Disclaimer
The opinions expressed herein are my own personal opinions and do not represent anyone else's view in any way, including those of my employer.
© Copyright 2009
The opinions expressed herein are my own personal opinions and do not represent anyone else's view in any way, including those of my employer.
© Copyright 2009
Get rid of your router and use a linux webserver instead. My server has always been up but it was just a webhosting server before, with some files on it. I’m using a old version of slackware on my server and xp or ubuntu on my clients.
The diagram explains a lot but my main goals were
(all cables are straight through except the one that says crossover)
If you are setting up a gateway as I am you will need your isp’s gateway and your isp’s dns servers. You can find this info on your current router by looking in the status page. If worst comes to worse just call your isp and ask them. You need this info and cannot make a nat/gateway without it. If your not worried about internet then don’t worry about this.
To find your isp’s dns servers just connect your linux box and when your modem assigns it a ip it will edit the /etc/resolv.conf and add your dns’s. To get your ISP gateway the only way i know is plug in your router and look at the status page. You can also do all this by plugging your cable modem directly into a windows pc then when it connects to your modem go to the connections->status and the dns’s will be in there along with the gateway. Write all this info somewhere for future reference.
If you are connecting “like devices” such as pc to pc or hub to hub you will need a crossover cable. You can easily make a adapter for your current cables. See “further reading” for links on how crossover cables are setup.
This stuff is way beyond me. In a nutshell what I gather we are doing is setting eth0 to forward all packets to eth1 and eth2, and eth1 and eth2’s packets are forwarded out to the net. I may be wrong about this though. The full tutorial (and where I got all my info for this part) was at http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html , it is a very good tutorial, read the whole thing. Since I had two Ethernet cards I had a extra line but aside from that the iptables is the same one on that site for the dsl/cable router.
Setting up your iptables script
# Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated. iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain # Set up IP FORWARDing and Masquerading iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE iptables --append FORWARD --in-interface eth2 -j ACCEPT iptables --append FORWARD --in-interface eth1 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward
Most of the configuration for your nic cards is handled by the file /etc/rc.d/rc.inet1.conf this file holds the config settings that get used when you run your /etc/rc.d/rc.inet1 executable. I just happened to stumble on it when I was doing all this, lucky I did ! The last part where I define “gateway” is the gateway provided by my isp, its not some other computer on my local network (obviously from the format) you will need to get this value, you cant use my config without it.
Setting up your /etc/rc.d/rc.inet1.conf
# /etc/rc.d/rc.inet1.conf # # This file contains the configuration settings for network interfaces. # If USE_DHCP[interface] is set to "yes", this overrides any other settings. # If you don't have an interface, leave the settings null (""). # You can configure network interfaces other than eth0,eth1... by setting # IFNAME[interface] to the interface's name. If IFNAME[interface] is unset # or empty, it is assumed you're configuring eth. # Several other parameters are available, the end of this file contains a # comprehensive set of examples. # ============================================================================= # Config information for eth0:(this is the 3com card 30) IPADDR[0]="" NETMASK[0]="" USE_DHCP[0]="yes" DHCP_HOSTNAME[0]="" # Config information for eth1: (this is the built in card i think IPADDR[1]="192.168.10.1" NETMASK[1]="255.255.255.0" USE_DHCP[1]="" DHCP_HOSTNAME[1]="" # Config information for eth2: (this is the gigabit card 01) IPADDR[2]="192.168.1.200" NETMASK[2]="255.255.255.0" USE_DHCP[2]="" DHCP_HOSTNAME[2]="" # Config information for eth3: IPADDR[3]="" NETMASK[3]="" USE_DHCP[3]="" DHCP_HOSTNAME[3]="" # Default gateway IP address: GATEWAY="98.195.216.1" # Change this to "yes" for debugging output to stdout. Unfortunately, # /sbin/hotplug seems to disable stdout so you'll only see debugging output # when rc.inet1 is called directly. DEBUG_ETH_UP="yes" ## Example config information for wlan0. Uncomment the lines you need and fill ## in your info. (You may not need all of these for your wireless network) #IFNAME[4]="wlan0" #IPADDR[4]="" #NETMASK[4]="" #USE_DHCP[4]="yes" #DHCP_HOSTNAME[4]="icculus-wireless" #DHCP_KEEPRESOLV[4]="yes" #DHCP_KEEPNTP[4]="yes" #DHCP_KEEPGW[4]="yes" #DHCP_IPADDR[4]="" #WLAN_ESSID[4]=BARRIER05 #WLAN_MODE[4]=Managed ##WLAN_RATE[4]="54M