Small Home Network

Peter de Freitas ghovs at
Sun Nov 26 02:46:37 PST 2000

On Sunday 26 November 2000 07:09, you wrote:
> Hi there I,am still a bit new to Linux but are enjoying it.
> I have two PC's on a home network. but how do I allow both PC,s to surf the
> net at once.
> What IP,s must I have in the resolv.conf file and what must my routes be.
> I still abit new to the routing commands.
> My Home network
> My ISP                 P. Nameserver
>                        S.Nameserver
> Thank you
> Ian

What I'm telling you here is how to set up IP Masquerading, which is not the 
_only_ way of doing things, but a fairly nice way, and the one I like best.

What you need is to turn on the following things in a 2.2.* kernel:
In Networking options:
 ³ ³<*> Packet socket                                                    ³ ³  
 ³ ³[ ] Kernel/User netlink socket                                       ³ ³  
 ³ ³[*] Network firewalls                                                ³ ³  
 ³ ³[ ] Socket Filtering                                                 ³ ³  
 ³ ³<*> Unix domain sockets                                              ³ ³  
 ³ ³[*] TCP/IP networking                                                ³ ³  
 ³ ³[ ] IP: multicasting                                                 ³ ³  
 ³ ³[ ] IP: advanced router                                              ³ ³  
 ³ ³[ ] IP: kernel level autoconfiguration                               ³ ³  
 ³ ³[*] IP: firewalling                                                  ³ ³  
 ³ ³[ ] IP: transparent proxy support                                    ³ ³  
 ³ ³[*] IP: masquerading                                                 ³ ³  
 ³ ³--- Protocol-specific masquerading support will be built as modules. ³ ³  
 ³ ³[*] IP: ICMP masquerading                                            ³ ³  
 ³ ³--- Protocol-specific masquerading support will be built as modules. ³ ³ 

That's all that matters to IP Masquerading, for the kernel

What you also need is 3 network interfaces.
Keep in mind you need a crossover cable to link comp-1 to comp-2
(no hub)

COMP-1 <-->  COMP-2 <--> INTERNET

Ofcourse, some people have it like this:
(requiring only 2 NICs, and a hub)

COMP-1 <--> HUB <--> COMP-2

This is a fairly bad solution, security-wise.
I don't like it.
(yes, Jesse, I know, with a switch you're not leaking packets)

You also need to get ipchains.
I forget where exactly to get it, but the kernel docs and both 
know where it is.

You also need to find out what your gateway is.

do a `route -n` on your linux box when it's online, or check the network 
properties->tcp/ip setting of your windows box.

So now you have booted into a system with a new kernel, with the right NICs 
and the right software so now what?

On comp-1, it's simple.

ifconfig eth0
route add default gw

And edit /etc/resolv.conf to have your ISP's DNS server IPs in it.

on comp-2, it's less simple.

First, find out which interface is called what.
I personally have it pretty easy since one is ISA and the other is PCI, so I 
can just check dmesg (run it as `dmesg | less`) and see which is which.

I am assuming eth0 is the one to comp-1 and eth1 is to the internet.
If doesn't work one way, swap them around.
I am also assuming your ISP doesn't condemn you to DHCP

ifconfig eth0
ifconfig eth1 $ISP_IP netmask $IP_NETMASK broadcast $ISP_BROADCAST
route add default gw $ISP_GATEWAY

That brings up your interfaces.

Now, do the following ipchains commands:

ipchains -P forward DENY
ipchains -I forward -j MASQ -s 192.468.4.0/8 -d any/0

Then to make this thing work:

echo 1 > /proc/sys/net/ipv4/ip_forward

After all this, you should have perfectly alright connections from comp-1 to 
the internet.

Also, for some protocols, there are modules in 

So if something doesn't really work, try loading those.

Hope that gets you started.

Look at the IPChains and firewall howtos as well.

Peter de Freitas

Unsubscribe: send email to lfs-discuss-request at
and put unsubscribe in the subject header of the message

More information about the lfs-dev mailing list