IPMASQ router challenge

I want to setup a two NAT/router boxes in my appartment. The reason is to
share an inet connection. I have tought of various solutions such as
linuxrouter, coyote linux or freesco and other, however i don't know what
to choose and which one would do what i need:

I get my inet access from an adsl modem, one ip address assigned by dhcp.
What we want to do is connect one (or more) ipmasq server to the modem
where 3 clients on the first floor could connect to and then another ipmasq
server on the second floor to connect three additionnal clients.

I have in my possession the following material to do the project:

- many NE2000 compatible ISA cards.
- one Pentium 75MHz, 16MB RAM, 4 free isa slots.
- one Pentium 120MHz, 32MB RAM, 4 free isa slots.
- one i486 DX2/66MHz, 8MB RAM, 5 free isa slots.
- one i486 DX/33MHz, 4MB RAM, 5 free isa slots.

I am completely lost and need some advice ! Anything, from tips to
configuration files, to kernel configs, anything would be helpful !

- Sam D.
--------------------------- ---------------------------
| | | |
-<modem>-<eth0 IPMASQ SERVER1 eth1>---------<eth0 IPMASQ SERVER2 |
| | | |
|---eth2---eth3---eth4----| |---eth1---eth2---eth3-----
\ \ \ \ \ \
client1 client2 client3 client4 client5 client6


it would look like this. by the way, buying a router and more memory is out
of question!

"Sam D." <(E-Mail Removed)> wrote in message
news:Xns9407DAE7BBC49alzorusya@206.167.113.101...
> I want to setup a two NAT/router boxes in my appartment. The reason is to
> share an inet connection. I have tought of various solutions such as
> linuxrouter, coyote linux or freesco and other, however i don't know what
> to choose and which one would do what i need:
>
> I get my inet access from an adsl modem, one ip address assigned by dhcp.
> What we want to do is connect one (or more) ipmasq server to the modem
> where 3 clients on the first floor could connect to and then another
ipmasq
> server on the second floor to connect three additionnal clients.
>
> I have in my possession the following material to do the project:
>
> - many NE2000 compatible ISA cards.
> - one Pentium 75MHz, 16MB RAM, 4 free isa slots.
> - one Pentium 120MHz, 32MB RAM, 4 free isa slots.
> - one i486 DX2/66MHz, 8MB RAM, 5 free isa slots.
> - one i486 DX/33MHz, 4MB RAM, 5 free isa slots.
>
> I am completely lost and need some advice ! Anything, from tips to
> configuration files, to kernel configs, anything would be helpful !
>
> - Sam D.
> --------------------------- ---------------------------
> | | | |
> -<modem>-<eth0 IPMASQ SERVER1 eth1>---------<eth0 IPMASQ SERVER2 |
> | | | |
> |---eth2---eth3---eth4----| |---eth1---eth2---eth3-----
> \ \ \ \ \ \
> client1 client2 client3 client4 client5 client6
>
>
> it would look like this. by the way, buying a router and more memory is
out
> of question!

Sam;

I'd use the 486's with version 7.2 RedHat. I'd do a custom install and use
ipchains. Then I would download pmfirewall from pointman.org and install
this for my firewall/masquerading function. If the 486/4 MB is too slow,
use a pentium. I had a P100 with 32 MB of ram doing this and also acting as
a web server/samba server.

Doug

Sam D. wrote:
> I get my inet access from an adsl modem, one ip address assigned by dhcp.
> What we want to do is connect one (or more) ipmasq server to the modem
> where 3 clients on the first floor could connect to and then another ipmasq
> server on the second floor to connect three additionnal clients.
>
> I am completely lost and need some advice ! Anything, from tips to
> configuration files, to kernel configs, anything would be helpful !
>
> --------------------------- ---------------------------
> | | | |
> -<modem>-<eth0 IPMASQ SERVER1 eth1>---------<eth0 IPMASQ SERVER2 |
> | | | |
> |---eth2---eth3---eth4----| |---eth1---eth2---eth3-----
> \ \ \ \ \ \
> client1 client2 client3 client4 client5 client6

If You put clients 1-3 on one subnet, lets say 192.168.1.1/24, and the
others, 4-6, on a different one, like 192.168.2/24, only SRV1 needs to
do masquerading; SRV2 will only have to route between the ..1. and ..2.
subnets.

Routing then looks like this:

SRV1 has IP address 192.168.1.1; clients inthe same subnet have this set
as their default gw.

SRV2 has IP address 192.168.2.1; clients inthe same subnet have this set
as their default gw.

SRV1 has a route to 192.168.2/24 through SRV2, and a default route via
eth0 or the modem's IP (or that of the remote end, depending on how You
connect).

SRV2 has its default route through SRV1.

Masquerading looks like this:

SRV1 will masquerade all packets that come from 192.168/16.
Don't forget to enable IP forwarding.

SRV2 does not need to masquerade.

Use iptables, not ipchains, as others had suggested.

The hardware You have at hand can handle all this. - Obviously, SRV1 has
more to do than SRV2. If there's really heavy traffic on SRV1, You
should take one of Your Pentiums for that, mostly because they have more
memory than the 486ers. (Once You are at it, try to configure one 486
and one Pentium identically as SRV1; use and replace them and get some
statistics on system load. I'd be interested in that.)


Cheers Jack.

--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...