SLIP, ethernet, & IP forwarding

SLIP, ethernet, & IP forwarding

Post by Michael Gerd » Sun, 09 Apr 1995 04:00:00



WHAT I WOULD LIKE TO DO
=======================

I currently have a static slip connection from my machine at home to the
slip server at work.  I would like to add an ethernet connection between
my machine and my roommate's machine.  I am a bit unsure of the finer
points of getting things up and running.  The setup that I envision is

    144.92.60.90 <-slip-> 144.92.4.173
       annex3               killians          roommate's machine
                          144.92.4.182 <-ether-> 144.92.4.183

WHAT I HAVE DONE
================

     o  Recompiled my kernel for ethernet support, SLIP, IP forwarding
     o  Verified that I can get my machine to see the ethernet card
     o  Read through the Net-2 Howto

WHAT I THINK I HAVE TO DO
=========================

I am guessing that I need to get two more IP addresses, one for killians
and one for my roommate's machine.   Let's pretend that they are
144.92.4.182 and 144.92.4.183, respectively.  I assume that I would then
add the following to rc.inet1 on killians:

# killians
/sbin/ifconfig eth0 144.92.4.182 broadcast ?.?.?.? netmask ?.?.?.?
/sbin/route add -net ?.?.?.? netmask ?.?.?.?

On 144.92.4.183, it would rc.inet would have

# roommate's machine
/sbin/ifconfig eth0 144.92.4.183 broadcast ?.?.?.? netmask ?.?.?.?
/sbin/route add -net ?.?.?.? netmask ?.?.?.?
/sbin/route add default gw 144.92.4.173 metric 1

THINGS THAT CONFUSE ME
======================

Since I am creating my own net in my house, do I get to pick my netmask,
or should I use the same one that is used at work (255.255.255.128)?  Am
I completely off base with the above files?

And now the real question-- If 144.92.4.183 is sending packets out
into the world, how do packets find their way back through killians to
144.92.4.183?  If you can, please tell me which machine would do what
to/with packet headers to get it to the right place.  

Finally, is there a way to do this without requiring 2 more IP numbers?

Thanks,

Mike
____________________________________________________________

 Mike Gerdts                   UNIX is user friendly.  It's

 CAE Unix Systems Staff        friends are.
 University of WI - Madison                        --Unknown
____________________________________________________________

 
 
 

SLIP, ethernet, & IP forwarding

Post by Taylor Gauti » Mon, 17 Apr 1995 04:00:00


I have done exactly what you would like to.  It doesn't work perfectly
yet, but it's getting there.  I actually have a little bit more
complicated situation (3 computers, 2 possible slip) but it's essentially
the same.

The way I see it you have two choices:

1.  Choose your own 'fake' IP addresses.  (This is what I have done)

In this case you make up your own little ethernet and the machine that
has the slip connection becomes a firewall.  For more info on firewalls,
check out all the posts here in c.o.l.n.  It's a hot topic these days.  
The reason for doing this is because :
        You can't get an IP address from work (a registered one) -or-
        Work won't support dynamic routing, or let you change thr routing
        scheme.

As you pointed out, how will the outside world know how to get to your
roommates machine?  They can't, unless you use a registered IP address
and you are able to change the routing on the SLIP server side so that
someone knows that packets destined for his machine should use the
SLIP server and your machine as a gateway.

In my case, I have dynamic SLIP lines, so there's no chance of getting
proper IP routing.

2. Get registered IP addresses

You will have to have work assign you IP addresses and then setup the
routing.  (WHY? see above)

If you go with 1 (it's probably more difficult, but more practical since
you can always use your machine as a firewall and not care what your real
addresses are) then you can achieve a 'virtual' connection to the
internet via proxies.

there are two levels of proxies, application level and socket level.  An
application level package that is recommended by 'Firewalls and Internet
Security' by William Cheswick and Steven Bellovin is the TIS package.  
The socket level package I use and I think is recommended too is SOCKS.  
It supports any socket level connection, as long as you application has
been compiled against a SOCKS library.  

Setting up the application level gateway requires changing the normal
services prvided in your etc/inetd.conf to be modified.

Setting up the socket application level gateway requires setting up one
service, socks, at some port (usually 1080) in inetd.conf and using new
applications compiled against the socks library (rtelnet, rftp, rfinger,
rgopher are provided) (You'll also have to setup named -- nearly
impossible IMHO [thanks Erin :)])

This should really be a FAQ, don't you think?  I have gone through hell
this last year trying to configure all of this to work properly, and it
still doesn't work as nice as it could.  

Anyway, I know some more about this, but I only wanted to give you a
brief summary to get you started.  If you want more info, mail me and I
can try to help (when I have time)

-Taylor

_________________________
     Taylor Scott Gautier


 
 
 

SLIP, ethernet, & IP forwarding

Post by Charles Ro » Fri, 21 Apr 1995 04:00:00


Quote:>there are two levels of proxies, application level and socket level.  An
>application level package that is recommended by 'Firewalls and Internet
>Security' by William Cheswick and Steven Bellovin is the TIS package.  

I just got their Firewall Toolkit -- it seems the way to go for those of us
with a single provider-assigned IP address.  

Quote:>This should really be a FAQ, don't you think?  I have gone through hell
>this last year trying to configure all of this to work properly, and it
>still doesn't work as nice as it could.  

Absolutely!  I think this is one of the more important FAQ's that need to be
written.  There are quite a few messages per week from people who want to
route from their local ethernet through a Linux machine to the Internet and
must do it using one IP address.  I've been following this discussion for
weeks now and am coming to the conclusion that I'm going to have to setup a
firewall to do it.

Quote:>Anyway, I know some more about this, but I only wanted to give you a
>brief summary to get you started.  If you want more info, mail me and I
>can try to help (when I have time)

Is there any other information (books, FAQ's, files, etc) you found
helpful and would suggest (besides the Firewall Toolkit docs, which are in
postscript, which I'm going to have to figure out how to convert for an old HP
LaserJet<g>).

Thanks for your post -- I appreciate any replies!

Charles

 
 
 

1. ip-forwarding && dns-forwarding

Hi I own a domain name on networksolution's  server, and I did an ip-forward
to my
ip address, but the name doesn't show up as well when it is forwarded(when
the domainname is typed in the browser, it converts to my ip-address on
reaching my
computer)...Is there a different between ip-forwarding and dns-forwarding??
What should I do, if I want my name still maintained in the location bar...
Thank you..

2. Help repairing Redhat 7.1 -- How can I repair the superblock?

3. IP forwarding from ethernet to ethernet doesn't work ?

4. Help Excise Ghost!

5. IP forwarding is only good for port forwarding of only one IP ?

6. Fail on make dep - missing header files

7. IP forwarding & Masq from net to Private IP

8. 2.5.36 X freezes and input problems

9. IP masquarade & IP forwarding

10. Trouble w/SLIP && Ethernet

11. Forward in ipchains, IP-forwaring & IP routing

12. Linux 1.2.13, BIND, & sendmail 8.7 mail store & forwarding for non-ip domains

13. SLIP, DIP and Ip forwarding