Solved

cable modem -> linux box -> network

Posted on 2000-03-29
2
193 Views
Last Modified: 2010-03-18
i am trying to get my exturnal cable modem to be accessed by my network by useing ipchains and ipmasq i have not been able to get it to work i have made a file that had all the commands that i was told that i needed and that worked for the person that gave it to me but it does not seem to work on my linux box if anyone could help me that would be nice
0
Comment
Question by:raptor
2 Comments
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
First things first... Without ipchains running does the Linux box recognize the cable modem's presence on its outside interface and allow you to access the Internet? Also do you have basic connectivity (ping, telnet, etc) between the inside ethernet interface and other systems on your inside network?
0
 
LVL 2

Accepted Solution

by:
munsie earned 200 total points
Comment Utility
ok, here is the steps...

1) configure your linux box to access the cable modem:

I'm going to give specific examples from Redhat 6.1, but should work for other versions of RedHat, and should be similar for other distros.

when you received your cable modem, you should've got your information on the setup of it.  Things you really need are: IP address/DHCP setup, gateway, and DNS settings.

Also, you want to verify that your Ethernet cards are recognized by Linux.  You can try doing a ifconfig eth0 and then a ifconfig eth1.  If they both list some settings, Linux is seeing the cards.  If not, verify that the cards are supported in your distribution and if they are, verify that the cards work (maybe under Win95/98/NT).

to quickly check if the cards are functioning, configure the card connected to the cable modem with your IP address.  If you're using @Home, you can get away with assigning the last IP address you had under Windows.  I don't know about other providers.

do the following to assign a address:
      ifconfig eth0 xx.xx.xx.xx netmask 255.255.255.0 broadcast xx.xx.xx.255

where xx.xx.xx.xx is your IP address, and xx.xx.xx.255 is the first 3 octets of the address with 255 as the last octet.

at this point you should be able to ping your router/gateway.  Usually, the gateway is the first three octets with a .1 as the last octet:
      ping xx.xx.xx.1

if you can ping, then your networking is working.  Now you need to get your gateway settings working.  type the following:
      route add default gw xx.xx.xx.yy
where xx.xx.xx.yy is the gateway IP address.

Under RedHat, you can make the change permanent by editing /etc/sysconfig/network-scripts/ifcfg-eth0.  You should already have this file.  Just change the IPADDR variable and NETMASK variable.

to make the gateway setting permanent, edit /etc/sysconfig/network.  Set the GATEWAY variable to your gateway.  Also, set FORWARD_IPV4 to true, while you're here.

For your DNS settings, edit /etc/resolv.conf.  It should have the following lines in it:
      domain your.domain.here.com
      nameserver xx.xx.xx.yy
      nameserver xx.xx.xx.yy

you can have as many nameserver lines as there are nameservers listed on your configuration sheet.  I currently have two nameserver lines with @home.  At work, we have three nameservers.

after you have the cable modem working, assign a internal address to the other card.  Just substitute eth1 for eth0 in the above steps.  For the IP address, I would choose one from the 192.168.xx.yy range, where xx is the same for all of your machines and yy is unique.  This gives you 254 addresses to use, plenty for most setups.

Make sure that all of your internal computers can talk to each other and can see the linux box.  Go ahead and setup the DNS info the same way you would if you connected the cable modem directly to them, and for the gateway, set it to the IP address of the internal network card of the forwarding box.

At this point, you'll want to make sure that your kernel has forwarding turned on.  look in /proc/sys/net/ipv4 for a file called ip_forward.  If you have this file, you're set.  If not, you'll have to recompile the kernel to include the forwarding code.  Look in the FAQs for how to recompile the kernel.

If you do have ip_forward, echo "1" > /proc/sys/net/ipv4/ip_forward.

then you can do the following to turn on forwarding:
      ipchains -P forward DENY
      ipchains -A forward -s 192.168.242.0/24 -j MASQ

I used 192.168.242.x as my network, you might have choosen something different.  Just replace my net address with your's.  The .0/24 is important.  That specifies any packet from a machine in the range of 192.168.242.0 - .255 will be forwarded out.  If you misconfigure this, you won't be able to forward.

Test it out by trying to ping your gateway (the cable modem gateway, not the linux box) from another machine.  If this succeeds, than forwarding is working.  Then try something a little more complex like loading a web page... it should work if everything is configured good.

You'll probally run into problems with some applications.  Some, like ftp, have additional modules that need to be loaded to work.  On my machine, I have the following modules available to load:
      ip_masq_autofw.o
      ip_masq_cuseeme.o
      ip_masq_ftp.o
      ip_masq_irc.o
      ip_masq_mfw.o
      ip_masq_portfw.o
      ip_masq_quake.o
      ip_masq_raudio.o
      ip_masq_user.o
      ip_masq_vdolive.o

look in /lib/modules/linux-???/ipv4 for your modules... ??? is whatever version of the kernel you are running.

to load one of these, just type:
      insmod ip_masq_ftp (or whatever module you want)

you only need to load them once after boot.  They stay loaded until reboot or you do a rmmod ip_masq_ftp (or whatever..)

If you have any other questions, go to the Linux Documentation project and search the howtos for the IP Masq howto.  It is a excellent resource.

Good luck,
dennis
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now