Re: [SLUG] dsl and linux connections

From: Paul M Foster (paulf@quillandmouse.com)
Date: Thu Mar 07 2002 - 01:36:08 EST


On Wed, Mar 06, 2002 at 09:19:44PM -0500, Michael C. Rock wrote:

> OK, now I have Earthlink dsl on my '98 box on my home network. I have a
> linux dhcp server and a linux workstation as well. All my boxes get their ip
> from my linux server.
>
> I have two nic cards in the '98. one for the dsl from the hub to eth1 and
> the other also from the hub on eth0. One gets it's ip from earthlink and
> the other from dhcp.
>
> I have tried to connect to the internet via netscape through my internal
> network without success. Do I need to install another nic card and so some
> kind of masqueraing with the earthlink ip address.
>
> I am really on new ground here so if I sound like a nut case, just say so
> but I need help either from you all or direct me to some reading material.
>

I hope I understand what you're attempting. It sounds like you're either
using your 98 box as a gateway for the rest of the network, or the 98
box is the only one that will have internet access.

If you'd like the rest of the network to have internet access, pull the
98 box out and put a Linux box in there. It's much easier to configure
for all this, and it will _simply_ allow internet access to the whole
network. And you can do it with a 486 box.

The setup would look like this:

[DSL modem]----[firewall/gateway]----[hub]----[other machine]
                                       |------[other machine]
                                       |------[other machine]

You can see that the firewall needs two NICs, one pointed at the DSL
modem, and one pointed to the hub. The firewall would run a dhcp client
daemon (dhcpcd) to get its IP (static or dynamic) from Earthlink. That
would be an external IP. That's a "routable" IP, which means that
internet hosts could route traffic to it (as opposed to an internal or
non-routable IP, like 192.168.x.x). The "internal" NIC on the firewall
could get its IP from some other machine, though I'm not sure how you
set up dhcpcd to get the IP for one NIC from one source and the IP for
the other NIC from another source. Or you could run a dhcp server daemon
on the firewall. Either way, all the other NICs on the network would get
non-routable IPs from whatever dhcp server daemon is running.

Now, in order to allow your internal machines to route traffic outside
of the LAN and receive it back, you have to have IP masquerading running
on the firewall. This makes traffic originating inside the LAN look to
the internet like it's coming from your internet IP address. It also
makes traffic coming back from the internet arrive at the right machine
on the LAN. The router/firewall takes care of figuring out which packets
from the internet go to which machine. Obviously, the firewall would
also have various ipchains or iptables rules to keep malicious traffic
out and protect your network. Putting your 98 machine on the internet
without a firewall in front of it is asking to be hacked. You can
firewall a 98 machine, but it requires commercial non-free software
running on it.

Anyway, that's the theory. There is a switch to force ip masquerading on
your Linux firewall, but I forget exactly what it is. Something like:

echo 1 >/proc/net/ip_forward

or somesuch. Likewise, as mentioned elsewhere Derek and others have
iptables firewall scripts that can protect your network. These scripts
also set up masquerading.

I went long and slow on this, because you said you were on unfamiliar
ground.

HTH,

Paul



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:48:49 EDT