some protocols, there are modules in 
/lib/modules/kernelversionhere/net/somewhere

So if something doesn't really work, try loading those.

Hope that gets you started.

Look at the IPChains and firewall howtos as well.

rgds,
Peter de Freitas

-- 
Unsubscribe: send email to lfs-discuss-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message




More information about the lfs-dev mailing list