One NIC NAT
For years I had been content with a 28.8k dial-up connection from my home system to a modem on my computer at work--it was free. The cost of DSL in my area was a little too high for me until competition from the local cable provider brought it down to what I was willing to pay. DSL is great, and because I like to telecommute from home, the extra bandwidth really helps. Also, now that I'm connected full time, I can access my home computer from work as well. Getting DSL working on my Red Hat 8.0 system (rp-pppoe) was only a matter of a few simple clicks.
Then, my wife announced her workplace finally established a Web interface to the MS Exchange mail server. Great, I thought, she can fire up Mozilla on my Linux box and check her work e-mail from home. But when we tried to do that, it was no go. Netscape didn't work either, nor did Konquerer with an IE personality. Okay, I thought, this still isn't a problem--I've got CrossOver Office. So I upgraded IE to version 6, but I still couldn't get to her e-mail. The only thing that would work was IE running on Windows; you've got to love those proprietary protocols.
My wife's laptop runs Window 98, but after installing the SBC DSL software on another Windows machine, I really didn't want to waste time doing another installation again. I also didn't want to run Windows on an exposed network.
IP masquerading/NAT (network address translation) came to mind, of course, but my desktop system is based on a VIA M9000 Mini-ITX board. It has an on-board NIC but only one PCI slot, which I use for a TV/FM tuner card. The on-board NIC was used for my DSL, so where could I put a second NIC?
Because I maintain some Linux-based router/firewall systems as well as some multi-homed servers, it occurred to me that setting up IP masquerading on an aliased interface on my one NIC might work. It did, and it was simple to do. Here's how.
I connected the DSL modem to a 4-port hub (no uplink port) using a reversing cat5 cable. Then, I connected my Linux desktop and the laptop to the hub with normal cat5 cables. The diagram above shows how I connected everything.
Below is the script I use to enable masquerading after my DSL connection is established and my firewall script has been run.
# ------------------ begin nat.sh ----------------- #!/bin/sh ## script to enable masquerading ## must be run as root after the DSL connection is up ## usage: sh nat.sh # # bring up alias interface eth0:0 : ifconfig eth0:0 192.168.1.1 netmask 255.255.255.0 \ broadcast 192.168.1.255 up # Next, an iptables rule to enable masquerading: iptables -t nat -I POSTROUTING -o ppp0 -j MASQUERADE # Finally, enable ip forwarding: echo 1 > /proc/sys/net/ipv4/ip_forward # An optional rule to allow the laptop to talk to # the desktop (otherwise denied by my firewall script) for ssh & samba iptables -I INPUT -s 192.168.1.2 -d 192.168.1.1 \ -j ACCEPT # ------------------ end nat.sh -----------------
The Windows 98 laptop has a static IP address of 192.168.1.2, a gateway of 192.168.1.1 and the DNS server addresses of my ISP. I obtained the DNS addresses from /etc/resolv.conf after my DSL connection was up; they don't change.
That's it! Internet access for my home network with only a hub and a couple of patch cables.
Lon Jones has been doing UNIX/Linux/network support at the University of Arkansas at Little Rock since 1983. Anyone out there remember CROMIX or Eunice? His other interests include blacksmithing, jewelry making, woodworking and sailing.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Chris Birchall's Re-Engineering Legacy Software (Manning Publications)
- The Italian Army Switches to LibreOffice
- Linux Mint 18
- Petros Koutoupis' RapidDisk
- ServersCheck's Thermal Imaging Camera Sensor
- Oracle vs. Google: Round 2
- The FBI and the Mozilla Foundation Lock Horns over Known Security Hole
- Privacy and the New Math
Until recently, IBM’s Power Platform was looked upon as being the system that hosted IBM’s flavor of UNIX and proprietary operating system called IBM i. These servers often are found in medium-size businesses running ERP, CRM and financials for on-premise customers. By enabling the Power platform to run the Linux OS, IBM now has positioned Power to be the platform of choice for those already running Linux that are facing scalability issues, especially customers looking at analytics, big data or cloud computing.
￼Running Linux on IBM’s Power hardware offers some obvious benefits, including improved processing speed and memory bandwidth, inherent security, and simpler deployment and management. But if you look beyond the impressive architecture, you’ll also find an open ecosystem that has given rise to a strong, innovative community, as well as an inventory of system and network management applications that really help leverage the benefits offered by running Linux on Power.Get the Guide