I have a machine running RedHat 9.0 which I want as a server.

I have a Motorola Surfboard cable modem which was provided by my cable company (TelstraClear NZ).

The problem is that this modem is not a router and I would like to be able to have more than one machine connected to the modem.

My Linux box has two network cards in it so I was wondering if I could connect one to the modem and the other connected to an internal network (three or four machines) and somehow routed so that the network can also connect to the Internet through the cable modem.

I know the theory but I don't know how to do it in practise.

I've heard two methods, one being using the route command and the other bridging the two cards.

What is the best method and how does one achieve it?

Thanks for any help you can provide.

Yes, you can do it. I'm doing something very similar now (though not with cable, with a shared T3 line; gotta love dorm room Internet ;)).

Anyway, I figured it out by reading (multiple times) through the relevant HOWTO's at www.tldp.org. Don't get frustrated if they don't make sense right away, it sounds like you understand networking enough to eventually figure them out. :)

Try, in about this order, the Ethernet HOWTO (for background info), then the IP Masquerade HOWTO, then (possibly) the Advanced Routing HOWTO or the Firewall HOWTO (to tighten up the firewall that you'll want to set up on the router machine).

I know that some linux peoples tend to use the do-it-yourself approach but, NOT ME! :) Not all the time anyway, especially when some geniuses made a program called Firestarter....
http://firestarter.sourceforge.net/

It makes Internet Connection Sharing ( NAT or Masquerading or whatever ) a five minute or less thingy to setup. :)

Networking/Security rule #1.
Never combine server and firewall/routing functions.

Go buy an inexpensive Linksys 4 port router. It's got built in DHCP, NAT, Port Forwarding, DMZ, VPN, etc....

OK, let me play dumb. Why not?

If I were to put my web server on the internal network, I'd have to set up another entire set of forwarding rules -- as is, I don't need any.

And security isn't an issue -- the setup is just as inherently secure with the programs running on two machines as it is with them running on one. If there are router security problems, then the router and your whole internal network are laid bare, regardless of your setup. If there are security problems with the web server software, then people can exploit them regardless of setup -- and again, your entire network is laid bare.

I don't see any difference.

a quick easy way
1. have a different network on both nics on your server IE 192.168.1.x to DSL on eth0 and 192.168.2.x to other machine on eth1

2. echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

3. on the second machine make sure it's default route is setup to the ip of the server

NOTE. This will only work until you reboot the server. You will need to permantly setup the commands from step 2 into your boot process

If there are security problems with the web server software, then people can exploit them regardless of setup -- and again, your entire network is laid bare.
The goal is to protect the internal network from penetration and a layered defense as in a DMZ is the way to do it.

Relying on the robustness of any particular piece of software could compromise the entire network.

Oh, DMZ. OK, I thought we were talking about home networks here. Silly me... ;)

Oh, DMZ. OK, I thought we were talking about home networks here. Silly me...
Doesn't matter where it is or how big it is. I assume the OP was talking about building a file server. From a security standpoint there is no good reason to have a fileserver on the internet, much less having the same box do double or triple duty serving files, routing, firewalling. That box gets compromised and all three functions are potentially lost and the entire netwrok and all it's data are at risk.

Webservers and e-mail servers should be seperate from the internal network and behind a router or firewall thus the DMZ.

Actually the server is a file server but it really is just for play.

It is really so that I can expand my knowledge of Linux and networking so if someone breaks in it really doesn't matter as the important files are on my iBook running OS X with firewall turned on.

I haven't had time to try the options you guys have given me but I really appreciate your comments.

Thanks.

I tried FireStarter and this got me up and running so thanks for that idea.

One issue I had was my secondary machine wasn't connecting but that was because I forgot to add the DNS server addresses of my ISP.

All working fine now.

I would like to thank everyone for there wonderful tips, much appreciated. :D