Hello everyone,

I am going to try on using one of my PC as a gateway linux box so that all my family members can share the same internet connection as I am using cable modem with DHCP.

What should I do if I intend to install RedHat 7.2 for the gateway box with DHCPd?

2 NIC on one PC - this box will use as a gateway
1 NIC on another PC - this box will be connected to the gateway box using direct cable connection as I need to test out first before adding a hub and other PCs.

Any advice or guide on this will be greatly appreciated :D

Cheers!

Kindest regards,
Choon

Honestly, I would recomend just getting a cable modem router. Less hassle because you gotta keep ur linux box on all the time and configure it and what not. As for your configuration, that would appear to be fine.

* I trust you have or know how to make a crossover cable.

First thing you'll want to do is see if you can even make the cable connection come up on a linux machine. If you don't have one formatted yet, you can use slackware's zipslack distribution for your pre-testing. I've used it several times for this purpose, and it works just nicely.

For slack, you can run netconfig and have it autoconfigure your network card(s). If you can get running to the point that you can actually ping the internet( ping www.yahoo.com ), you're almost set.

Decide on a IP structure for your local network. I'm partial to the 172.16.0.0 range. Set your "router"s IP to 172.16.0.1, with netmask 255.255.255.0, no default gateway. Get your nameservers from your windows settings before you get to this point. You'll want to manually type them in (to either netconfig, or /etc/resolv.conf). For first trys, I'd manually configure the other workstations, as well. IP: 172.16.0.(pick a number 2-254), Subnet: 255.255.255.0, default Gateway: 172.16.0.1, and key in the nameservers on this machine as well. (There are ways of getting around all this, but it requires a little more effort.)


The most simplest further requirement is to:
/sbin/ipchains -A forward -s 172.16.0.0/24 -d 0.0.0.0/0 -j MASQ

DO NOT USE THIS RULE ALONE FOR ANYTHING RESEMBLING PRODUCTION

This example is just to get your feet off the ground. Once you can confirm it works, pull the plug on the roadrunner connection, and read the following:

IPCHAINS-Howto http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
Firewall and Proxy Server HOWTO http://www.linuxdoc.org/HOWTO/Firewall-HOWTO.html

Enjoy... and if it breaks, you don't know me :D

edit: don't ya just hate it when you forget something....

I tried both ways..

1) Used a linux gateway box
2) Used a router

The linux box worked great!..but I needed that back so I could use it as a desktop again :)

Right now I'm using a LinkSys cable 8 port router, with 2 other 8 port switches upstairs..works great. Takes 3 minutes to configure.

It takes all of four commands to setup linux as a router using IP NAT behind a cable modem that uses DHCP.

ifconfig eth0 192.168.0.1 netmask 255.255.0.0
pump -i eth1
echo 1>/proc/sys/net/ipv4/ip_forward
ipchains -A forward -i eth1 -s 192.168.0.0/16 -d any/0 -j MASQ

Where eth1 is your DHCP assigned card for your cable modem, and eth0 is your internal NIC.

How do you do this with iptables? Anyone?

I used PMFirewall..pointman.org I think

I have a similar setup except I use OpenBSD for the firewall/gateway box instead of Linux.

Having said that, I'd offer that you may be better off using one of those home network router appliances. The only reason I recommend using an OpenBSD (or Linux or FreeBSD or...) box is if you have other requirements. For example, I have a ntp server running on my OpenBSD box to provide accurate time for the other boxes on my home network. I also run Postfix on it as my outbound SMTP server. Additionally, I wanted to learn how to set up a firewall/router using OpenBSD, and I wanted the flexibility of a generic solution. And there were some other reasons.


You don't need a big box for this purpose. I used a Pentium 200, OpenBSD 2.9 (I've since upgraded to 3.0), with 32MB of memory and a 2GB disk. During a 156kbyte/second download over my DSL line, the CPU utilization did not go over 10% (according the top command), and I had about 8MB of memory free. I picked up my box on one of the auction sites for $50, it is an old HP Vectra.

