One NIC NAT
For years I had been content with a 28.8k dial-up connection from my home system to a modem on my computer at work--it was free. The cost of DSL in my area was a little too high for me until competition from the local cable provider brought it down to what I was willing to pay. DSL is great, and because I like to telecommute from home, the extra bandwidth really helps. Also, now that I'm connected full time, I can access my home computer from work as well. Getting DSL working on my Red Hat 8.0 system (rp-pppoe) was only a matter of a few simple clicks.
Then, my wife announced her workplace finally established a Web interface to the MS Exchange mail server. Great, I thought, she can fire up Mozilla on my Linux box and check her work e-mail from home. But when we tried to do that, it was no go. Netscape didn't work either, nor did Konquerer with an IE personality. Okay, I thought, this still isn't a problem--I've got CrossOver Office. So I upgraded IE to version 6, but I still couldn't get to her e-mail. The only thing that would work was IE running on Windows; you've got to love those proprietary protocols.
My wife's laptop runs Window 98, but after installing the SBC DSL software on another Windows machine, I really didn't want to waste time doing another installation again. I also didn't want to run Windows on an exposed network.
IP masquerading/NAT (network address translation) came to mind, of course, but my desktop system is based on a VIA M9000 Mini-ITX board. It has an on-board NIC but only one PCI slot, which I use for a TV/FM tuner card. The on-board NIC was used for my DSL, so where could I put a second NIC?
Because I maintain some Linux-based router/firewall systems as well as some multi-homed servers, it occurred to me that setting up IP masquerading on an aliased interface on my one NIC might work. It did, and it was simple to do. Here's how.
I connected the DSL modem to a 4-port hub (no uplink port) using a reversing cat5 cable. Then, I connected my Linux desktop and the laptop to the hub with normal cat5 cables. The diagram above shows how I connected everything.
Below is the script I use to enable masquerading after my DSL connection is established and my firewall script has been run.
# ------------------ begin nat.sh ----------------- #!/bin/sh ## script to enable masquerading ## must be run as root after the DSL connection is up ## usage: sh nat.sh # # bring up alias interface eth0:0 : ifconfig eth0:0 192.168.1.1 netmask 255.255.255.0 \ broadcast 192.168.1.255 up # Next, an iptables rule to enable masquerading: iptables -t nat -I POSTROUTING -o ppp0 -j MASQUERADE # Finally, enable ip forwarding: echo 1 > /proc/sys/net/ipv4/ip_forward # An optional rule to allow the laptop to talk to # the desktop (otherwise denied by my firewall script) for ssh & samba iptables -I INPUT -s 192.168.1.2 -d 192.168.1.1 \ -j ACCEPT # ------------------ end nat.sh -----------------
The Windows 98 laptop has a static IP address of 192.168.1.2, a gateway of 192.168.1.1 and the DNS server addresses of my ISP. I obtained the DNS addresses from /etc/resolv.conf after my DSL connection was up; they don't change.
That's it! Internet access for my home network with only a hub and a couple of patch cables.
Lon Jones has been doing UNIX/Linux/network support at the University of Arkansas at Little Rock since 1983. Anyone out there remember CROMIX or Eunice? His other interests include blacksmithing, jewelry making, woodworking and sailing.
- Integrating Trac, Jenkins and Cobbler—Customizing Linux Operating Systems for Organizational Needs
- New Products
- Non-Linux FOSS: Remember Burning ISOs?
- Tech Tip: Really Simple HTTP Server with Python
- EdgeRouter Lite
- RSS Feeds
- Returning Values from Bash Functions
- Cooking with Linux - Serious Cool, Sysadmin Style!