[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Networking

Subject: Re: Networking
From: Damion Yates <nospam [at] rd.bbc.co.uk>
Date: Nov 10 1999 10:21:26 EST

On Sat, 6 Nov 1999, Will Newton wrote:

> Damion Yates wrote:
> > If you never plan on getting more than 5 PC's connected, and cannot find
> > cheap/free thinnet then go for a 5port hub and UTP as Robert suggests.
> > Otherwise go thinnet as I've always done. I've had a number of Home
> > networks and have always enjoyed the various networking fun available.
> > Linux's masqurading is extremely useful.
>
> Here's my situation, I was wondering if anyone could put forward a simple
> solution:
>
> 2 PCs running Windows. 1 machine (mine of course :) that runs Linux/Win98
> dual boot (GTA2 purposes) (All on a 10baseT network)
>
> 1 phone line with free net access
>
> I would like to be able to get pppd running on demand from my box when
> someone tries to access the net. All the machines have 192.168.* IPs, and
> pppd is on dynamic IP. What's the best way to get my machine to route
> packets between the modem and the private network IPs?

I wrote about setting up masqurading months ago:

http://www.deja.com/=dnc/getdoc.xp?AN=496366358

You need to set each of the PC's inside to have the Linux box as the default
gateway, you then replace the output firewall rule which is normally ACCEPT
when /proc/sys/net/ipv4/ip_forward contains 1 rather than 0 (you can echo 1
in to that file to turn on gatewaying) with MASQ. This turns your box in to
a NAT style router (Network address translation). I've used ipfwadm
previously to do this on older kernels but ipchains will be what you have to
use.

The reason behind all this complexity is because almost no ISP anywhere will
allow you to have more than one IP leave your connection over the PPP link to
them. All tcp/ip packets must come from the IP that they assign you. With
NAT/Masq all gatewayed tcp/ip connections appear to come from the single IP
of the gateway, the gateway remembers which real connection returning packets
are destined for and forward them back internally.

The easiest test is to telnet to a UNIX account if you're lucky enough to
have one then type last -10 or any command that shows where you've connected
from (finger and who also do this). You'll see your incoming address as the
gateway, no matter which box inside your network you connect from. It works
invisibly and works reliably. It's impressive and better than many other
solutions I've seen. The only thing that could be better would be if ISP's
allowed you to have a small subnet, so this wouldn't be necessary.

Other solutions exist such as proxying web/mail connections, using proxy
software. This involves setting up specific proxy software for all the
different protocols that become available. Linux is ideal for this as well.

Also a similar effect to masqurading is using slirp on your gateway and
connecting separate ppp/slip connections from the Windows PC's, this would
need serial cables and more serial ports on the gateway unless you can work
out how to get windows to open a PPP connection via a normal socket
connection (like telnet). Slirp is easy to setup and if you didn't have a
LAN only serial connections at 115,200bps with several serial devices on the
Linux box, this would be a go'er.

192.168.* is fine for internal addresses, if you're interested in getting in
to this stuff, please get and try out rinetd (http://www.boutell.com/rinetd/)

So servers inside your LAN can be accessed (yet even Windows can run serving
software!).

Damion

--
Damion Yates - Damion.Yates [at] bbc.co.uk

Start your own FREE mailing list at

&copy; 2000 Microsoft Corporation. All Rights Reserved

Prev by Date: Next Meeting: Introduction to Linux November 15th
Next by Date: Free CDs for Schools
Prev by thread: Re: Networking
Next by thread: Anyone else use diald?
Index(es):
- Date
- Thread