But as I said earlier, unless you have a reason to go with the homemade solution, the appliance solution may be better for you.


YMMV and all that stuff. :D

I'd highly recommend just installing the second NIC in one of your Windows workstations and running WinRoute on it. This would beat buying one of them silly hardware appliances, if you don't want to setup a Linux server at home.

Only because Internet Connection Sharing in Windows sucks. IMHO.

Originally posted by bitserve
I'd highly recommend just installing the second NIC in one of your Windows workstations and running WinRoute on it. This would beat buying one of them silly hardware appliances, if you don't want to setup a Linux server at home.

Only because Internet Connection Sharing in Windows sucks. IMHO.

Aww..that takes the fun out of it :)

If you have an extra box..put RedHat on it, it can't hurt anything - plus it will give you a lot of valuable experience and you'll also be able to run Apache..PHP..MySQL etc off of it.

When I had a linux box as the router/gateway, I also put VNC on it..and made multiple desktops/accounts for each family member - so they could use Linux from their Windows computer. Check out ltsp.org too..planning to try it soon!

Originally posted by bitserve
I'd highly recommend just installing the second NIC in one of your Windows workstations and running WinRoute on it. This would beat buying one of them silly hardware appliances, if you don't want to setup a Linux server at home....



Given the Windows record of insrecure operating systems, I would not even think of using Windows in such an application.

Why do you think the home routers are "silly"?

Originally posted by Mike the newbie
Given the Windows record of insrecure operating systems, I would not even think of using Windows in such an application.

Why do you think the home routers are "silly"?

Do you think that since the OS was written for workstations, that you can't run a decent router with IP NAT? When was the last vulnerability on windows that affected it acting as a router? Anyway, visit Tiny Software's (or checkpoint's) page and send them an email to tell them that their program isn't secure because windows isn't secure.

The silly part is paying money for an extra piece of hardware when it can be accomplished with a piece of software. I don't even get the market for these types of appliances, they are not needed. I have no idea how they're getting away with marketing them to users that don't need them. Buyer beware. IMHO.

Matt,

I agree. I use Linux at home as a router. But if you have more than one computer at your home and need to share an internet connection, and don't run UNIX on one of them, you might as well just use winroute on one of your boxes that is already running windows. No point in buying an extra shiny thing with another AC adapter.

Of course all of this is assuming the availibity of an extra NIC, as posted in choon's original message.

Originally posted by bitserve

Do you think that since the OS was written for workstations, that you can't run a decent router with IP NAT? When was the last vulnerability on windows that affected it acting as a router?

I think that an OS that runs a network function which is used by other computers needs to be a reliable, secure OS. A better question is: when will the next vulnerability be?


Anyway, visit Tiny Software's (or checkpoint's) page and send them an email to tell them that their program isn't secure because windows isn't secure.

And the point of that would be? If the OS has vulnerabilities, then everything running on the OS is at risk.

The silly part is paying money for an extra piece of hardware when it can be accomplished with a piece of software.

With those silly appliance routers you get: a router with network address translation, DHCP server, a 4-port switch, a print server, DMZ capability, auto-PPPoE login, etc., etc. You do not have to have your main PC up and running all the time, the other PCs on your network using the router do not loose their internet connection when you have to reboot your PC, the other PCs on your network using the router do not loose their connection when you turn your PC off, the router appliances do not make any fan noise, they use 1/10th the electricity of a PC, they are not prone to Windows security issues, they are reliable, etc., etc.

Please tell me how all that can be accomplished with the piece of software you mentioned. I am especially interested in how the software will function as a 4-port switch.


I don't even get the market for these types of appliances, they are not needed. I have no idea how they're getting away with marketing them to users that don't need them. Buyer beware. IMHO.

The inability to see a need does not negate the existence of that need.

Originally posted by bitserve



Matt,



I agree. I use Linux at home as a router. But if you have more than one computer at your home and need to share an internet connection, and don't run UNIX on one of them, you might as well just use winroute on one of your boxes that is already running windows. No point in buying an extra shiny thing with another AC adapter.



