Novell is now a part of Micro Focus

Basics: Howto set up a simple Linux and Windows sub-network

Novell Cool Solutions: Feature
By Stomfi

Digg This - Slashdot This

Posted: 20 Sep 2005
 

Hi Stomfi, I saw in the Computerbank mailing list that you are a wizkid on SUSE for desktop users. I'm having a bit of a problem setting up a simple home network. I have an Ethernet card which goes to my ADSL modem, and another card which I installed to go to my secondary Windows 98 machine. This machine is dual boot to SUSE as well. Windows has set up the Ethernet card to get an automatic IP address.

I'm running SUSE 9.2. I have read the SUSE admin documentation, especially chapter 27, but still can't work out what I have to do to get YaST to set it all up. I found out a few network things that might help you sort out my problem. The SUSE machine gets its IP address automatically from the ADSL modem, which is on 10.0.0.138, and the Ethernet card gets set to eth0 on 10.0.0.1.

My host name is "dizzy", and my site is called "daze". The second card gets set to eth1, but is not configured, mainly because I don't know how to and my boyfriend is useless with computers. Can you help? Dizzy

Answer: For SUSE

I know what you mean about working it all out. Getting all the facts into one place is the difficult part. I'll set down all the things that one has to know or decide before you can start.

A Linux box with two or more Ethernet cards is a gateway from one network to other sub networks, each usually having different network address ranges.

In your case the second Ethernet card is for a sub network, so can have a different IP network address range. This can be say 10.0.1.0 or 192.168.0.0 although it is conventional to use the same basic numbers.

Since your primary interface is on the 10.0.0.0 network, I suggest you use 10.0.1.0 for your sub network, and use a static (manually configured) number of 10.0.1.1 on the second card.

Now we have two networks, and two Ethernet cards on the SUSE gateway machine thus:

dizzy.daze on 10.0.0.1 via DHCP config

dizzy.daze on 10.0.1.1 via static config

Since the ADSL is always going to give you the 10.0.0.1 address, I'll leave that as is, but you may have to statically set this address as well if the ADSL decides to give you a different address and mess up your carefully organised network numbers.

We need an IP number in the sub network range and a host mane for the dual boot Linux/MS Windows machine. This will have to be setup both in Linux and in MS Windows. I'll call this:

win.daze on 10.0.1.2 via static config.

(When you get to this point later down the page, do Linux first and test it to get it right, as MS Windows has to be rebooted each time to accept any of your network reconfigurations.)

This is a picture of the network design:

The gateway machine has to redirect Internet traffic from 10.0.1.2 via 10.0.1.1 to 10.0.0.1 which goes on to ADSL at 10.0.0.138, and it has to follow the same path from ADSL to win.daze.

Trouble is that ADSL doesn't know about the 10.0.1.0 address range. Luckily for us Linux can masquerade as another IP address so that ADSL thinks all traffic is coming from and going to the 10.0.0.0 network.

This is set up in the gateway IP tables software on SUSE by YaST.

The other thing that the gateway does is to route and forward the traffic to where it should go. This is done by the routing software setup in YaST.

The last, but not least thing the gateway can and should do, is to be a firewall against unwanted traffic, especially important if you are connecting your vulnerable MS Windows machine to the Internet. Where people can't avoid using an MS OS, like in this case, Linux is ideal as a firewall machine. You can even get it to strip the text content from emails and html pages, discarding any suspect coded parts, and convert images to another format to hedge against embedded image viruses. Its powerful security features let you hide your vulnerable MS systems behind the superior capabilities of Linux.

On SUSE, YaST can be used to perform most of the necessary steps. YaST can be found in the system menu. You will have to give it the "root" or "superuser" password, as these are system administrative actions you are doing.

Select Network Devices – Network Cards from the YaST window and you will see this screen:

You can see that I have the same setup as you. One card configured with DHCP and the other not configured.

Click on Configure to set this card up. Here is the screen:

I have clicked "Static address setup" and entered the 10.0.1.1 number.

Next click "Host name and name server" in Detailed settings.

Click Accept on the above screen, as we don't want to modify anything important here.

Here is the configuration screen. I have filled it with details for your host name, and Domain name, the Name Server 1 and Domain Search 1 are set by the DHCP server. You don't want to change anything here, as long as your host and domain name are OK for your primary 10.0.0.0 interface.

