(Network newbee) Linux as a router

I would like to use a linux box as a router for 10 clients so they can
share a 2 mbps adsl connection. I have two network cards (eth0, eth1)
installed in the linux box. eth1 is connected with my adsl-modem and
is always online the other is connected to my local network:

eth0: 192.168.0.1/255.255.255.0
eth1: 80.160.199.114/255.255.255.252 through gateway 80.160.199.113
(sending and recieving packets to the world)

So far so good. What do I need to do to allow the 10 clients on
192.168.0.x to access the world? I suspect the keywords are
ip-forwarding, masquerading etc. but to be honest I'm very confused
about these concepts there is so much information on the internet
about these subjects that I don't know where to start
Can someone spill the golden pearls for me, or just push me in the
right direction?

Jakob Simon-Gaarde wrote:
> I would like to use a linux box as a router for 10 clients so they can
> share a 2 mbps adsl connection. I have two network cards (eth0, eth1)
> installed in the linux box. eth1 is connected with my adsl-modem and
> is always online the other is connected to my local network:
>
> eth0: 192.168.0.1/255.255.255.0
> eth1: 80.160.199.114/255.255.255.252 through gateway 80.160.199.113
> (sending and recieving packets to the world)
>
> So far so good. What do I need to do to allow the 10 clients on
> 192.168.0.x to access the world? I suspect the keywords are
> ip-forwarding, masquerading etc. but to be honest I'm very confused
> about these concepts there is so much information on the internet
> about these subjects that I don't know where to start
> Can someone spill the golden pearls for me, or just push me in the
> right direction?


The following should do all you need:
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

Most distributions will have something that allows the configuration to
be set at boot time.


--
Paul Black mailto(E-Mail Removed)
Oxford Semiconductor Ltd http://www.oxsemi.com
25 Milton Park, Abingdon, Tel: +44 (0) 1235 824 909
Oxfordshire. OX14 4SH Fax: +44 (0) 1235 821 141

On 29 Jul 2004 02:21:25 -0700, Jakob Simon-Gaarde wrote:
> I would like to use a linux box as a router for 10 clients so they can
> share a 2 mbps adsl connection. I have two network cards (eth0, eth1)
> installed in the linux box. eth1 is connected with my adsl-modem and
> is always online the other is connected to my local network:

Please read http://www.catb.org/~esr/faqs/smart-questions.html
Always provde distribution and release level when posting questions.
It could help you get better answers.


>
> So far so good. What do I need to do to allow the 10 clients on
> 192.168.0.x to access the world?

10 sharing a 2 mb feed, is going to sluggish.

Maybe this will help.
http://groups.google.com/advanced_group_search
(E-Mail Removed)lid in the Message Id box.

Some light reading
http://www.tldp.org/HOWTO/Masqueradi...OWTO/index.htm
http://www.e-infomax.com/ipmasq/

Op 29 Jul 2004 02:21:25 -0700 schreef Jakob Simon-Gaarde:

> I would like to use a linux box as a router for 10 clients so they can
> share a 2 mbps adsl connection. I have two network cards (eth0, eth1)
> installed in the linux box. eth1 is connected with my adsl-modem and
> is always online the other is connected to my local network:
>
> eth0: 192.168.0.1/255.255.255.0
> eth1: 80.160.199.114/255.255.255.252 through gateway 80.160.199.113
> (sending and recieving packets to the world)
>
> So far so good. What do I need to do to allow the 10 clients on
> 192.168.0.x to access the world? I suspect the keywords are
> ip-forwarding, masquerading etc. but to be honest I'm very confused
> about these concepts there is so much information on the internet
> about these subjects that I don't know where to start
> Can someone spill the golden pearls for me, or just push me in the
> right direction?

Depends.

If your linux box (the one with the two nic's) is redundant, it can be
implemented as a router / firewall / web-proxy / caching DNS, all by
installing smoothwall. See their website: http://www.smoothwall.org.

It's freeware, has a very small footprint, I've run it on as small as a
pentium 3 with 12Mb on board. It is a text based installation, BUT:
completely tailorable thru a very neat web-interface.

They serve good documentation, also for newbies ;-)

HTH

--
There's no place like 127.0.0.1
Gerard Wassink http://linux.family.filternet.nl
Linux counter #360967, "In a world without fences, who needs gates?"

Gerard Wassink <(E-Mail Removed)> wrote in message news:<3vh8dnpzuwej$.(E-Mail Removed)>. ..
> Op 29 Jul 2004 02:21:25 -0700 schreef Jakob Simon-Gaarde:
>
> > I would like to use a linux box as a router for 10 clients so they can
> > share a 2 mbps adsl connection. I have two network cards (eth0, eth1)
> > installed in the linux box. eth1 is connected with my adsl-modem and
> > is always online the other is connected to my local network:
> >
> > eth0: 192.168.0.1/255.255.255.0
> > eth1: 80.160.199.114/255.255.255.252 through gateway 80.160.199.113
> > (sending and recieving packets to the world)
> >
> > So far so good. What do I need to do to allow the 10 clients on
> > 192.168.0.x to access the world? I suspect the keywords are
> > ip-forwarding, masquerading etc. but to be honest I'm very confused
> > about these concepts there is so much information on the internet
> > about these subjects that I don't know where to start
> > Can someone spill the golden pearls for me, or just push me in the
> > right direction?
>
> Depends.
>
> If your linux box (the one with the two nic's) is redundant, it can be
> implemented as a router / firewall / web-proxy / caching DNS, all by
> installing smoothwall. See their website: http://www.smoothwall.org.
>
> It's freeware, has a very small footprint, I've run it on as small as a
> pentium 3 with 12Mb on board. It is a text based installation, BUT:
> completely tailorable thru a very neat web-interface.
>
> They serve good documentation, also for newbies ;-)
>
> HTH

Thanks for your input. I got it working just by installing "ip
masqurading" it worked right away (debian did the configuration).

Anyway now I need to understand how to shape the in and outgoing
traffic. This is hard to understand aswell, but I have learned a lot
this last week.

Op 1 Aug 2004 04:39:27 -0700 schreef Jakob Simon-Gaarde:

[snip]

> Thanks for your input. I got it working just by installing "ip
> masqurading" it worked right away (debian did the configuration).
>
> Anyway now I need to understand how to shape the in and outgoing
> traffic. This is hard to understand aswell, but I have learned a lot
> this last week.

And you will learn more in the weeks to come

Shaping traffic is not my area of expertise, but I'm sure someone else
can help you do that. You'd best start a new thread with a carefully
chosen subject...

Cheers,

--
There's no place like 127.0.0.1
Gerard Wassink http://linux.family.filternet.nl
http://freeware.family.filternet.nl
Linux counter #360967, "In a world without fences, who needs gates?"

> Anyway now I need to understand how to shape the in and outgoing
> traffic. This is hard to understand aswell, but I have learned a lot
> this last week.

Well, you might try squid (www.squid-cache.org) with snmp enabled mrtg
(http://people.ee.ethz.ch/~oetiker/webtools/mrtg/), should http
traffic concerns you more. But you might use mrtg for monitoring all
kind of traffic too.

You can see shorewall for the same traffic accounting.

And, you must have a peek over "Linux Advanced Routing & Traffic
Control" from (lartc.org/).

--
raqueeb hassan
congo (drc)