How to make small home network with Slackware.
Oleh
chmood
Small Home Network
Let’s assume, you have
one real IP address given by your ISP and half dozen computers (like me,
hehe ;)
You can hold all you
machines behind a Linux box equipped with 2 networks cards. The box is capable
of translating your local network addresses and to mask them behind your real
IP address. This process is called Network Address Translation (NAT) and
Masquerading.
To setup a small home
network as the one in the diagram in left, you need some tools. All of them are
built in Slackware if you made full installation.
If you are not, you will
have to put them manually. All of them are placed in category N of your
Slackware installation disk or FTP, but you probably already have them. Check
if you have the following commands: ifconfig andiptables.
bash-4.1#
which ifconfig
/sbin/ifconfig
bash-4.1#
which iptables
/usr/sbin/iptables
bash-4.1#
Everything you need can
be done with them. It’s not hard at all. You need to set the real IP address to
eth1 and an address from a private network to eth0. It looks like this:
root@router:~#
ifconfig eth1 55.66.77.88/24 up
root@router:~#
ifconfig eth0 172.16.1.1/24 up
root@router:~#
ifconfig
eth0 Link encap:Ethernet HWaddr 00:14:C2:C8:F7:2D
inet addr:172.16.1.1 Bcast:172.16.1.255 Mask:255.255.255.0
...
eth1 Link encap:Ethernet HWaddr 00:30:84:0A:6B:5C
inet addr:55.66.77.88 Bcast:55.66.77.255 Mask:255.255.255.0
...
The address shown in red
here is of course … fake. Use your own real IP address on eth1. You may set the
local PCs on your network to use addresses of the range 172.16.1.2 to
172.16.1.254 with default gateway 172.16.1.1 and the same DNS settings your ISP
has given you. If you don’t know what they are, have a look in the file
/etc/resolv.conf or in your Windows control panel under Network settings (or
use ipconfig /all from Windows cmd). Check from your other computers if you can
ping 172.16.1.1. If this is okay, we move forward to the masquerading itself.
root@router:~#
iptables -t nat -P PREROUTING ACCEPT
root@router:~#
iptables -t nat -P OUTPUT ACCEPT
root@router:~#
iptables -t nat -P POSTROUTING ACCEPT
root@router:~#
iptables -t nat -F
root@router:~#
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
root@router:~#
echo 1 > /proc/sys/net/ipv4/ip_forward
...
root@router:~#
ssh [email protected]
password:
root@Desktop:~#
ping www.google.com
PING
www.l.google.com (209.85.149.104) 56(84) bytes of data.
64
bytes from ber01s02-in-f104.1e100.net (209.85.149.104): icmp_req=1 ttl=56
time=50.6 ms
64
bytes from ber01s02-in-f104.1e100.net (209.85.149.104): icmp_req=2 ttl=56
time=51.2 ms
64
bytes from ber01s02-in-f104.1e100.net (209.85.149.104): icmp_req=3 ttl=56
time=50.7 ms
64
bytes from ber01s02-in-f104.1e100.net (209.85.149.104): icmp_req=4 ttl=56
time=51.1 ms
^C
---
www.l.google.com ping statistics ---
4
packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt
min/avg/max/mdev = 50.656/50.967/51.268/0.309 ms
root@Desktop:~#
The above explained. We
create an IP table named “nat” to accept pre/post routing and output rules.
Flush the table. Set the postrouting to use as output interface eth1 and
masquerade all IP addresses as the real IP on this interface. Then set the
dynamic Kernel parameter for IP forwarding to true and login to one of the
local machines in this network we created to check if it worked. That’s it. Job
is done. Of course, you need to set everything to go up in boot time, if this
is to be made the right way. First set the Ethernet cards in
/etc/rc.d/rc.inet1.conf to point those addresses:
IPADDR[0]="172.16.1.1"
NETMASK[0]="255.255.255.0"
#
Config information for eth1:
IPADDR[1]="55.66.77.88"
NETMASK[1]="255.255.255.0"
#
Default gateway IP address:
GATEWAY="55.66.77.1"
Change the red address
to your real default gateway IP given by your ISP. The other thing we need is
all those IP tables to be executed in run time. Either make additional script
or just add them last to the rc.local.
root@router:/etc#
echo -e "\n# Start networking" >> /etc/rc.local
root@router:/etc#
cat >> rc.local
echo
"Starting masquerade ..."
iptables
-t nat -P PREROUTING ACCEPT
iptables
-t nat -P OUTPUT ACCEPT
iptables
-t nat -P POSTROUTING ACCEPT
iptables
-t nat -F
iptables
-t nat -A POSTROUTING -o eth1 -j MASQUERADE
echo
1 > /proc/sys/net/ipv4/ip_forward
This will do the job on
every startup.
Category
Komentar