Get APLawrence.com by RSS(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Home > Blogging > Internet Sharing using a linux box
Printer Friendly Version
Internet Sharing using a linux box
Author: amarjyoti
Date: Tue Feb 22 10:54:48 2005
Subject:
Internet Sharing using a linux box
If you have an apple and I have an apple and we exchange these apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas.
-- George Bernard Shaw
The computer world was similar to all of us having an apple each till some time back. And then the wise men from the industry made networks. Ideas started flowing all over and soon came in the internet. The internet has been the best thing that has happened to the computer world so far. It has created a platform where we can share our ideas.
Since the Internet is a large network composed of smaller networks, it made sense to break the address space into smaller chunks. Network classes enable us to break down this address space. In IPv4 the various classes of networks are -
Class A networks have an address range between 1.0.0.1 to 126.255.255.254 and support 16 million hosts on each of 127 networks. Class B networks have an address range between 128.1.0.1 to 191.255.255.254 and support 65,000 hosts on each of 16,000 networks. Class C networks have an address range between 192.0.1.1 to 223.255.254.254 and support 254 hosts on each of 2 million networks. Class D networks have an address range between 224.0.0.0 to 239.255.255.255 and are reserved for multicast groups. Class E networks have an address range between 240.0.0.0 to 254.255.255.254 and are reserved for the future
Such a system makes things simple and networks are manageable. However, they cannot communicate with each other. The scenario is very similar to how communities grew around the world. With time people from different communities needed to communicate with each other, however language was the barrier. The solution they found was people who understand both the languages i.e. translators. So if you need to talk to a beautiful French girl, all you need to do is get somebody who understands French and can translate English to French and vice versa. Routers /gateways do the same in computer networks. Different networks communicate with each other using routers.
A router allows hosts that are not on the same logical network, like an IP subnet, to communicate with each other. The router receives packets (chunks of data) on an interface and routes them to where they need to go based on a routing table; the table allows the router to have knowledge of where a given logical network is located.
Most offices and homes have small class C private networks. These networks need to communicate with the servers in the internet. The only logical way for them is to use a gateway/router. Linux has routing functionality in the kernel itself which makes it an ideal choice for as routing box.
One simple way of sharing the internet connection using linux is using the IP forwarding feature of the kernel and network address translation (NAT). For NATing one can use either ipchains or iptables. It is assumed that the private network is in the 192.168.1.0-255 range.
Let us take the example of a simple network. The server is used to connect to the internet. It's IP address is 192.168.1.1. There are 4 workstations 192.168.1.2-5. They are connected to the server via the switch. All the workstations share the internet through 192.168.1.1
The first step is to enable ipforwarding in the kernel of the server (192.168.1.1).
$ vi /etc/sysctl.conf Change the line net.ipv4.ip_forward = 0 to net.ipv4.ip_forward = 1> This would enable ip forwarding.
Then we need to get the server to NAT which can be done via ipchains or iptables.
If ipchains is used, create a file called rc.fw and add following lines
$ vi /etc/rc.d/init.d/rc.fw #!/bin/bash # First Load the ipchains kernel module. Required only if ipchains is compiled as a module. /sbin/modprobe ipchains insmod ipchains # MASQ the full 192.168.1.0/24 network /sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ # List the rules /sbin/ipchains -L -n
If iptables is used instead of ipchains, create a file called rc.fw and add the following lines -
$ vi /etc/rc.d/init.d/rc.fw #!/bin/bash # First Load the ipchains kernel module . Required only if iptables is compiled as a module /sbin/modprobe iptables insmod iptables # MASQ the full network /sbin/iptables -t nat -A POSTROUTING -j MASQUERADE # List the rules /sbin/iptables -L
This would look after all the entire data traffic from the local network to the internet.
Finally add this to the startup -
$ vi /etc/rc.local Add the line /etc/rc.d/init.d/rc.fw
This ensures that the settings are retained after a reboot also.
After rebooting the server would do all the routing functions for the entire network.
On the client side all that is required is to set the default router/gateway as the server's IP i.e. 192.168.1.1. The entire network is now set to share the internet connection.
If this page was useful to you, please click to help others find it:
Your +1's can help friends, contacts, and others on the web find the best stuff when they search.
Inexpensive and informative Apple related e-books:
Passwords in Mac OS X
Easy Mac Backups
Recording with GarageBand '09
Customizing Panther (Leopard version also available)
Apple Mail in Snow Leopard
More Articles by amarjyoti
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.
Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.
We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.
Click here to add your comments
Tue Feb 22 12:50:21 2005: TonyLawrence
amarjyoti had the honor of being the first to try out the new article posting system, and I see it still has a few bugs. The article did manage to get posted though, so that's the most important part.
Sat Dec 10 09:24:58 2005: anonymous
Hi!
I feel very happy see my article on your site. :)
I'll surely post more now :)
Regards
Amar
http://amarjyoti.com
Don't miss responses! Subscribe to Comments by RSS or by Email
Click here to add your comments
If you want a picture to show with your comment, go get a Gravatar