Linuxathome.net - Linux news and help for home broadband internet users
 Home | Files | Case Mods | Reviews | Forum | Search | Links | RDF | Contact | Uptime | Server Info | Tracker
Sections

Installation Guide
Setting Up
Internet Sharing
Port Forwarding
Services Config
Installing Programs
Game Servers
Using IPTables
Useful Commands
Kernel Upgrading
System Recovery
Red Hat 7.2 Setup
OpenBSD Setup
BPA Login Setup
PPPoE Setup
Add New Hardware
Using PPTP VPN
VMware ESX Cmds
Our RC5 Team
Folding@Home
Help Support Us

 
Articles
Linux Security
NetStats FAQ
Linux KIS Trojan
CAT5/LAN Cables
Domain Names
Presario RH Install APC Debian DVD
 
Slashdot.org
  • The Silicon Valley Paradox: One In Four People Are At Risk of Hunger
  • Trump Signs Law Forcing Drone Users To Register With Government
  • Instagram Will Now Let You Follow Hashtags In Your Main Feed
  • Trump Signs Into Law US Government Ban on Kaspersky Lab Software
  • Twitter Officially Launches 'Threads,' a New Feature For Easily Posting Tweetstorms
  • Former Uber Employees Have Gone Into Debt To Hang Onto Shares They Can't Sell
  • Searchable Database of 1.4 Billion Stolen Credentials Found On Dark Web
  • SEC Shuts Down Munchee ICO
  • Ajit Pai Offers No Data For Latest Claim That Net Neutrality Hurt Small ISPs
  • Tech Support Scammers Invade Spotify Forums To Rank in Search Engines
  • Nintendo Switch Sales Hit 10 Million Units, Could Outdo the Wii
  • Paris Summit Finds New Money, Tech To Fight Climate Change
  • Why Is Anime Obsessed With Power Lines?
  • We've Toned Down the 'Destroying Society' Shtick, Facebook Insists
  • SEC Warns 'Extreme Caution' Over Cryptocurrency Investments As Many People Take Out Mortgages To Buy Bitcoin
  •  
    Affiliates

    TweakTown.com
    ZGeek.com
    pebkac-consulting.com.au

     
    Webmail
      E-mail Address:

    Password:


     

      Sharing The Internet

      These steps cover a wide range of client Operating Systems, Win9x, Win2k and MacOS. From how to share the Internet to clients on your network to how to configure the clients to use the net through you Linux server, this used the IPChains functionality in the Linux 2.2.x Kernel. (UPDATE: If you are using IPTables then you will need follow the setup information available here)
     

      Sharing Instructions

     
    Sharing The Internet

    Now that your Linux server is online you will want to share its connection over your LAN so you can get all your other machines online. Once again this is easily done by simply typing in the following four commands that modify your Firewall rules in the Linux Kernel:

    echo '1' > /proc/sys/net/ipv4/ip_forward

    This tells Linux to allow IP forwarding so that if your client machines request information from the Internet Linux can forward the information from the Internet back to the appropriate machine that requested it. (it basically enables IP forwarding by setting the ip_forward file to have contents 1, i.e. a 0 means don't allow IP forwarding)

    /sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 -p udp

    This tells Linux to append a rule that accepts all input packets on the eth0 interface coming from a source (-s) mask and port then passing to a destination (-d) mask and port using protocol (-p). If you want to learn exactly what it all means then I recommend typing man ipchains and reading it all.

    /sbin/ipchains -P forward DENY

    This tells Linux to set the policy forward to DENY as a default, this is how Linux likes to work, firstly it denies everyone and then it checks its rules (next command) to see which it should allow, don't worry it does this all in one go so the correct clients will be allowed straight away.

    /sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ

    This tells Linux to append another rule for forwarding that will forward packets to the allowed IP address of client machines. On our example above we have given room for upto 256 computers to be on our network, this is shown by 192.168.0.0/24 which will cover the range of IP address starting at 192.168.0.0 and ending at 192.168.0.255, you can adjust this as you want. The 24 section relates to the 'bits' in the 'network' portion of the subnet mask. A 24 bit subnet mask is 255.255.255.0. This is indicating an entire "C class" network. If you wish to setup a network only having 16 allowable IP address's then you should use 192.168.0.0/28 which actually means 16 IP's and NOT 28. The subnet mask for this block would be 255.255.255.240. It is recommended that unless you want to make a secure network at home that you just stick with the good old 24 bit configuration. But if you wish to allow a specific number of computers on your network, it is recommended you do a search and find/use a IP Address and Subnet Calculator to make sure you setup exactly the right number of allowable address's.