auto" ##WLAN_CHANNEL[4]="auto" ##WLAN_KEY[4]="D5AD1F04ACF048EC2D0B1C80C7" ##WLAN_IWPRIV[4]="AuthMode=WPAPSK EncrypType=TKIP WPAPSK=7B1ABEEB5D197741923ED26727569C365E31212096A0EAFAD563B268BAD01CAF TxRate=0" #WLAN_WPA[4]="wpa_supplicant" #WLAN_WPADRIVER[4]="ndiswrapper" ## Some examples of additional network parameters that you can use. ## Config information for wlan0: #IFNAME[4]="wlan0" # Use a different interface name nstead of # the default 'eth4' #HWADDR[4]="00:01:23:45:67:89" # Overrule the card's hardware MAC address #MTU[4]="" # The default MTU is 1500, but you might need # 1360 when you use NAT'ed IPSec traffic. #DHCP_KEEPRESOLV[4]="yes" # If you dont want /etc/resolv.conf overwritten #DHCP_KEEPNTP[4]="yes" # If you don't want ntp.conf overwritten #DHCP_KEEPGW[4]="yes" # If you don't want the DHCP server to change # your default gateway #DHCP_IPADDR[4]="" # Request a specific IP address from the DHCP # server #WLAN_ESSID[4]=DARKSTAR # Here, you can override _any_ parameter # defined in rc.wireless.conf, by prepending # 'WLAN_' to the parameter's name. Useful for # those with multiple wireless interfaces. #WLAN_IWPRIV[4]="AuthMode=WPAPSK EncrypType=TKIP WPAPSK=thekey TxRate=0" # Some drivers require a private ioctl to be # set through the iwpriv command. If more than # one is required, you can place them in the # IWPRIV parameter (space-separated, see the # example).
So, in my configuration remember that eth0 is for the internet the other two are for local lan, the third one is the default.
The gateway from your ISP
The most IMPORTANT thing, that isn’t really straightforward is the “gateway” that ip address is the gateway provided by my ISP. The only way I could find that value was to plug in my old router, go to the status and get it. If you do plug in your old router to get this value get the DNS servers also, If you can just print the whole page your router gives you its gold.
At this point we just want to restart all the network stuff, so type in these commands in your /etc/rc.d/
cd /etc/rc.d/ ./rc.inet1 restart ./rc.inet2 restart ./rc.inetd restart ./rc.iptables
Not sure if they are all needed, but restarting them does not hurt. Also if you have a webserver restart that with “./rc.httpd restart”
If you had a web server running before you started, you should note now that a lot of ip’s have changed. If you had specified ip’s in your virtualhost settings in httpd.conf go back and change them all to *. This way its name based virtual hosts and the ip’s don’t matter. When I first did this all I would get from my webserver was a directory listing, of course I got everything else working before I was testing my webserver though !
Well, hopefully we setup the server as a nat. There is not much you can test at this point. Since I’m not running a dhcp server when I start up my computers that are connected to my server they will ask server for a ip and the server wont give it to them, at that point everything stops. Sorry, we need to go setup at least one computer before we can test. In hindsight a dhcp server on the linux box is much more convient, it makes it so the computers can just automatically get their ip’s and you would be done at this point. But, I didnt do it this way, its not that much harder to setup your nic configs on the client machines, but later I’ll write a article when I setup dhcp on my server.
You should be able to ping places like yahoo.com from your server at this point, if your server does not have internet access nothing connected to it will either. Type in ifconfig and make sure everything looks alright, make sure eth0 has a internet ip.
Im using windows XP, not that unspeakable garbage that came after it. If your setting up a router you should be pretty familiar with this stuff. You basically need to setup the settings so your pc knows its static ip, gateway, and DNS servers. These will be the instructions for a windows machine on the subnetwork 192.168.10.x, it’s the 100Mbs network.
You should be able to connect to your server and the internet through your server now. If not try restarting the computer, if you still cant try and ping the server, make sure your connected to the right nic.
Im using ubuntu on the machine im connecting. You might be using another distro. The setup is pretty straightforward. We need to do what we did in windows, set ip, set gateway, set dns’s. Ill give the instructions for the Ubuntu machine connected to the 192.168.1.x network.
auto lo
iface lo inet loopback
#our inet interface to the server
auto eth0
iface eth0 inet static
address 192.168.1.11
gateway 192.168.1.200
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255# Generated by NetworkManager
nameserver 68.87.85.98That’s it. Now, hopefully everything works, if not you will have to use sound, logical reasoning to narrow down the problems. Every network is different so its kinda hard for people to help you with really detailed stuff like this. Once you get to this point, you are the last hope for your network, there are no heroes out there that can save you.