Of course all of this is assuming the availibity of an extra NIC, as posted in choon's original message.

I will not run any router-type application or anything having to do with networking on a windows machine.. Plus, I don't have any windows machines anyway :) There is a point in buying a home network router, if you don't want to be worried about keeping your computer online all the time .. plus they make it so easy to setup firewall rules, security etc..

Originally posted by Mike the newbie
I think that an OS that runs a network function which is used by other computers needs to be a reliable, secure OS. A better question is: when will the next vulnerability be?

And the point of that would be? If the OS has vulnerabilities, then everything running on the OS is at risk.

So you couldn't answer my question and find a vulnerability?

With those silly appliance routers you get: a router with network address translation, DHCP server, a 4-port switch, a print server, DMZ capability, auto-PPPoE login, etc., etc. You do not have to have your main PC up and running all the time, the other PCs on your network using the router do not loose their internet connection when you have to reboot your PC, the other PCs on your network using the router do not loose their connection when you turn your PC off, the router appliances do not make any fan noise, they use 1/10th the electricity of a PC, they are not prone to Windows security issues, they are reliable, etc., etc.

Please tell me how all that can be accomplished with the piece of software you mentioned. I am especially interested in how the software will function as a 4-port switch.

The inability to see a need does not negate the existence of that need.

You're obviously one of the victims of their marketing, and have very strong opinions about your mistake. Please remember that we all have different opinions before asking me to clarify mine just so that you can attack it.

Originally posted by bitserve
You're obviously one of the victims of their marketing, and have very strong opinions about your mistake. Please remember that we all have different opinions before asking me to clarify mine just so that you can attack it.
<offtopic>
You actually sound like you're a victim of marketing, just of the *other* side.
</offtopic>

One of the main things you have to consider is need. What does this need to do? Why are we doing this? Is this strictly a learning experience?

A person who's not in to computers, networking, doesn't know what a subnet is, etc, doesn't need to be adding a nic to their pc and trying to figure out how to set it up, and why it didn't work.

A Cable/DSL router install should go like this: Purchase router. Take router home. Unbox router. Unplug the big phone plug(RJ45) from the box you got from your provider and plug it into the IN on the Router. Plug another big-phone-plug cable from router to your pc, and the rest of the pcs. Plug in power, enjoy.

This is for people who like to use the Internet, not be the network.

The other choices all have their merits, it still just depends on what you need.

*nix/BSD: Use this if you know how to make stuff happen in a unix environment, have a kid who's trying to convince you X is better than Windoze, or really want to learn how all this stuff works. Yes, this does have the advantages mentioned above, bigger ones being you can configure exactly what you want to allow/disallow, and the machine is generally not going to be turned off. Of course there are drawbacks: it sucks power, it's another pc to warehouse, requires some TLC to set up. (But lets face it, we've all got these extra linux boxes because they're cool!)

Fill-in-the-blank software router: Again, this is not for newbies. Maybe some of the software is just that good, but I doubt it. You're going to have to drop a machine, stick a NIC in, and shuffle IRQs and load drivers. Now you've got a software package that probably has a nice GUI with downloadable rulesets for firewalling, maybe even some stateful packet filtering. Just remember where all those cycles are going when you or another pc on your network is playing an intensive multi-player online game.

Pick which one makes sense for the situation.

Hello everyone,

Many thanks for all your valuable inputs and advices :D

I will try on Red Hat Linux 7.2 first just to play around with it ;)

2 NIC on my gateway linux box...
eth0 - Internal network uses SMC
eth1 - External (internet) uses 3Com

1 NIC on my other PC to connect to the gateway linux box...
eth0 - 3Com

How come I get error on eth0 when I type... ifconfig? I will try to post the error here later by today or tomorrow :(

I will purchase a router after I get these all setup successfully... hopefully ;)

Again, thanks.

Kindest regards,
Choon

P.S. Merry Christmas and Happy New Year to EVERYONE :D

Originally posted by bitserve So you couldn't answer my question and find a vulnerability?

