Re: Sharing a Cable Modem
Tuomas Kuosmanen wrote:
Right. One word of caution: I'd suggest dhcp-client instead of dhcpcd.
What you do is put something in /etc/network/interfaces like:
On Fri, 2001-09-07 at 18:08, Bastien Nocera wrote:
The box will have to do IP Masquerade, this is
ipchains right? I think I can do ipchains.
I have that as a script on my iMac to offer masquerading to my laptop.
# install ipchains modulemodprobe ipchains
# enable IP forwarding
/sbin/sysctl -w net/ipv4/ip_forward=1 > /dev/null
# Deny all forwarding
ipchains -P forward DENY
# Forward (masquerade) to eth0 (internet) what comes from 192.168.1.2
ipchains -A forward -i eth0 -s 192.168.1.2/32 -j MASQ
This works, or you can simply "apt-get install ipmasq" on the
First setup the networking so that the masq. machine can see outside
world (the dsl/cable modem) and also the internal network (192.168.1.X
for example, the hub), and if your masq. box has the internal network ip
192.168.1.1 for example, set that as the GATEWAY on the other machines.
iface eth1 inet dhcp
Then this will automatically get a lease on eth1.
If you really want to use dhcpcd (I've heard security trouble rumblings,
maybe not a good idea), then don't put the above in
/etc/network/interfaces. But you'll have to configure the ipmasq
package to start after network services have been started, which is
*not* the default, since otherwise dhcpcd might not start until *after*
ipmasq, which will leave your networking in an inconsistent (read:
*bad*) state until you fix the config and reboot. (Restarting ipmasq
doesn't do it, neither does restarting networking, then dhcpcd, then
ipmasq, tried lots of different combinations. Wasted about a month on
this one earlier this summer!)
Indeed. It even auto-detects at boot-time which interface is on the
internet, and configures appropriately. A very nice package.
Then apt-get install ipmasq and it should start working. Of course one
can do it by hand also, but the ipmasq package's scripts seen to have
the nice effect of also working with dynamic ip addresses etc.
as I am currently without a broadband connection (aaaargh! :) my
ipmasquerading stuff works fine with a 33.6bps modem dialup on the same
machine, I just start ppp instead of configuring eth0, and things work
Right, it also auto-detects each time ppp connects/disconnects. Very cool!
(Why don't other distros do something like this? Why is this not more
widely publicized/known? It makes this task so trivially simple for
I haven't looked at this in detail, but ipmasq's firewall rules seem
very conservative, and not too hard to customize. What additional
restrictions do you feel need to be added?
Of course you very likely want to tune the firewall for security if you
are on a broadband connection, but that is another topic. I have a
separate script for that purpose I run after the ipmasq thingy.
* Yes, I dont claim to be a networking expert, but it works for me, and
maybe this was useful information for someone else :o)
Me neither. :-)
GPG fingerprint: D54D 1AEE B11C CE9B A02B C5DD 526F 01E8 564E E4B6
Welcome to the best software in the world today cafe!