One NIC NAT
For years I had been content with a 28.8k dial-up connection from my home system to a modem on my computer at work--it was free. The cost of DSL in my area was a little too high for me until competition from the local cable provider brought it down to what I was willing to pay. DSL is great, and because I like to telecommute from home, the extra bandwidth really helps. Also, now that I'm connected full time, I can access my home computer from work as well. Getting DSL working on my Red Hat 8.0 system (rp-pppoe) was only a matter of a few simple clicks.
Then, my wife announced her workplace finally established a Web interface to the MS Exchange mail server. Great, I thought, she can fire up Mozilla on my Linux box and check her work e-mail from home. But when we tried to do that, it was no go. Netscape didn't work either, nor did Konquerer with an IE personality. Okay, I thought, this still isn't a problem--I've got CrossOver Office. So I upgraded IE to version 6, but I still couldn't get to her e-mail. The only thing that would work was IE running on Windows; you've got to love those proprietary protocols.
My wife's laptop runs Window 98, but after installing the SBC DSL software on another Windows machine, I really didn't want to waste time doing another installation again. I also didn't want to run Windows on an exposed network.
IP masquerading/NAT (network address translation) came to mind, of course, but my desktop system is based on a VIA M9000 Mini-ITX board. It has an on-board NIC but only one PCI slot, which I use for a TV/FM tuner card. The on-board NIC was used for my DSL, so where could I put a second NIC?
Because I maintain some Linux-based router/firewall systems as well as some multi-homed servers, it occurred to me that setting up IP masquerading on an aliased interface on my one NIC might work. It did, and it was simple to do. Here's how.
I connected the DSL modem to a 4-port hub (no uplink port) using a reversing cat5 cable. Then, I connected my Linux desktop and the laptop to the hub with normal cat5 cables. The diagram above shows how I connected everything.
Below is the script I use to enable masquerading after my DSL connection is established and my firewall script has been run.
# ------------------ begin nat.sh ----------------- #!/bin/sh ## script to enable masquerading ## must be run as root after the DSL connection is up ## usage: sh nat.sh # # bring up alias interface eth0:0 : ifconfig eth0:0 192.168.1.1 netmask 255.255.255.0 \ broadcast 192.168.1.255 up # Next, an iptables rule to enable masquerading: iptables -t nat -I POSTROUTING -o ppp0 -j MASQUERADE # Finally, enable ip forwarding: echo 1 > /proc/sys/net/ipv4/ip_forward # An optional rule to allow the laptop to talk to # the desktop (otherwise denied by my firewall script) for ssh & samba iptables -I INPUT -s 192.168.1.2 -d 192.168.1.1 \ -j ACCEPT # ------------------ end nat.sh -----------------
The Windows 98 laptop has a static IP address of 192.168.1.2, a gateway of 192.168.1.1 and the DNS server addresses of my ISP. I obtained the DNS addresses from /etc/resolv.conf after my DSL connection was up; they don't change.
That's it! Internet access for my home network with only a hub and a couple of patch cables.
Lon Jones has been doing UNIX/Linux/network support at the University of Arkansas at Little Rock since 1983. Anyone out there remember CROMIX or Eunice? His other interests include blacksmithing, jewelry making, woodworking and sailing.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Profiles and RC Files
- Maru OS Brings Debian to Your Phone
- Understanding Ceph and Its Place in the Market
- Astronomy for KDE
- OpenSwitch Finds a New Home
- Git 2.9 Released
- SoftMaker FreeOffice
- Snappy Moves to New Platforms
- What's Our Next Fight?
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide