cable modem -> linux box -> network

Posted on 2000-03-29
Last Modified: 2010-03-18
i am trying to get my exturnal cable modem to be accessed by my network by useing ipchains and ipmasq i have not been able to get it to work i have made a file that had all the commands that i was told that i needed and that worked for the person that gave it to me but it does not seem to work on my linux box if anyone could help me that would be nice
Question by:raptor
LVL 40

Expert Comment

ID: 2667636
First things first... Without ipchains running does the Linux box recognize the cable modem's presence on its outside interface and allow you to access the Internet? Also do you have basic connectivity (ping, telnet, etc) between the inside ethernet interface and other systems on your inside network?

Accepted Solution

munsie earned 200 total points
ID: 2682311
ok, here is the steps...

1) configure your linux box to access the cable modem:

I'm going to give specific examples from Redhat 6.1, but should work for other versions of RedHat, and should be similar for other distros.

when you received your cable modem, you should've got your information on the setup of it.  Things you really need are: IP address/DHCP setup, gateway, and DNS settings.

Also, you want to verify that your Ethernet cards are recognized by Linux.  You can try doing a ifconfig eth0 and then a ifconfig eth1.  If they both list some settings, Linux is seeing the cards.  If not, verify that the cards are supported in your distribution and if they are, verify that the cards work (maybe under Win95/98/NT).

to quickly check if the cards are functioning, configure the card connected to the cable modem with your IP address.  If you're using @Home, you can get away with assigning the last IP address you had under Windows.  I don't know about other providers.

do the following to assign a address:
      ifconfig eth0 xx.xx.xx.xx netmask broadcast xx.xx.xx.255

where xx.xx.xx.xx is your IP address, and xx.xx.xx.255 is the first 3 octets of the address with 255 as the last octet.

at this point you should be able to ping your router/gateway.  Usually, the gateway is the first three octets with a .1 as the last octet:
      ping xx.xx.xx.1

if you can ping, then your networking is working.  Now you need to get your gateway settings working.  type the following:
      route add default gw xx.xx.xx.yy
where xx.xx.xx.yy is the gateway IP address.

Under RedHat, you can make the change permanent by editing /etc/sysconfig/network-scripts/ifcfg-eth0.  You should already have this file.  Just change the IPADDR variable and NETMASK variable.

to make the gateway setting permanent, edit /etc/sysconfig/network.  Set the GATEWAY variable to your gateway.  Also, set FORWARD_IPV4 to true, while you're here.

For your DNS settings, edit /etc/resolv.conf.  It should have the following lines in it:
      nameserver xx.xx.xx.yy
      nameserver xx.xx.xx.yy

you can have as many nameserver lines as there are nameservers listed on your configuration sheet.  I currently have two nameserver lines with @home.  At work, we have three nameservers.

after you have the cable modem working, assign a internal address to the other card.  Just substitute eth1 for eth0 in the above steps.  For the IP address, I would choose one from the 192.168.xx.yy range, where xx is the same for all of your machines and yy is unique.  This gives you 254 addresses to use, plenty for most setups.

Make sure that all of your internal computers can talk to each other and can see the linux box.  Go ahead and setup the DNS info the same way you would if you connected the cable modem directly to them, and for the gateway, set it to the IP address of the internal network card of the forwarding box.

At this point, you'll want to make sure that your kernel has forwarding turned on.  look in /proc/sys/net/ipv4 for a file called ip_forward.  If you have this file, you're set.  If not, you'll have to recompile the kernel to include the forwarding code.  Look in the FAQs for how to recompile the kernel.

If you do have ip_forward, echo "1" > /proc/sys/net/ipv4/ip_forward.

then you can do the following to turn on forwarding:
      ipchains -P forward DENY
      ipchains -A forward -s -j MASQ

I used 192.168.242.x as my network, you might have choosen something different.  Just replace my net address with your's.  The .0/24 is important.  That specifies any packet from a machine in the range of - .255 will be forwarded out.  If you misconfigure this, you won't be able to forward.

Test it out by trying to ping your gateway (the cable modem gateway, not the linux box) from another machine.  If this succeeds, than forwarding is working.  Then try something a little more complex like loading a web page... it should work if everything is configured good.

You'll probally run into problems with some applications.  Some, like ftp, have additional modules that need to be loaded to work.  On my machine, I have the following modules available to load:

look in /lib/modules/linux-???/ipv4 for your modules... ??? is whatever version of the kernel you are running.

to load one of these, just type:
      insmod ip_masq_ftp (or whatever module you want)

you only need to load them once after boot.  They stay loaded until reboot or you do a rmmod ip_masq_ftp (or whatever..)

If you have any other questions, go to the Linux Documentation project and search the howtos for the IP Masq howto.  It is a excellent resource.

Good luck,

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to add a new SAN disk to a linux vmware box 8 29
ACK Attack 5 58
IPA and Samba (and NFS and Samba....) 1 124
Xymon customize http timeout 2 66
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now