OK, here's one: http://www.theregister.co.uk/content/4/23480.html

Wait a few weeks, and there will probably be more. :D




You're obviously one of the victims of their marketing, and have very strong opinions about your mistake.

A victim of their marketing? Hardly.

I look at the requirements of the scenario, and then look at the solutions available. The solution you propose has its advantages, and it also has its disadvantages. Just as the router appliance solution, and the dedicated Linux (or OpenBSD, etc) box have their advantages and disadvantages.

I would be hesitant to call it a mistake to pick an appropriate solution. You, of course, can hold a different viewpoint.



Please remember that we all have different opinions before asking me to clarify mine just so that you can attack it

I agree that we all have different opinions, this message board would be very boring if we all agreed with each other.

I was not asking you to clarify your opinion just so I could attack it. I was just asking you to substantiate one of your assertions. I was curious how you implement a four-port switch using software alone, perhaps I would be able to learn someting new.

Originally posted by Mike the newbie
OK, here's one: http://www.theregister.co.uk/content/4/23480.html

Wait a few weeks, and there will probably be more. :D

So a linksys cable modem router or whatever will protect against this? And winroute is at all affected by this? Not. Can you not understand that?


A victim of their marketing? Hardly.

I look at the requirements of the scenario, and then look at the solutions available. The solution you propose has its advantages, and it also has its disadvantages. Just as the router appliance solution, and the dedicated Linux (or OpenBSD, etc) box have their advantages and disadvantages.

I would be hesitant to call it a mistake to pick an appropriate solution. You, of course, can hold a different viewpoint.

I agree that we all have different opinions, this message board would be very boring if we all agreed with each other.

I was not asking you to clarify your opinion just so I could attack it. I was just asking you to substantiate one of your assertions. I was curious how you implement a four-port switch using software alone, perhaps I would be able to learn someting new.

Did you even read the initial post that started this thread? Where is the mention of the need of a four port switch? Anyway, if you do need a four pourt switch, buy a four port switch, and not some device that you don't need.

Originally posted by slade
A person who's not in to computers, networking, doesn't know what a subnet is, etc, doesn't need to be adding a nic to their pc and trying to figure out how to set it up, and why it didn't work.

A Cable/DSL router install should go like this: Purchase router. Take router home. Unbox router. Unplug the big phone plug(RJ45) from the box you got from your provider and plug it into the IN on the Router. Plug another big-phone-plug cable from router to your pc, and the rest of the pcs. Plug in power, enjoy.

I would expect that it would be far simpler for them to install Internet Connection Sharing than to go to the store and have some person sell them a device that they don't need to accomplish the same thing.

Did you even read the first post that started this thread? He doesn't need a "cable/dsl router".

I'm sorry that you fell for the sales person's pitch.

Hi everyone,

This is what I get from ifconfig:

eth0 Link encap:Ethernet HWaddr 00:04:E2:04:58:15
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:12 dropped:0 overruns:0 carrier:24
collisions:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

eth1 Link encap:Ethernet HWaddr 00:01:02:8A:A6:73
inet addr:218.186.48.134 Bcast:255.255.255.255 Mask:255.255.248.0
UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1
RX packets:777715 errors:0 dropped:0 overruns:0 frame:0
TX packets:542581 errors:0 dropped:0 overruns:0 carrier:0
collisions:1500
RX bytes:1149557432 (1096.3 Mb) TX bytes:33921451 (32.3 Mb)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:356 errors:0 dropped:0 overruns:0 frame:0
TX packets:356 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:23186 (22.6 Kb) TX bytes:23186 (22.6 Kb)

How come I get the TX error for eth0?

What's that though :confused:

Thanks :D

Regards,
Choon

It should be fine..can you ping other computers on the internal network?

Originally posted by bitserve
I would expect that it would be far simpler for them to install Internet Connection Sharing than to go to the store and have some person sell them a device that they don't need to accomplish the same thing.Yes, it is technically possible to do it with ICS, but depending on the skill of the user, it may not the best option. Not to mention, the lack of firewalling tools native to Windoze...