This gives you much greater control over your network. Now I have two subnetworks that can’t see each other, but can see the internet, and the server. This way you can setup your wifi to be completely separate from the rest of your network, but allow wifi users to connect to the internet through it.
A note on crossovers
If you are connecting a computer to a computer like I am you will need a crossover cable, I’m not a very patient person so I made one. I also ordered a “crossover converter” from ebay for a few bucks. Its not very hard to make a “converter” or to just rewire your cable a little. Pretty much you need to swap two pairs of wires, so all together from the eight pins you just mess with four.
I did something like this http://www.instructables.com/id/Crossover-Dongle/ but not as pretty J
Ill just use that till my other converter shows up, so far its working ok. I actually cut a old cable and took the connector off of a old 3com nic.
How much speed did I get from my gigabit Ethernet ?
One of the main goals of all this was to allow two computers to share gigabit Ethernet without having to buy a router. So, how much of a boost did I get.
I tested my gigabit connection and I tested my other sub network connection between two 100Mbs. My tests were quick and dirty, I did all the conversions myself and just looked at the time to see how long it would take for it to transmit a ~700meg file.
Below are all my calculations. What I found was that I’m only getting about 17% of what I should from my gigabit Ethernet which is about 169Mbs. For the 100Mbs I’m only getting about 65% of what I should which is about 65Mbs. So even though my throughput is horrible im still going almost three times as fast. I’m pretty sure the low bandwidth is from a bottleneck on the server pci bus speed or my Ethernet cable. Ill troubleshoot it later.
transfer of file: size 716,808 KB or 716808000 bytes or 5734464000 bits
@gigabit, time ~34seconds; speed 168,660,705.88 or about 169Mbs ; eff=17%
@100Mbs, time ~88seconds; speed 65,164,363.63 so about 65Mbs ; eff=65%
Equation I derived Speed=size in bytes / time in seconds
Well, the next thing I need to tackle is a better understanding of iptables. I always need to route ports and such for playing games. Like we play nexiuz a lot and I need to be able to forward port 26000 to the machine im playing on. Also I plan on reusing my old router to give me better wifi signal upstairs and outside.
http://www.makeitsimple.com/how-to/dyi_crossover.htm (how crossovers work)
http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html
http://www.yolinux.com/TUTORIALS/LinuxTutorialNetworking.html (good tutorial)
http://www.slackware.com/~alien/efg/ (generates iptables config, I didn’t use but might later)
Categories
Tag Cloud
Blog RSS
Comments RSS
Void « Default
Life 
Earth 
Wind 
Water 
Fire Light 
Previous 
Next 
Last 50 Posts
Back
Awesome article! I am a Slackware/Zenwalk fan. I am bookmarking this link.
Thanks for sharing…
Ya, I’m still working on perfecting my network but so far i’ve got it all working JUST like i want it. I can log in and run my script to make it only allow certain computers depending on their mac address and such. I’ll write more about my script later.
Oh yeah its alright if you share with any community.
I must say that I have to agree with you. Everything you say it makes sense to me. I will test it
this weekend. Is it ok if I share your scripts with the Zenwalk community?
-2501
[...] is a continuation of articles “using iptables on your linux router“ and “how to setup your slackware linux box as a router“. This is the script that im pretty much finished with and how it [...]
I liked it. So much useful material. I read with great interest.
Valuable thoughts and advices. I read your topic with great interest.
Your blog is so informative … ..I just bookmarked you….keep up the good work!!!!
Thank you! I would now go on this blog every day!
Have a nice day
AlexAxe
Its a very helpfull for a newbies likes me, i will try it asap, i ctrl+D this site, thanks a lot master.
[...] DHCP server as 192.168.0.100) I created a NAT/forwarding in the DHCP machine from a tutorial at: http://www.zonemikel.com/wordpress/?p=209 and basically created a /etc/rc.d/rc.iptables script (activated at boot time) and its content is: [...]
This tutorial didn’t work for me.
My systems are able to ping the outside world. I know they are able to resolve domain names too but for some reason none of my machines other than the slackware machine are able to fetch web pages.
How do you know they are able to resolve domain names if they cant “fetch web pages”, did you forward traffic on port 80 ?