ken bonner wrote:
>
> Hello all.
> I have read a couple of messages here on IP masq, and was kind of hoping that
> it would get a bit deeper, but no luck!
>
> I am thinking about setting up an old 486,or one of my 'trash' pentiums with
> ipmasq, or some other method to let the home network connect to the internet,
> and was wondering about a few things. So if you can help Thanks!
>
> 1, what would be the minimum system that would work?
> I have an old compaq deskpro 486-66 32 megs,(no hard drive right now),
> and a couple of pentiums that are pretty much just laying around for now.
>
> 2, how much ram,and disk space would be needed? is more better?
>
> 3, what would the performance hit be compared to a direct connection? Here in
> the big city of Pierson mi. (pop 207) the only ISP is a bit overloaded from
> all the outlaying towns,and it's the king of slow,even at 2am. so any
> performance hit is a big hit.
>
> 4, any other reccomendations on software that would do the same thing?
>
> Thanks again, I've learned quite a bit from lurking in the shadows here,
> Most of the time I find info I'm looking for without having to post,but no
> such luck on this one!
>
> ken.
Well, any linux with kernel 2.2.x will probably work, the later
the better. You need no graphics on the "firewall", just a
console "server" with mail, web, and ftp disabled. From the
sounds of it you have a modem dialup connection so you need
NICS--ethernet interface cards--1 for the gateway/firewall and
one for each other computer connected.
A hub and ethernet cable from each computer
A modem on the firewall.
You set up your modem for ppp and set the default gateway device
on your firewall to ppp0
You assign an address to each machine (IP address)
192.168.x.y (with x and y between 0 and 255) are "experimental"
addresses according to RFC 1918 so you can use those knowing no
internet router will relay them. Also 10.x.y.z and 176.16.x.y
thru 176.31.z.a are in that category-- for simplicity use these
addresses
192.168.1.254 for the ethernet interface on the firewall
192.168.1.2-253 for the other computers in your network.
a NETMASK of 255.255.255.0
Now in /etc/resolv.conf on your firewall put the IP Addresses of
the dns servers you will be using, and do the same in network
neighborhood and the networking sections of your other computing
boxes (depending on OP system)....
Now on your gateway box put the following code in /etc/rc.local
ipchains -P forward DENY
ipchains -A forward -i ppp0 -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward
And on each of the other computers make the default gateway
192.168.1.254
There is no performance hit--masquerading/demasquerading takes
less time than a 112k-clocked register takes to fill or empty on
the modem.
If you are using several computers at the same time, then there
would be a splitting of bandwidth among them (as in DLing files
to two or more computers)
PASSIVE Ftp will work from behind the firewall but active will
not, so be sure to set your ftp client to passive mode. Other
services are largely unaffected.
Civileme