Click OK to return to the card configuration screen and click Next to return to the setup screen. Click Finish to save your changes.

Now it is time to configure your other SUSE machine's Ethernet card with the address 10.0.1.2 and host and domain win.daze. When that is completed you can test that the connection between the two cards is working, by pinging the other card from each end.

On machine dizzy.daze start up a shell console and give the command ping 10.0.1.2. If everything is connected correctly you should get a positive response. Now get on win,daze and ping 10.0.1.1. Good the connection works. Make sure that you can still access the Internet from dizzy.daze.

The next bit is setting up the route. In the Network services screen, click the Routing icon. You will see this screen:

Make sure that the default gateway is set to your ADSL address 10.0.0.138. Click the Enable IP Forwarding box. Now click Expert configuration. (I always wanted to be an expert!) Click the Add button that appears.

You will see this window pop up:

Fill in these values.

Destination = 10.0.1.1

Gateway = 10.0.0.138

Netmask = 255.255.255.0

Where it says Device (optional), select and delete this information.

Click OK to save your work. Click Finish on the routing window.

It is now time to reconfigure the firewall. Click on Security and Users. Click Firewall and this window will appear:

I have selected the device ID for eth1 as my internal interface, and the other which I know is the external interface to the ADSL. Click Next.

Reading the help on the left, you can see you need some Mail services. I also set up the Samba server to talk to the dual boot windows machine, and NFS to talk to the dual boot SUSE machine. Click Next.

X on the "Forward Traffic and Do Masquerading" option. You can leave the rest as is for now although you may want to read up a bit and come back later and x on the Protect all running services option. Click Next.

Make sure the above window looks like mine and click Finish.

Click continue.

Test your Internet browser again to see that you can still access the Internet.

It's time to set up your Dual boot box. As I stated above, set up the SUSE part first as you can change things here without having to reboot all the time like you have to in MS Windows. I don't know why they say Windows is more user friendly, when you have to do this over and over.

Follow the same procedure in YaST to set up your Ethernet card eth0 with the following information.

Network Address Setup window:

IP address = 10.0.1.2

Netmask = 255.255.255.0

Hostname and name server button window:

Hostname = win

Domain = dizzy
Name server 1 = 10.0.0.138

Domain search 1 = vic.bigpond.net.au
(Copy yours from this screen on your gateway machine, or leave it blank)

Routing button window:

Default gateway = 10.0.1.1

No routing table.

Enable IP forwarding

You will notice the gateway on this machine is the second Ethernet card on the gateway machine. That machine routes traffic to and from 10.0.1.1 to the Internet on 10.0.0.138.

Try out your new network by trying out your browser from the win.daze machine. I've tested this set up on two different similar networks, so you should have success.

Reboot your dual boot machine into MS Windows, and double click the networking icon in Setup – Control Panel. Select the line TCP/IP for your Ethernet card, and click on properties.

Click the IP Address tab, and click the "Specify an IP address" radio button.

Fill in the information:

IP Address = 10.0.1.2

Netmask = 255.255.255.0

Click the DNS Configuration tab.

Enable DNS

Host = win

Domain = dizzy

In the field under the words "DNS server search order" add the IP address

10.0.0.138

Click the Add button

Click the Gateway tab.

Enter 10.0.1.1

Click Add.


Click OK on the bottom of the pop up.

You will be asked if you want to restart your computer. Do it.

Now we have to set the route for the Win9x machine. Unlike SUSE, MS doesn't supply a user friendly interface to do this. Probably because Bill thought the Internet was a fad, and would never get off the ground. Was he ever wrong again? Anyway, you have to create a DOS batch file to set it up automatically. Use WordPad and type the following into a new file:

rem setup route to Linux gateway machine.

route add 10.0.1.0 MASK 255.255.255.0 10.0.1.1

Save this file as C:\WINDOWS\START MENU\PROGRAMS\STARTUP\MYROUTE.BAT

Reboot in windows again.

Test your browser to get onto the Internet.

This Newbie answer has covered:

How to setup a Linux machine as a sub network Internet masquerading gateway and firewall.
How to setup a sub Linux network Linux machine.
How to set up a sub Linux network Win9x machine.
How to understand simple sub network routing.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© Micro Focus