1. Introduction
The only reason I am including this here in this day and age is just for legacy reasons. Not too long ago, 2003/04, I was still using this setup in order to share dail-up in my house and just to be fair you can use this to share any kind of connection. This means that you can use the steps below in order to use your Linux machine as a home-brew router.
2. Configuring Networking
I am assuming that you have not tried hooking up the two or more PC so I am going to start from scratch. An important thing to note is that if you dual boot with any Windows version that has the Connection sharing capabilities and you have it enabled YOU HAVE TO USE THE IPs I have in here, otherwise when you are in Windows and you are online the Windows Connection Sharing WILL NOT work, so make sure you follow the instructions correctly.
So you have your network card plugged in, you have your modem up and running, but now your mom
needs to get on the internet and she is definitely not a Linux lover. Well lets start setting up the network
so we can keep your mom happy:
2.1 Configuring Slackware
1. Log in as root
2. In your console run netconfig
3. Go through first few windows where you specify the name of your machine and the host name you
want to have
4. The third window you should see is SETUP IP FOR "your host name"
5. Click on Static IP
6. You are going to be prompted a window and you are going to put 192.168.0.1 in it.
That is going to be your IP on your home network.
7. Leave the default net mask as 255.255.255.0
8. When you are asked for a gateway just hit enter, when you are asked if you are going to run name
server click no, and after that you should be good to go.
9. You are going to be prompted for your network card to be detected just let the
program find the module for your card (if the system has that module compiled)
10.If netconfig tells you that you don’t have the module for your network card than you better find out
what your card name is and compile it in the kernel (if you don’t know how to do that go and
read the Kernel-HOWTO at www.linuxdocs.org).
2.2 Configuring Windows
1. Log in as administrator
2. Right click on network neighborhood
3. Right click on local connections
4. Then click on TCP/IP protocol and go to properties (if you don’t have the protocol installed just hit install) go to
Protocols and select TCP/IP and click install.
5. There click use static IP: in the IP box put 192.168.0.2 then go to netmask and enter 255.255.255.0 and for the
default gateway enter 192.168.0.1
6. Now for DNS services you are going to add the IP your ISP (Internet Service Provider) had provided you
with if you don’t know it then Connect to the Internet in windows and then go to Start/Run and type winipcfg
(this might be a w2k option only) and a window with at least 2 IP’s will be shown.
Those two are the two DNS servers provided by your ISP. Put them both in the DNS service at the TCP/IP
configuration.
7. Click ok and go back to your Slackware machine.
3. Setting up the connection sharing
Well her goes the most exciting part of the exercise. Setting up the sharing script.
So start up your favorite text editor (I usually use Pico for simple editing) and copy this script:
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
iptables -F
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A INPUT -i ppp0 –source 192.168.1.0/24 -j DROP
iptables -A INPUT -i ppp0 –source 10.0.0.0/8 -j DROP
iptables -A INPUT -i ppp0 –source 172.16.0.0/12 -j DROP
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m limit –limit 5/minute –limit-burst 5
The first iptables line is flushing the iptables rules. The second is setting your ppp0 ( your modem )
interface to masquerading, the third linedenies any connection to your ppp0 interface from the three "C" class
IP’s used for home networking, the forwarding lines are the ones that are doing the magic they are allowing your
Network Card to be used as an ISP that serves the 192.168.0.2 PC. That’s it you are done. Now exit and save do
chmod a+x filename then do cp filename /usr/bin and now you are good to go. You are all set.
Now if you want to have I-net sharing AND a Firewall you can copy the script at the end of this file instead of
just the lines above and then just follow the steps below.
OK, here is the way to make this script startup at boot all you have to do is follow these simple steps:
1. cd /etc/rc.d/
2. pico rc.local
3. put a line in here that says something like:
echo "I-net sharing and Firewall is being started up."
4. put this line right below the echo line:
/usr/bin/filename (where filename is the name of the file that you put the scrip in)
5. save and exit
6. either reboot the machine or just do ./rc.local and you are set.
Now go to the Windows computer and try connecting to a site. If you did everything right you should be
able to surf the net without any problem. If you want to be able to do dial on demand go to
www.sourceforge.net and do a search for daild there is a good HOWTO on configuring diald on www.linuxdocs.org.
COMMENT: I am thinking about trying to setup daild on my box and if I do I will post a new
mini Howto on how to set that up too :).
4. Some Security Additions
Well everything is cool now and you have your network connection sharing up and running.
Here are a few tips on how to make you computer and network a little more secure.
1. log in as root and go to /etc
2. pico(or whatever your favorite text editor is) hosts.deny. Now put this line in there:
ALL: ALL
This deny’s any access to any service(that is controled by inetd) on your PC.
The bad thing is that you blocked yourself and your network too that way :).
3. No worries just do pico hosts.allow and put this in there:
ALL: 127.0.0.1
ALL: 192.168.0.
Now you have granted access to the services to your localhost and your network.
That’s it now you can go and edit the inetd.conf file and comment in all the services you don’t need.