    Now that your broadband Internet Connection Sharing is setup we recommend that you combine all of the above commands into a script file so that it can be added to the Linux initialization commands and be loaded automatically every time your system boots up. To do this simply go to the directory that contains some of the boot up commands, this is done by cd /etc/rc.d/, in this directory you want to create a file say called rc.firewall, we prefer the pico text editor as it is easier to use than vi, so type pico rc.firewall and enter the following into the file:

    #!/bin/sh
    # DHCP Internet and Connection Sharing Script
    # Coded by Mayhem (C)2000

    #DHCP
    <insert either PUMP or DHCP 2.0 code here as above>

    # Net Sharing
    echo '1' > /proc/sys/net/ipv4/ip_forward
    /sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 -p udp
    /sbin/ipchains -P forward DENY
    /sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ

    To exit pico you need to hit CTRL+X and press ENTER to save the file, once you have exited pico you will need to make the file executable by typing chmod u+x rc.firewall. To make the system run this when it boots up simply edit (using pico or any text editor) the file rc.local and add a line at the very bottom that runs your script, i.e. add the line ./rc.firewall and your done, the system should now load your Internet connection and share it whenever it is rebooted.

     

    Setting Up Client Computers To Use The Internet

    To get your other machines to use the Internet across the LAN through the Linux box you will have to follow the steps for the appropriate Operating System:

    - Windows 95/98/Me

    1. On your Desktop right click on "Network Neighborhood" and then left click "Properties", this will open the "Network" window.

    2. In the "Network" window you want to highlight "TCP/IP" by left clicking it once, then you need to click on the "Properties" button.

    3. When the "TCP/IP Properties" window appears you want to click the "IP Address" tab, which should already be the default selected. You will need to left click the "Specify an IP Address" radio button which will enable the two boxes underneath it. Now you need to enter and IP Address for this client machine (making sure not to use one already in use by another machine) and the appropriate subnet mask. For example:

    4. Next you want to click the "Gateway" tab. In the "New gateway" box type in the LAN IP Address of the Linux box and then click the "Add" button. You should end up with something like this example:

    5. Now you need to click the "DNS Configuration" tab. Firstly you need to click the "Enable DNS" radio button, then you must enter a Host (a home LAN doesn't use a domain unless you have one registered), the host name should be the client machine's name, i.e. if the computer name is "Familybox" then the host should be "Familybox". Next you want to add the DNS Address of the Optus@Home servers, this is done by typing them one at a time into the box just under "DNS Server Search Order" and clicking "Add" after entering each address. You should end up with a windows similar to this example:

    Once you have entered all the details in just click on "OK" and then "OK" again and your done.

    - Windows 2000/NT

    1. On your Desktop right click on "My Network Places" and then left click "Properties", this will open "Network and Dial-up Connections" folder.

    2. In this you want to right click on your "Local Area Network" and then left click "Properties", this will bring up all the details on your LAN interface card.

    3. Highlight "Internet Protocol (TCP/IP)" by left clicking it once, then once again you want to left click the "Properties" button which will bring up a new window.

    4. The new window titled "Internet Protocol (TCP/IP) Properties" will appear and this is where you want to entire your settings, similar to the snapshot below, with your IP address for your client machine (making sure not to use one already in use by another machine) and the appropriate subnet mask, the gateway as the IP address of Linux box and the DNS servers as the Optus@Home IP address of your node (this make it slightly faster by putting all DNS requests straight to them and bypassing your own DNS server on the Linux server). If you know what your doing and want to make some more changes (they aren't required) you can click on "Advanced" and the more detailed options will appear in a new window.

    Once you have entered all the details in just click on "OK" and your done.

    - Macintosh

    Setting up a Macintosh is basically the same as above.

    1. Open the control panel from the Apple menu.

    2. Open the "TCP/IP" control panel. It should look like this:

    3. Select "Manually" under the configuration method and give the machine an IP address (making sure not to use one already in use by another machine) and also enter the subnet mask.

    4. The router address is the same as the gateway address, so type in the LAN IP address you gave to your Linux box.

    5. Now you want to add the DNS Address of the Optus@Home servers, this is done by typing them one at a time into the box "Name server addr.:"

    Proudly Hosted By:
    Hosted by PEBKAC Consulting

    Please read our Legal Notice for information concerning our site and its content.
    All logos and trademarks in this site are property of their respective owner. All the rest © 2000 - 2016 by Linuxathome.net

    Reviews

    D-Link DI-704P
    VIA EPIA-M 9000
    Tux Applique
    Ricoh MP5125A
    AMD XP 2600+
    3DProphet 9000Pro
    Radeon 9700 Pro
    XTNDAccess IrDA
    Netgear FS-524s
    DSR2161 KVM
    Game TheaterXP & XPS-510 Speakers
    3D Prophet 4000XT
    AutoView 400
    Back-UPS CS 350
    Dual Neon Kit
    SwitchView KVM
    20x4 LCD Kit
    Window Kit

     
    Kuro5hin.org
    XML error: Mismatched tag at line 27.
     
    Google (Linux)
    Enter Keywords:

     
    Bash Jokes

    % sleep with me

    bad character

     
    Virtualization, Virtual Machine & Virtual Server Consolidation - VMware

    The Community ENTerprise Operating System

    Get Slackware Linux

    Use OpenOffice.org

    Use Asterisk