[3646] in linux-net channel archive
Re: PPP and two boxes???
daemon@ATHENA.MIT.EDU (Zach B.)
Fri Jul 12 14:15:39 1996
Date: Thu, 11 Jul 1996 10:16:33 -0700 (PDT)
From: "Zach B." <zab@teleport.com>
To: "Hubert A. Bahr" <hab@ece.engr.ucf.edu>
cc: linux-net@vger.rutgers.edu, linux-ppp@vger.rutgers.edu
In-Reply-To: <31D6E978.1B4E2D23@ece.engr.ucf.edu>
On Sun, 30 Jun 1996, Hubert A. Bahr wrote:
> Alan Cox wrote:
> >
> > > i saw a product for win 95 to use a inet connection over a modem on wo
> > > different computers on the client side? Does this exist for Linux?
> >
> > Just about no other operating system needs a magic product for this kind
> > of thing. Linux will also do masquerading so you can have a whole networkon
> > one IP address (handy for security).
>
> I just came to the conclusion that Firewall / masquerading was the
> correct way to do this. Unfortunately, I am still struggling with the docs
> and trial and error to get it set up. Does anyone have this setup with
> a dynamic assigned IP assignment for the internet connection with ethernet
> for the private network. A set of samples may wash the mud off my glasses.
>
> Thanks
> Hubert
Well, we used to have a setup just like this at our geek house before we
weasled a dedicated 28.8 out of our provider. Its been a while but I'll
try and show you what we had. Fellow linuxers, please correct me if I
mess up :).
H ------ M ------ P
eth ppp
H = host behind masquerade
M = masquerading host
P = provider
ok, first off we have to assign ip addresses to the host behind the
firewall. You want to use some of the addresses setaside for internal
lans that won't be routed so that they won't clash with other hosts on the
internet. the 10.x.x.x class a works nicely, even if it is overkill :).
so we do a
ifconfig eth0 10.0.0.1 netmask 255.0.0.0
on host H.
we also have to give M's ethernet interface an address.
ifconfig eth0 10.0.0.2 netmask 255.0.0.0
on host M.
so now they at least know who they are. now host H has to know where to
send its packets so we do a
route add default gw 10.0.0.2
on H.
both hosts on the network need to know to send the 10.x.x.x there, so we
do a
route add -net 10.0.0.0 netmask 255.0.0.0 eth0
on both.
so now both of the hosts know how to get to each other and H thinks it can
get to the rest of the universe by its default route, but M doesn't know
to masquerade H's packets. This is where I'm a little fuzzy.. but I
beleive a
ipfwadm -F -m -a accept -S 10.0.0.0/8 -D 0.0.0.0
will work, but I can't guarantee it :). This will make M try to send
packets from H out via whatever route would have made sense for the
destination host in the packet. so if M's ppp is up and has had the
default route installed things should work. So to sum up:
on H:
ifconfig eth0 10.0.0.1 netmask 255.0.0.0
route add -net 10.0.0.0 netmask 255.0.0.0 eth0
route add default gw 10.0.0.2
and on M:
ifconfig eth0 10.0.0.2 netmask 255.0.0.0
route add -net 10.0.0.0 netmask 255.0.0.0 eth0
ipfwadm -F -m -a accept -S 10.0.0.0/8 -D 0.0.0.0/0
Note that you probably have to have forwarding and firewalling compiled
into the kernel on M, but I can't remember :). This is all so much easier
with a /27 allocated to you :). If i fucked any of this up, feel free to
lart me back into lurking :)
zach
