Ok gurus...time to pick your brains. I know that you can turn a Linux box into a router. From what I have read and heard you need two boxes. Currently I have one running Red hat 7.3 and an XP machine both connected to a Cable modem. I have two 10/100 ethernet cards in the Linux machine (One connected to the Cable modem) and the cable modem is connected to the XP box via USB. I have heard that I need to run the cable from the other NIC from the Linux box to the XP machines NIC. From here is where i am confused how it works and how to set it up. Any help is greatly appreciated. Thanks!

PS I am to cheap to buy a router right now, so i thought I would do it the tough way:)

RD

I'm working on the same issue. For a good place to look for resources, try http://www.linuxnewbie.org/nhf/Networks/Easy_Internet_Sharing.html
and
http://www.practicallynetworked.com/sharing/

glad i am not the only one trying this out. thanks for the info...keep me posted if you figure other items out and i will do the same.

RD

I was just about to ask the same question.

I am confused in your set up, though. Both your linux and your XP box are connected to the cable modem? The linux box is connected via a network cable (RJ45.. big telephone looking jack) and the XP is connected via usb.

Does this work? Or does one machine work at a time, and you have to have the other machine turned off?

Is this why you need the router, so that both machines can access the internet at the same time?


That is what I need. I need a linux box (my webserver as well) to act as a router to my XP machine. The wiring would look as follows:
internet <--> cable modem <--> linux box <--> XP box

I am running kernel 2.4 on debian. If anyone knows of a good tutorial that shows how to use IPTABLES in 2.4, I would greatly appreciate it. Everything I have found has been very hard to understand and is not very newbie friendly.


These are the links I have found, but they are way too hard to follow (pictures, i need pictures!)
http://www.linuxguruz.org/iptables/howto/iptables-HOWTO.html
http://people.unix-fu.org/andreasson/iptables-tutorial/iptables-tutorial.html

I don't know how much you guys know about Ethernet, but I'm pretty sure that if you want to run a cable directly NIC-to-NIC (rather than NIC-to-Hub), you need to use a crossover cable (a regular ethernet cable with the wires in a different order).

Look at this article: http://www.linuxnewbie.org/nhf/Security/IPtables_Basics.html

It is a great starting point. The help files you mention in your earlier posts will come in handy once you know the basics.

Let me get this streight. I have a DEBIAN linux 2.4 machine running as a workstation and router for a 1pc home network.

my setup looks like the following:
INTERNET
|
CABLE MODEM
|
(eth0)
LINUX BOX (ROUTER/WORKSTATION
(eth1)
|
WINDOWS PC


So I to get this to work, I have to enable dhcp on my eth0 to accept my cable modems assigned address. I have heard 'pump' is a good dhcp.
I enable dhcp for eth0 by editing /etc/network/interfaces to have the line:
iface eth0 inet dhcp

Then I need to give eth1 a local network address and set that address as the gateway for the windows pc. (using the /etc/network/interfaces file as well)


Then I need to allow ip forwarding by issuing this command
echo 1 > /proc/sys/net/ipv4/ip_forward

Then of course, I need to configure ip_tables to allow fowarding and handle the firewalling rules.

Is that it? How does the linux machine know to forward packets from its LAN side to the WAN side? Is the NAT just handled automatically?

I'm following up on my progress as you requested. I found that configuring a firewall from scratch contains a lot of variables for a newbie to negotiate. therefore, I finally started branching out on my firewall/router search to try some bundled routers.

The downside of this, is that you need a dedicated box on all the options I've tested (rather than doing it from my work station). I tried a three firewall router packages: (1) coyote, (2)linux router project; and (3) smoothwall. First, Coyote on a floppy; very impressive. I had some problems get the correct NIC drivers but solved that by changing out to an old nic. I had very little documentation (a major issue) and put this aside temporarily.

Next came the linux router project. They have lots of documentation to explain the theory of routing. I was looking more for a cook book approach, get up a simple firewall, and then use the documentation to modify the basic configuration. Lacking the patience to wade through the generous documentation given my limited experience, I put this aside temporarily.

Smoothwall.org. This is probably what I'm going to use. There documentation is simple and very step-by-step specific. If you want some basic background on networking, they provide excellent explanations.

The software installer has a very simple configuration menu with three possible basic variables. The installer autoprobes for NICs and serves them up to configure using three basic options: (1) Green NIC for Local traffic, (2) Red NIC for Internet traffic, and (3)Orange NIC for web server traffic (it looks like you could handle it all on one nic using aliasing but I didn't choose that option for performance and simplicity's sake).

The installer does a good job of prompting you for the specific variables you need (like your IP address goes here, your ISP's default gateway goes here)I liked this approach because smoothwall limited the number of mistakes I could make (reducing the number of variables to test). Even better, smoothwall assigns some of the network information for you and then allows you to review and modify. Even better still, I made mistakes in the install (You forgot to configure the Orange NIC) and allows you to go back and correct it.

Some of my mistakes were unnecessary. I wasn't sure how to interpret some of the prompts but the documentation explains them. For example, after your initial install, smoothwall prompts you (Disable ISDN?). I wasn't sure how to respond. Did I mistakenly tell smoothwall I had an ISDN (I know I don't)? In actuality, this is just a default set of questions, and you just need to say yes disable ISDN, ADSL USB Port, etc until you get to your option and the configuration continues from there. Again, post install configuration options are few and simple.

After configuration, you sign onto your firewall from a remote machine via your web browser and it displays your tables, allows you to add rules, route ports, monitor statistics, etc.

I have two of my boxes up and running and will try to configure my apache server and port routing this week. Let me know if this helps and you want more information.

I setup a router/firewall a couple weeks ago using SuSE 8.0 on a PPro200. This hooks up to my cable modem (eth0) and to my hub (eth1). I've got two W98 machines and a Mandrake machine all networked up. Running ntop and webmin on the router is great for admin tasks. Remember to apply any web-based admin tools to the internal NIC only! The Mandrake computer is also a samba server for my little LAN. I'm a newbie with Linux, and I gotta say I beat my head against the wall more than once in the 3-4 weeks it took me to get this all running. And that was with the help of a friend answering late night phone calls who is a network admin by trade. Now that it is running I couldn't be happier (my g/f is a little unhappy about all the cat5 running all over, but what can a guy do?). My only complaint is the 10mb hub. Transfering ISO images from machine to machine blows at 10mb! Good luck to everyone setting this sort of thing up! When it is all up and running the rewards are fantastic!

I found this tutorial, which has pictures!!

http://www.sns.ias.edu/~jns/security/iptables/

check out the notes from his seminar:
http://www.sns.ias.edu/~jns/security/iptables/iptables_talk/t1.htm

why not just use XP to route using ICS???

does ICS do things like "stateful packet filtering"? is it rock solid safe? does it not lock up every 3 hours?

I am told that linux is much more secure and stable than anything microsoft could ever put out. I honestly don't fully understand why yet, but most network administrators will tell you Microsoft is unstable and unsafe.

It is my goal to learn good techniques and use the most secure elements.

besides Linux is free and Microsoft costs money... way too much money.

ICS is very unstable! I used it for a year and got tired of it crashing, so now I use my Linux box to "share" the internet. It hasn't crashed since. Most hackers and script kiddies are looking for windows machines to mess with. I havn't heard of a major Linux hacker...yet.