Did you even read the first post that started this thread? He doesn't need a "cable/dsl router".Yes, I did read the first post. And I posted a response directed exactly at his question: setting up a *nix box as a firewall/router.

I'm sorry that you fell for the sales person's pitch. Again with this about the salesperson... Do you have some fear of salespeople? Perhaps you should reread my original response to you, and you'll see, that I detailed most(if not all) of the available/discussed options, and listed each's pro's/con's. I thought I was quite fair.

Two things to remember:
1) Use what works best.
2) Not everyone's a geek.

They are not useless. Windows crashes. When that happens do you think other people in the house will be happ they're internet went down.. They're IS a need for a dedicated "Box" whethere its a *nix computer, or a "router" they're is a need for one.. That way if you're computer goes down the others dont. Personally I have a cisco router at home and an asante switch. If I crash my dads pc still has internet access. I dont have to keep my computer running 24/7 and no sales person told me this... Routing from you're main work computer is a bad idea, unless somehow you're windows is completely stable, never needs to do lengthy reboots, and unvulnerable to windows viruses/vunerabilitys. If you're computer gets hacked and goes down and takes 2 days to restore everything other people in the house will be steaming mad. So yes I think its worth it. Everyone in the family can crash, have they're computers die, turn they're computers off and everyone else can still have internet access.

Okay, choon stated that he/she had two boxes and was going to set one up as an IP router between his/her internal network and his/her ISP's network using Linux.

People started suggesting that he/she use a "cable modem router" if he/she didn't want to go through the "hassle" of setting up a linux box.

Assuming that he/she didn't want to "go through the hassle of installing linux" on the second box just to get routing, the most logical thing to do would be to make the other box into a router without having to install a different OS on it. More than likely he/she would already be running Windows on the other box. Microsoft's Internet Connection Sharing works for this, is easy to set up, and comes with Windows 98SE and later. Of course, I would recommend WinRoute over ICS. WinRoute PRO even includes a packet filtering firewall, a DHCP server, and lots of other things that you don't need if you're not running any services.

Suddenly we get thrown into this tangent where people are obsessing over how their home networks are set up, and trying to sell choon a "cable modem router" which he/she doesn't need. I have nothing against sales people, but believing that they know what you need is silly.

A dedicated Windows box running WinRoute will suffice in place of a dedicated Linux bx, if you don't want to deal with installing Linux. IMHO.

Some of you are recommending that choon purchase a cable modem router (or even a cisco router), and I'm sure that he/she will take this into consideration if he/she ever "needs" to set up his/her network differently. Maybe you all should recommend makes and model numbers, if you really think you're trying to help.

Choon,

On a busy ethernet network it is normally not a big deal to get a transmit packets a day. But if you got 12 TX errors and 24 carrier errors, with no successful packets, then you probably have a termination problem. Maybe you're not using a cross over cable? Your TX errors are probably being reported in your message log, and may give a better indication as to the problem.

Hi bitserve,

Many thanks for your advice :D

FYI... I am a HE... lol

I try to do it more towards for gaining experience and learn about it. I will purchase a router when I think that I have enough *fun* and *frustration* setting all these up :(

However... currently I don't think that it is necessary for me to buy a router just because of its advantages. I just want to use what I have to learn on things that I am interested.

Once again, thanks and Happy New Year!

Kindest regards,
Choon

Choon,

Best of luck to ya, I did the exact same thing (I think many have): Set up your linux router and use that for awhile, get familiar with it, and then when you have better things to do go out and buy a Linksys :stickout:

<off-topic>
I shouldn't fall into the cable router discussion since it is not at all what you were asking, but I want to give a shout out that "Yes, a linksys cable/DSL router WOULD stop the DNS NOTIFY bug in XP, and YES this has an affect on WinRoute. The malicious NOTIFY packets wouldn't get past the linksys router (unless you proactively configured a static route to that private internal IP) and WinRoute would be toast because if someone owns your windows box, so much for WinRoute."
</off-topic>

Sorry, He-Choon... good luck and have fun with it.