[reply also cross-posted to linux-net]
On Sat Mar 11 2000 at 06:14, Jason Rahal wrote in linux-apps:
[ March? This only arrived today... either your clock is out by
two months, or you have a very slow internet link there :-]
> I'm trying to setup my home network -- i have a redhat box i'm using to access
> my local PPP server (worldnet) but i'd like to share the connection through my
> ethernet to my other computer,(mandrake 7, laptop) Currently i have the
> network set up with 10.0.0.1 as the redhat box, and 10.0.0.2 as the mandrake
> box, and i can telnet etc. just fine. I added the PPP interface to the redhat
> box. Is there an easy way for me to set up the mandrake computer to share the
> ip i get from worldnet? Or is there another way i have to do this, and how?
IP masquerading. Otherwise known as NAT (network address
translation).
Easy, almost trivial to do on dialup ppp connections, it really only
needs *one* simple command to get it working.
Make the default route for the other boxes on the network point to
the box doing the dialup connection.
First, make sure routing is enabled on that box:
cat /proc/sys/net/ipv4/ip_forward
If this returns a value of `0', then the kernel will not route
packets; it needs to be `1'. Enable routing by doing this:
echo 1 > /proc/sys/net/ipv4/ip_forward
With redhat, you can set this by default in /etc/sysconfig/network
(or in /etc/sysctl - I think it is - on redhat 6.2 boxes).
Use ipchains to do the masquerading:
# change the default policy for the forwarding chain
ipchains -P forward REJECT
# masquerate all traffic from the local network
ipchains -A forward -s 10.0.0.0/24 -j MASQ
That last command is the one that does the magic... all traffic
being forwarded from the 10.0.0.0/24 network will be masqueraded as
coming from itself after it passes through this rule.
You might also want to do this:
# change the default route to point to the ppp device
route del default
route add default gw ppp0
You can do a lot of other fancy stuff besides this, like set up
rules to count or block particular network traffic. Fun stuff to
play around with :)
Set up your /etc/ppp/ip-up* and /etc/ppp/ip-down* scripts to enable
and disable all this when the ppp interface comes up and goes down.
If you use a local (private) DNS server on your dialup box, then in
the ip-{up,down} scripts you can also do things like automatically
change your /etc/resolv.conf file to suit the situation.
Just a note:
`-j MASQ' can also be done in the input chain instead of the forward
chain. The difference is that routing rules are applied to a
network packet *after* it passes through the input chain, but
*before* it enters the forward chain. If you want to MASQ and then
do some tricky routing based on this, that's how you would do it.
But for most purposes, the forward chain is where you want to do it.
Cheers
Tony
-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-
Tony Nugent <[EMAIL PROTECTED]> Systems Administrator, RHCE
GrowZone OnLine (a project of) GrowZone Development Network
POBox 475 Toowoomba Oueensland Australia 4350 Ph: 07 4637 8322
-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-
