From: Tom Marshall <tmarshall@real.com>
To: Jaron Abbott <jaron1729@hotmail.com>
CC: debian-user@lists.debian.org
Subject: Re: @home network
Date: Fri, 4 Aug 2000 22:38:15 -0700 (PDT)
MIME-Version: 1.0
Received: from [216.234.231.6] by hotmail.com (3.2) with ESMTP id
MHotMailBB54F38400A9D820F3B9D8EAE706054D0; Fri Aug 04 22:39:16 2000
Received: (qmail 15039 invoked by uid 38); 5 Aug 2000 05:38:56 -0000
Received: (qmail 15007 invoked from network); 5 Aug 2000 05:38:55 -0000
Received: from prognet.com (205.219.198.1) by murphy.debian.org with SMTP;
5 Aug 2000 05:38:55 -0000
Received: from powertux.md.prognet.com ([172.22.102.241])by prognet.com
(8.9.2/8.9.0) with ESMTP id WAA20259;Fri, 4 Aug 2000 22:39:11 -0700 (PDT)
From bounce-debian-user Fri Aug 04 22:40:10 2000
X-Envelope-Sender: tmarshall@real.com
X-Sender: tmarshall@powertux.md.prognet.com
In-Reply-To: <F121HLJqew89TH3jTmn000011f0@hotmail.com>
Message-ID:
<Pine.LNX.4.21.0008042140520.8354-100000@powertux.md.prognet.com>
Resent-Message-ID: <rIqPb.A.0qD.wh6i5@murphy>
Resent-From: debian-user@lists.debian.org
X-Mailing-List: <debian-user@lists.debian.org> archive/latest/101690
X-Loop: debian-user@lists.debian.org
Precedence: list
Resent-Sender: debian-user-request@lists.debian.org
I just got an @home cablemodem last weekend and I've been running ipmasq
for
quite some time over a normal dialup. The short answer is that you can
connect as many computers through your service as you like, using only one
IP address, and you don't really need two ethernet cards in any of the
computers (although I highly recommend it).
First off, @home (supposedly) uses standard DHCP to assign your computer
its
net parameters (IP, gateway, netmask, DNS, and domain name). I have not
been able to get DHCP working here using either windows or linux, so I
cannot speak for their DHCP. However, I can tell you that their very first
solution to DHCP problems is to "give you your static IP address". It
seems
their DHCP service is none too reliable to start with. In practice, the
DHCP only exists to make it easier for the customer because they don't need
to remember any numbers. Just click on "automatic" and off you go. Every
customer has a preassigned IP and they will always get that same IP
assigned
by DHCP. So just use the settings from your windows box directly if you
can't get DHCP working on your linux box. Pay careful attention to the
netmask though -- 24.*.*.* defaults to 255.0.0.0 (class A) in most
software,
but they want you to use 255.255.255.0 (class C).
Now, on to the fun stuff. As you should have guessed from the above, I am
going to describe how to setup your linux box as a gateway to the net using
the @home service. If you want to continue using the windows box as the
gateway, go check out some of the windows software that is available for
this purpose. There are several free, shareware, and commercial solutions.
The most widely known is probably WinGate. But none will be nearly as
flexible or give you as much satisfaction as using linux as your gateway.
:)
I'm going to explain things in some detail so just skip over what you are
already familiar with.
Conceptually, you want a network that looks like this (view in a monospaced
font):
------
| CM |--> To the net
------
|
-------------------
| | |
----- ----- -----
| A | | B | | C |
----- ----- -----
CM is your cablemodem and A, B, C are computers on your network. This
setup
would require three IP addresses though. Not only do they charge extra for
more IP addresses, all your computers are now exposed to the net,
multiplying your security concerns considerably. Let's insert a gateway
machine here, GW, that can direct traffic between your internal network and
the real world using only one external IP address. This is called IP
masquerading or, in the more general sense NAT (Network Address
Translation):
------ ------
| GW |---| CM |--> To the net
------ ------
|
-------------------
| | |
----- ----- -----
| A | | B | | C |
----- ----- -----
For the sake of simplicity, we will assume that GW has two ethernet cards.
The one connected to the ethernet with A, B and C (call it eth0) will use a
private internal IP address and the other one (call it eth1) will use your
public @home IP address. A good IP address range to use for a private
intranet is 192.168.1.*. This is one portion of the officially designated
private intranet addressing space and you will never see these IP addresses
on the net. So we will configure eth0 on GW with address 192.168.1.1 and
the other machines with 192.168.1.2, 192.168.1.3, etc. The other card gets
your public IP (call it 172.16.10.42 for sake of explanation). So:
ifconfig eth0 192.168.1.1 netmask 255.255.255.0
ifconfig eth1 172.16.10.42 netmask 255.255.255.0
The routes to these networks should be added automatically and you can
verify by running "route -n":
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
172.16.10.0 0.0.0.0 255.255.255.0 U 0 0 0
eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
Now we need to tell the machine that our cablemodem is the gateway to The
Net, so (if .1 is your @home gateway):
route add default gw 172.16.10.1
Now your GW machine should be able to ping A, B, C, and anything on the net
by using IP addresses. Now would be a good time to update your
/etc/resolv.conf for your local @home parameters so DNS works. You will
also need to be aware of your local subdomain for configuring mail and
such.
For example, my @home mailserver is mail.sttln1.wa.home.com (my @home
domain
is sttln1.wa.home.com).
Now the masquerading. The machine GW needs to route packets from machines
A, B and C that are destined for The Net and make it appear that all the
packets are coming from GW itself. The bare minimum required to accomplish
this is to execute this command on GW:
ipchains -A forward -s 192.168.10.0/24 -d ! 192.168.10.0/24 -j MASQ
Configure the machines A, B and C with their gateway set to 192.168.10.1
and
setup their DNS, and your should be set.
Remember that I said that you don't really need two ethernet cards. If you
connect everything (including the cablemodem) to the same hub and use IP
aliasing, you can accomplish the same thing. Just substitute eth0:0 for
eth1 in the above and it should work. However, look at where your data is
travelling if you do this. From machine A to GW, then GW to CM. Each
packet travels over the same ethernet wire twice, effectively cutting your
ethernet bandwidth in half and causing many packet collisions.
Now that you have a rough overview of how this works, I strongly recommend
reading the IP masquerading HOWTO, available under
/usr/share/doc/HOWTO/en-txt/IP-Masq* on your potato system, or here:
http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO.html
I also strongly recommend looking into securing your machine by turning off
unneeded services and using ipchains to create a simple firewall. Again,
these procedures are available around the 'net.
Good luck!
On Sat, 5 Aug 2000, Jaron Abbott wrote:
> Hello,
>
> I'm wondering if anybody can help me figure out how to connect two
computers
> to one net connection (@home network). The computer I want to add is a
> Debian box (potato), the currently connected computer is a Windoze box.
I'd
> like to be able to run stuff like sshd, apache, etc. off the Debian box,
but
> I don't want to take net access away from the Windoze computer. I've
> thought about getting another NIC, so that the Debian box would have two
> NICs -- one connected to the net, the other to the Windoze box.
However, I
> have no idea how I would set something like this up, what software,
> documentation, etc. Perhaps this isn't the best solution, even if I
could
> get it to work. Any suggestions?
>
> Thanks in advance,
>
> Jaron
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
>
> --
> Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org <
/dev/null
>
>
--
Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org <
/dev/null