One NIC NAT
For years I had been content with a 28.8k dial-up connection from my home system to a modem on my computer at work--it was free. The cost of DSL in my area was a little too high for me until competition from the local cable provider brought it down to what I was willing to pay. DSL is great, and because I like to telecommute from home, the extra bandwidth really helps. Also, now that I'm connected full time, I can access my home computer from work as well. Getting DSL working on my Red Hat 8.0 system (rp-pppoe) was only a matter of a few simple clicks.
Then, my wife announced her workplace finally established a Web interface to the MS Exchange mail server. Great, I thought, she can fire up Mozilla on my Linux box and check her work e-mail from home. But when we tried to do that, it was no go. Netscape didn't work either, nor did Konquerer with an IE personality. Okay, I thought, this still isn't a problem--I've got CrossOver Office. So I upgraded IE to version 6, but I still couldn't get to her e-mail. The only thing that would work was IE running on Windows; you've got to love those proprietary protocols.
My wife's laptop runs Window 98, but after installing the SBC DSL software on another Windows machine, I really didn't want to waste time doing another installation again. I also didn't want to run Windows on an exposed network.
IP masquerading/NAT (network address translation) came to mind, of course, but my desktop system is based on a VIA M9000 Mini-ITX board. It has an on-board NIC but only one PCI slot, which I use for a TV/FM tuner card. The on-board NIC was used for my DSL, so where could I put a second NIC?
Because I maintain some Linux-based router/firewall systems as well as some multi-homed servers, it occurred to me that setting up IP masquerading on an aliased interface on my one NIC might work. It did, and it was simple to do. Here's how.
I connected the DSL modem to a 4-port hub (no uplink port) using a reversing cat5 cable. Then, I connected my Linux desktop and the laptop to the hub with normal cat5 cables. The diagram above shows how I connected everything.
Below is the script I use to enable masquerading after my DSL connection is established and my firewall script has been run.
# ------------------ begin nat.sh ----------------- #!/bin/sh ## script to enable masquerading ## must be run as root after the DSL connection is up ## usage: sh nat.sh # # bring up alias interface eth0:0 : ifconfig eth0:0 192.168.1.1 netmask 255.255.255.0 \ broadcast 192.168.1.255 up # Next, an iptables rule to enable masquerading: iptables -t nat -I POSTROUTING -o ppp0 -j MASQUERADE # Finally, enable ip forwarding: echo 1 > /proc/sys/net/ipv4/ip_forward # An optional rule to allow the laptop to talk to # the desktop (otherwise denied by my firewall script) for ssh & samba iptables -I INPUT -s 192.168.1.2 -d 192.168.1.1 \ -j ACCEPT # ------------------ end nat.sh -----------------
The Windows 98 laptop has a static IP address of 192.168.1.2, a gateway of 192.168.1.1 and the DNS server addresses of my ISP. I obtained the DNS addresses from /etc/resolv.conf after my DSL connection was up; they don't change.
That's it! Internet access for my home network with only a hub and a couple of patch cables.
Lon Jones has been doing UNIX/Linux/network support at the University of Arkansas at Little Rock since 1983. Anyone out there remember CROMIX or Eunice? His other interests include blacksmithing, jewelry making, woodworking and sailing.
|Red Hat Enterprise Linux 7.1 beta available on IBM Power Platform||Jan 23, 2015|
|Designing with Linux||Jan 22, 2015|
|Wondershaper—QOS in a Pinch||Jan 21, 2015|
|Ideal Backups with zbackup||Jan 19, 2015|
|Non-Linux FOSS: Animation Made Easy||Jan 14, 2015|
|Internet of Things Blows Away CES, and it May Be Hunting for YOU Next||Jan 12, 2015|
- Red Hat Enterprise Linux 7.1 beta available on IBM Power Platform
- Designing with Linux
- Wondershaper—QOS in a Pinch
- Getting Started with PiTiVi
- Video Production 101: Making a Movie with Kdenlive
- Ideal Backups with zbackup
- Internet of Things Blows Away CES, and it May Be Hunting for YOU Next
- Slow System? iotop Is Your Friend
- New Products
- 2014 Book Roundup
Editorial Advisory Panel
Thank you to our 2014 Editorial Advisors!
- Jeff Parent
- Brad Baillio
- Nick Baronian
- Steve Case
- Chadalavada Kalyana
- Caleb Cullen
- Keir Davis
- Michael Eager
- Nick Faltys
- Dennis Frey
- Philip Jacob
- Jay Kruizenga
- Steve Marquez
- Dave McAllister
- Craig Oda
- Mike Roberts
- Chris Stark
- Patrick Swartz
- David Lynch
- Alicia Gibb
- Thomas Quinlan
- Carson McDonald
- Kristen Shoemaker
- Charnell Luchich
- James Walker
- Victor Gregorio
- Hari Boukis
- Brian Conner
- David Lane