Getting in the Fast Lane

Here's how to set up a broadband connection for your home or office LAN.
Configuration

Now that you have your card or cards set up, go ahead and boot into Linux. First, login or su as root and run the command ifconfig. You'll get a few paragraphs of information, stating the status of your network interfaces. At this point, your Ethernet interfaces (eth0, eth1) will not be listed, since you haven't configured them yet. The only interfaces listed should be the loop back interface, and anything else you have already set up.

Interfaces and Routing

What we wish to do now is set up each interface. In the case of a single Ethernet card system, issue the following command:

ifconfig eth0

replacing x.x.x.x with your specified IP address. This number is provided by your ISP (Internet service provider). Also change the eth0 to whichever interface you wish the address to be mapped to. Now, run ifconfig as root. You will see the eth0 interface listed, with all the card details and transmission statistics. If you have a second card, issue the same command, this time with eth1 instead of eth0 and the internal network IP address. For your internal network, the addresses should be in the form of 192.168.0.0, with 192.168.1.1 being the machine that is going to host the connection. In other words, all your other machines should be assigned 192.168.1.1, 192.168.1.2, 192.168.1.3, etc. These IP addresses are not publicly routed on the Internet and should not interfere with the outside world.

With the interfaces set up, it's time to set up routing. This may sound complicated, but it is quite easy once you are familiar with the route command. This command controls the flow of data between all network interfaces. The route man page gives complete details of all the intricacies of this command. For now, use this series of commands to configure routing:

route add
route add default gw
route add -net 192.168.1.0 eth1

Replace the gateway_address flag with your actual gateway machine address, also provided by your ISP. The first two commands tell the machine that the host gateway_address can be accessed directly via the eth0 interface. The third command says that the default route (0.0.0.0, any machine) should be accessed through the gateway gateway_address. The last line indicates that any machine in network 192.168.1.0 can be accessed through the interface eth1. Put these three lines and the ifconfig line above into the startup script, usually found in /etc/rc.d for Slackware or /etc/rc.d/rc.init for Red Hat. Check your documentation for your distribution.

Now set up DNS resolutions by editing the /etc/resolv.conf file to include the following lines:

domain isp.com
nameserver
nameserver

Replace isp.com with your ISP's domain, and replace x.x.x.x with your ISP's primary name server, and y.y.y.y with your ISP's secondary name server. If you don't have a secondary name server, don't worry, only one is actually needed. After you've added these lines, save the files and reboot.

When your computer is back on-line, you will be able to use your cable modem on the host machine to execute the regular Internet functions such as FTP, TELNET and visiting the WWW.

IP Masquerading

To effectively share bandwidth between computers without actual IP addresses for each computer, use internal IP addresses as discussed above. The masquerading server forwards packets from each of the client machines to the Internet and relays the packets back to the client machines. This is done quite efficiently, with little noticeable load on the server. A tool called ipfwadm is used to set up “rules” for IP forwarding and denying. The following commands should also be added to one of your startup scripts (see Listing 1), after the ifconfig and route sections:

ipfwadm -F -p deny
ipfwadm -F -a M -S 192.168.1.0/24 -D 0.0.0.0/0

The first command tells ipfwadm to change the policy for IP firewalling to deny. The second command is a little more complicated; it instructs ipfwadm to append the commands that follow, which in this case are the M, -S and -D flags. The M adds a masquerade rule, which states that all packets with a source address of 192.168.1.0 and a destination address of 0.0.0.0 (which basically means any host machine) are accepted. The /24 specifies the number of set bits in the netmask. Remember, in binary, you can only have a set or unset bit, and in netmasks, the value is always 255 or 11111111 in binary. You can also replace the 24 with the real netmask, which in this case would be 255.255.255.0. The zero in the -D rule just means that any netmask is allowed. The man page for ipfwadm for more details.

At this point, it is a good idea to restart, run all the scripts and load all the modules. If you don't want to bring the machine down, you can re-run the startup scripts and hope for the best.

______________________

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState