Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] Home network project


Anyone please feel free to correct me:

Comments and imporvememnts welcome, I think that I will put this up on my
web page for reference for other people, this stuff gets asked regularly.

For your simple network, trying to keep things simple, there are basically
four things to concentrate on:

	1) Getting your IP connection working, ppp in your case which you
already seem to have working.
	2)Getting the packets of information get from the source app on
your machines, to the destination app and whichever machine, ie routing
	3) How to translate the domain names that you type in, to IP
addresses. Domain Name Resolution (DNS)
	3) NAT network address translation and firewalling, to get packets
in and out to the internet.

Routing:

For each of your machines you need to give an IP address, I normally use
192.168.0.xxxx for internal addresses. Your gateway machine will have two
IP addresses, one for the ppp interface which is given to you by your ISP,
and one for the ethernet interface. For the gateway machine I normally
start at 192.168.0.1, and then each of the other machines increment from
there.

In red hat, the interface configuration and routing is done from a gui (I 
think its called control-panel which in turn calls netcfg I think). For
all of the machines other than the gateway machine, you need to make sure
there is are at least the following three entries in the routing table

a loopback route (needed for X):
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0      0 lo
a network route so that packets not for the local machine get sent to the
ethernet interface:  
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0      0  eth0
and a default route that sends any packet not for your network, to the
gateway machine:
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0      0  eth0
The default route is easy to identify because it has 0.0.0.0 as the source
address. The destination is the IP of your gateway machine, and it is
flagged as G (for gateway)

On your gateway machine, the default route needs to point to the IP
address of the other end of your ppp connection. If your ppp is configured
correctly, (default_route option), this happens automatically.

If all of these routes are present on the correct machines, your routing
should be hunky dory. You can check this from the command line by running
bash: route
If the route programme hangs, then it is probably because DNS is not
working, and you can run:
bash: route  -n
which stands for numeric. The route listings above are from route -n

DNS resolution:

For a small network like yours, and if you are not too experienced, then
running a DNS server is probably not worth it just yet. On each of your
machines, you need to make sure that your /etc/hosts file has an entry for
each machine, my hosts file on my machines look like this:

127.0.0.1       localhost
192.168.0.1     lisa.private.emseng.com.au  	lisa
192.168.0.3	monty.private.emseng.com.au 	monty
192.168.0.2     marge.private.emseng.com.au     marge
#etc etc 

You Usually give the fully qualified domain name first, then a short
alias, you can have more than one alias. Since your machines have IP
addresses whcih are not seen outside your network, you can call it what
you like.

You also need to be able to find machines outside your network. You do
this by specifying a nameserver in your /etc/resolv.conf file. Mine looks
like this:

order hosts,bind
nameserver 192.168.0.1
nameserver 129.78.124.3
nameserver 129.78.64.3

You can't use the same IP addresses that I have here, becasue you may not
be able to connect to them. Your ISP will give you two nameservers at
least.

Again, Red Hat has some nice gui stuff to help you insert these into the
correct files. Anybody with more Red Hat exp know ?

IF your DNS setup is correct, you should be able to find hosts outside of
you network, except for one thing, NAT (network address translation).

NAT:

Network addresss translation happens in the kernel (very tricky stuff),
and allows packets of information which have private IP addresses, to
reach outside your small netork, and the replies to get back. By default,
packet forwarding is turned off, otherwise spammers would have a field
day, so you have to enable it. This is done setting the value of:

/proc/sys/net/ipv4 equal to 1.
eg:
bash: echo 1 > /proc/sys/net/ipv4

This has to happen at boot time, each time, so it has to go into the
config files. The red hat network conf gui has a check button for IP
forwarding, make sure it is set.

Then you have to put in some masquerading rules to make the rest of the
world think that the packets from your private address, come from a valid
and routable IP address such the ppp address. You do this by using
ip-chains. I basically deny everything unless you know what you are
doing. This means that nasty people in the big bad net will have a lot of
trouble connecting to your machine. This boils down to the following
ip-chains:
#default rules
:input DENY
:forward DENY
:output ACCEPT
#forwarding rules
-A forward -s 192.168.0.2/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j MASQ
-A forward -s 192.168.0.3/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j MASQ
-A forward -s 192.168.0.4/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j MASQ
etc, one for each of your private  machines.

I don't know how to set these up in Red Hat, anybody?

If you have all of this working, you should be able to use your network.

A word about email. To keep it really simple, set up Netscape to connect
to your ISP's mail server, and set your identity to match that on your ISP
account, eg   you_login_name@your_isp.com.au. It just makes life a good
deal easier.


If you can get through all of this, well done. The howto's help once you
get a basic understanding, also, the network administrators guide is a
good start.


Cheers

Erich


Erich Schulz
PO Box 6028, Lake Munmorah, NSW 2259
Ph: (+61)0500 551 228 , Fax: (+612) 43583113
Mob: 0408 201 228