[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sharing a Cable Modem

Tuomas Kuosmanen wrote:

On Fri, 2001-09-07 at 18:08, Bastien Nocera wrote:

The box will have to do IP Masquerade, this is
ipchains right? I think I can do ipchains.

I have that as a script on my iMac to offer masquerading to my laptop.

# install ipchains modulemodprobe ipchains
# enable IP forwarding
/sbin/sysctl -w net/ipv4/ip_forward=1 > /dev/null
# Deny all forwarding
ipchains -P forward DENY
# Forward (masquerade) to eth0 (internet) what comes from
ipchains -A forward -i eth0 -s -j MASQ

This works, or you can simply "apt-get install ipmasq" on the
masquerading machine.

First setup the networking so that the masq. machine can see outside
world (the dsl/cable modem) and also the internal network (192.168.1.X
for example, the hub), and if your masq. box has the internal network ip for example, set that as the GATEWAY on the other machines.

Right. One word of caution: I'd suggest dhcp-client instead of dhcpcd. What you do is put something in /etc/network/interfaces like:

auto eth1
iface eth1 inet dhcp

Then this will automatically get a lease on eth1.

If you really want to use dhcpcd (I've heard security trouble rumblings, maybe not a good idea), then don't put the above in /etc/network/interfaces. But you'll have to configure the ipmasq package to start after network services have been started, which is *not* the default, since otherwise dhcpcd might not start until *after* ipmasq, which will leave your networking in an inconsistent (read: *bad*) state until you fix the config and reboot. (Restarting ipmasq doesn't do it, neither does restarting networking, then dhcpcd, then ipmasq, tried lots of different combinations. Wasted about a month on this one earlier this summer!)

Then apt-get install ipmasq and it should start working. Of course one
can do it by hand also, but the ipmasq package's scripts seen to have
the nice effect of also working with dynamic ip addresses etc.

Indeed. It even auto-detects at boot-time which interface is on the internet, and configures appropriately. A very nice package.

In fact,
as I am currently without a broadband connection (aaaargh! :) my
ipmasquerading stuff works fine with a 33.6bps modem dialup on the same
machine, I just start ppp instead of configuring eth0, and things work

Right, it also auto-detects each time ppp connects/disconnects.  Very cool!

(Why don't other distros do something like this? Why is this not more widely publicized/known? It makes this task so trivially simple for Debian users!)

Of course you very likely want to tune the firewall for security if you
are on a broadband connection, but that is another topic. I have a
separate script for that purpose I run after the ipmasq thingy.

I haven't looked at this in detail, but ipmasq's firewall rules seem very conservative, and not too hard to customize. What additional restrictions do you feel need to be added?

* Yes, I dont claim to be a networking expert, but it works for me, and
maybe this was useful information for someone else :o)

Me neither. :-)


-Adam P.

GPG fingerprint: D54D 1AEE B11C CE9B A02B  C5DD 526F 01E8 564E E4B6

Welcome to the best software in the world today cafe! <http://lyre.mit.edu/%7Epowell/The_Best_Stuff_In_The_World_Today_Cafe.ogg>

Reply to: