Very Computer

I know nothing(for the most part) of Linux. In two weeks I move to an
area w/cable modems. I'll be living w/4 other roomates who each have
PCs. If we get a cable modem I would like to set up a network so that
everyone can access the net 24/7. What I have read in this news group
leads me to belive that Linux is capable of doing just this and more. My
Qusetion(s) is What do I need to do it? Specificly what distribution
should I buy and what HOWTOs or FAQs should I read? Also what type of
system does my linux box have to be to support 5 clients?

Here is my expected configuration:

comcast<--->cable modem<--->Linux box<--->Win95 box
                                       |->Win95 box
                                       |->Win95 box
                                       |->Win95 box
                                       |->Win95 box
I am using ethernet (coax) cable for linux to win95
runs.

sunsite.unc.edu/pub/Linux/docs

--
Windows: I can play Doom!               |RedHat Linux 2.0.30 i486
Linux: I can be a file server, be a Web |Because reboots are for upgrades!

twelve terminals AND play Doom!         |for pgp key.        frank sweetser

well, my 486DX/100 with 24 MB memory on Slackware 1.2.13 wasn't real happy
with me playing Doom and running TCP/IP applications over the modem at the
same time, but 2.X kernels seem to have got that squared away.

My favorite day was when I was testing 3 different Web browsers (Mosaic,
Netscape, and Lynx) all at the same time while listening to Internet Radio
on RealAudio, and printing Subgenius Foundation material on the printer
from yet another instance of a web browser.

While all this was going on, I was providing a blow-by-blow description of
it to some friends on IRC.

You will need an ethernet hub that supports 5 machines.  I have seen one
at Fry's recently for $20, but you probably will pay more like $50 for a
decent one.  I think you hook it up like:

                                  |->Win95 box
                                  |->Win95 box
 comcast<--->cable modem<--->Hub<--->Linux box
                                  |->Win95 box
                                  |->Win95 box
                                  |->Win95 box

Then you run IP masquerading on the Linux box (this is part of the
kernel now, you just compile it in), give all your Win95 boxes fake IP
addresses (I think), and route all your packets from the Win95 boxes
through the Linux box.  The Linux box then acts as a proxy for each of
the Win95 boxes, stripping off the identity of their requests and
replacing it with it's own.  To the outside world, it all looks like one
machine (the Linux box), but from your LAN, you have internet access in
the downstream direction for all your computers and in the upstream
direction for your Linux machine.  I believe that the only drawback is
that there is extra traffic on your LAN due to the fact that when data
comes back from the internet to the the Linux box, it has no idea who
requested it, so it gets broadcast over the LAN instead of being routed
back to a specific host.  Again, this is all from memory, I haven't done
it myself so don't take it as gospel.  It should point you in the right
direction though.

Where I'm at, you _can_ pay $5/month each for up to 5 additional real IP
addresses and skip the masquerading part, but I think most people with
multiple machines are saving their money and going with the above setup.

Good luck!

--

The Scripps Research Institute
http://www.scripps.edu/~jsmith

: > comcast<--->cable modem<--->Linux box<--->Win95 box
: >                                        |->Win95 box
: >                                        |->Win95 box
: >                                        |->Win95 box
: >                                        |->Win95 box
: > I am using ethernet (coax) cable for linux to win95
: > runs.

: You will need an ethernet hub that supports 5 machines.  I have seen one
: at Fry's recently for $20, but you probably will pay more like $50 for a
: decent one.  I think you hook it up like:

:                                   |->Win95 box
:                                   |->Win95 box
:  comcast<--->cable modem<--->Hub<--->Linux box
:                                   |->Win95 box
:                                   |->Win95 box
:                                   |->Win95 box
:                                  

Hi.

Just to put my two pennies worth in.  You will not need the Hub.  If you are using Thin Ethernet i.e 10Base-2, then you build a bus-style network; ensuring of course you have a 50ohmn terminator at each end.

Personally speaking I use it here with a Sparc Station 1, a couple of DOS Boxes, and other junk...  Works great, even possible to put an old Amstrad 1512 on the Net.

I would say however, keep an eye on your security from outside sites.  I went around reading everything I could get on Linux Security, plus joined the various security mailing lists.  Basically you are putting a UNIX box on the Internet, therefore be really careful what you run.  For a start turn off RSH/RCP or set the /etc/hosts.equiv and /etc/hosts.allow file correctly.  Personally I replaced them with Secure Shell (www.datafellows.com), this allows me to use a Compresssing, Encrypted protocol, to and from my University.  Also if you are using PostgreSQL, I would block that port off using the ipfwadm.

Like I say this is only my two pennies worth, but when your machine is connected to the Internet 24 hours a day, you learn to worry.

Anyway, thats my bit.

Yours,
Dave.

Quote:> I know nothing(for the most part) of Linux. In two weeks I move to an
> area w/cable modems. I'll be living w/4 other roomates who each have
> PCs. If we get a cable modem I would like to set up a network so that
> everyone can access the net 24/7. What I have read in this news group
> leads me to belive that Linux is capable of doing just this and more. My
> Qusetion(s) is What do I need to do it? Specificly what distribution
> should I buy and what HOWTOs or FAQs should I read? Also what type of
> system does my linux box have to be to support 5 clients?
> Here is my expected configuration:
> comcast<--->cable modem<--->Linux box<--->Win95 box
>                                       |->Win95 box
>                                       |->Win95 box
>                                       |->Win95 box
>                                       |->Win95 box
> I am using ethernet (coax) cable for linux to win95
> runs.

--
==============================================================================
Arcadio A. Sincero Jr.  a.k.a. The Tick -=LpC=-
Computer Science Undergraduate/Linux Enthusiast/Competitive Bodybuilder
www:   http://www.coming.to.a.web.site.near.you.com

Come hang out on IRC with me at irc.linpeople.org.  Or come face me in Quake
at quake.linpeople.org!

I do have a Linux 2.0.30 box serving as a masquerading firewall for a
Windows 95 machine. I have a 3C509 ethernet card connected to the cable
modem by 10baseT cable, and old 3C503 thinnet cards in each machine on my
local network.

IP forwarding and masquerading is built into Linux 2.0.30, so you'll want
that version of linux or later.

There are limits on IP masquerading. I've got ping and such working, but
not normal ftp. Passive FTP, as used in netcape works fine. TCPIP
connections work best, as there are return ports that can be properly
used to forward the masquerading packets. So, telnet, www, and other
tcpip actions work fine. Odd things like Diablo don't work. There's no
way for machines out there on the internet to connect to your masqueraded
machines. They can really only respond.

Though I have limited need, I'd probably say that paying $5 a month for
more IPs would be worthwhile (but I doubt many places offer that).

I may be incorrect about some of this even though I'm actually using it
:) Any corrections would be gladly noted, especially if it will improve
my masquerading connectivity.

Andrew

Quote:

>There are limits on IP masquerading. I've got ping and such working, but
>not normal ftp. Passive FTP, as used in netcape works fine. TCPIP
>connections work best, as there are return ports that can be properly
>used to forward the masquerading packets. So, telnet, www, and other
>tcpip actions work fine. Odd things like Diablo don't work. There's no
>way for machines out there on the internet to connect to your masqueraded
>machines. They can really only respond.

If someone really have to connect to a masqueraded machine I guess you'll
need a proxy server then...

Quote:> IP forwarding and masquerading is built into Linux 2.0.30, so you'll want
> that version of linux or later.

Quote:> There are limits on IP masquerading. I've got ping and such working, but
> not normal ftp. Passive FTP, as used in netcape works fine. TCPIP

I always needed to explicitly insmod the ftp-masquerading module for
it to work.

Quote:> tcpip actions work fine. Odd things like Diablo don't work. There's no
> way for machines out there on the internet to connect to your masqueraded
> machines. They can really only respond.

This can be quite useful (eg. for an internal web server).

The security implications of letting connections in are left as a an
exercise for the hacker.

Hope that helps,
Rusty.
--
.sig lost in the mail