Linux Home Networking Overview

Goal: Make your Linux box your Internet Gateway

The following steps will point you in the right direction:

Before You Begin, you should have:

  • Your ISP's dialup phone numbers
  • Your PPP username/password for your ISP
  • The IP addresses of your ISP's DNS servers
  • Ethernet NICs installed in your Linux box and all client machines on your network and all necessary physical equipment (hubs, cables, etc.)

    Step 1: Connect Your Linux Box to the Internet
    Before you start fooling around with the other client machines on your network, you should first make sure your machine has connectivity to the Internet.

    If you are using a dial-up modem, you need to make sure that the modem is Linux compatible (check the your vendor's hardware compat list!). Remember, WinModems DO NOT work with Linux! You then need to be able to successfully dial and connect to your ISP. You can find instructions on accomplishing this in the PPP How-To at http://www.linuxdoc.org/HOWTO/PPP-HOWTO/index.html (this doc has not changed since late 1997 because nothing has changed in the Linux PPP world since then). The documentation has a section that refers to obtaining and installing the PPP daemon....it should be noted that all this software comes pre-installed on all RedHat distributions, so no downloads should be necessary. When you complete setup, you should be able use Netscape or any other Internet app to contact web sites, ftp sites, etc. At this point, we will assume that you have a functioning ethernet card, which I will refer to as eth0 throughout this guide.

    If you are connecting via a cable modem, DSL modem, or some other method that does require you to dial a service provider directly from your PC, you need to have 2 network cards installed in your PC. The installation of these cards is beyond the scope of this guide, however. Throughout the rest of this document, I will refer to card eth0 as the inside network card. In other words, if you have 2 cards installed, eth1 should be the card that interfaces with your ISP. Note that this does not HAVE to be the case, but I will use this scenario for the examples throughout this guide.

    Step 2: Configure Inside Hosts
    You can now configure the hosts on the inside of your computer network that will use your Linux box as their Internet gateway. The steps are fairly simple:

  • Assign the eth0 interface of your Linux box a private IP address. For this example, we will assign our eth0 an IP address of 10.0.0.254 with a netmask of 255.255.255.0. In this case, the network address for eth0 would be 10.0.0.0 and the broadcast address is 10.255.255.255. You can leave the gateway address empty. You can change these attributes by using the linuxconf configuration utility in X-Windows or by editing the file /etc/sysconfig/network-scripts/ifcfg-eth0 - which should look something like this: 

    DEVICE=eth0
IPADDR=10.0.0.254
NETMASK=255.255.255.0
NETWORK=10.0.0.0
BROADCAST=100.255.255.255
ONBOOT=yes
    You can then put your changes into effect by issuing the command /etc/sysconfig/network-scripts/ifdown eth0 and then /etc/sysconfig/network-scripts/ifup eth0 or by rebooting your machine.

  • You can now re-configure the TCP/IP settings on your client computers (For Windows Machines: Control Panel->Network and highlight TCP/IP->EthernetCardModel, click on the properties button). Give the PC an IP address from 10.0.0.1 to 10.0.0.253 with a netmask of 255.255.255.0. Set the gateway address to the IP address of the eth0 interface on your Linux box, which you just configured. Set the DNS servers to the IP addresses of your ISP's DNS servers. Reboot the machine. You should now be able to contact your Linux box from your client PCs by issuing the "ping 10.0.0.254" command at the DOS prompt, which should give you an output like this: 
    Pinging 10.0.0.254 with 32 bytes of data:
Reply from 10.0.0.254: bytes=32 time=1ms TTL=255
Reply from 10.0.0.254: bytes=32 time<10ms TTL=255
Reply from 10.0.0.254: bytes=32 time<10ms TTL=255
    If you get something like this, you should go back and check your setting on your Linux box and client PCs:

    Pinging 10.0.0.253 with 32 bytes of data

Request timed out.
Request timed out.
Request timed out.
Request timed out.
    If you get successful pings from all hosts, you are now ready to move on.

    Step 3: Setup Masquerading
    IP Masquerading is the technology that allows the inside hosts on your network to connect to the outside world through your Linux box. You can read about IP Masquerading in the IP Masq-HowTo at http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO.html. The How-to gets into a lot of detail about IP Masq setup, kernel modules, etc. - most of which is a bit complex. The good news is that IP Masquerading is enabled by default in the kernel shipped with most Linux distributions, including RedHat and Mandrake. Since this is enabled by default, all you really have to do is run a simple script to initialize the IP Masq settings. You can find additional details at this site: http://www.indyramp.com/masq/

  • First, make sure that IP Forwarding is turned ON for your system. You can enable IP forwarding by making sure that FORWARD_IPV4 flag is set to true in the /etc/sysconfig/network file, e.g.: 
                       
NETWORKING=yes
FORWARD_IPV4=true
HOSTNAME=host.localdomain
DOMAINNAME=localdomain
GATEWAY=10.0.0.100
GATEWAYDEV=eth0
    You can also enable IP forwarding by checking the "Enable IP Forwarding" (or similar) box in linuxconf.

  • Now, it's time to make the magic happen. You must run an IP Masq initialization file every time you reboot the machine. Here is a configuration file that you can use if you have assigned your internal machines addresses in the 10.0.0.* IP range. You can place this file in the /etc/rc.d/init.d directory and create symbolic links to it at each in the rc.d directories for each major run level, e.g.: 
    cd /etc/rd2.d
ln -s /etc/rc.d/init.d/rc.firewall S92firewall
cd /etc/rd3.d
ln -s /etc/rc.d/init.d/rc.firewall S92firewall
cd /etc/rd5.d
ln -s /etc/rc.d/init.d/rc.firewall S92firewall
  • You can test your configuration by running the rd.firewall script by hand for the first. time: 
    /etc/rc.d/init.d/rc.firewall start
    If you don't have dial-on-demand enabled, dial up to the Internet now. Now, your attempt to access the Internet from one of your internal machines should be successful!