Novell Home

HOW-TO: Set Up a SUSE 10 Machine As a Router

Novell Cool Solutions: Feature
By Scott M. Morris

Digg This - Slashdot This

Posted: 21 Dec 2005
 

Applies to:

  • SUSE Linux 10

Introduction

Quite some time ago, I wrote an article about how to set up a machine running SUSE Linux Professional 9.2 as a router. This allowed users to share an Internet connection with several other computers on an internal network. It can also save you having to go out and buy a router that does essentially the same thing as what we'll produce here. As there have been many changes since SUSE 9.2, I've written another guide to setting up a router on a SUSE 10 machine, with much of the text shamelessly stolen from my previous article. For each step, there is a QUICK SUMMARY for advanced users, and a DETAILED EXPLANATION for novice users.

Necessary Hardware

First off, let's look at some of the hardware you will need for this article:

  • 1 or more computers with 1 Ethernet card in each. These will be referred to as "client" machines in this document.
  • 1 computer with 2 Ethernet cards in it. This will be referred to as the "router" machine in this document.
  • Some (at least 4) Ethernet cables.
  • 1 small hub or switch. A Zonet 8-Port 10/100Mbps Switch was used here.
  • Internet connection.
  • Printed Router Setup Sheet. This file is in PDF Format.

Preliminary Router Setup

Quick Explanation

Set up the two Ethernet cards as DHCP clients. Plug the Internet connection into one of the cards. Restart the network to obtain an IP address for that card.

Detailed Steps

The first thing that we'll do is get the networking set up on the router machine. On the router box, plug the Internet connection into one of the Ethernet cards. It does not matter which one. Then, open up YAST. On the left, click NETWORK DEVICES. Then select NETWORK CARD from the options on the right:

Another window comes up. It is called "Network Card Configuration Overview." We are going to set up the Ethernet cards from this window. Here's what mine looks like:

Over at the right, you will see that the IP Address column says "Not configured" for both of the cards. Yours may be different. At this point, that doesn't matter a bit. We will configure the cards, now. Select one, and then click on EDIT.

The "Network Address Setup" screen appears. In the SETUP METHOD box, select the "Automatic Address Setup (via DHCP)" option:

Then, click NEXT in the lower-right corner. You will be taken back to the list of Ethernet cards. You will see that the card you just configured has DHCP in the IP Address column.

Now, we just repeat these steps for the other card. Select it and click EDIT. When the screen comes up, select the "Automatic Address Setup (via DHCP)" option, and click NEXT. This card should now also say DHCP in the IP Address column.

Both of the Ethernet cards should now say DHCP in the IP Address column:

If this is the case, click NEXT. YAST does some saving of the configuration, and then the window closes.

Now, we just need to get the IP address from our ISP. This is quite painless. Open up a terminal window. As root, restart the network by typing '/etc/init.d/network restart'. This step is shown below:

linux:/> su
Password:
root:/> /etc/init.d/network restart

After you hit ENTER, it will show you a bunch of output that we don't really care about here.

Next, let's make sure we got an IP address from the ISP. To do this, run '/sbin/ifconfig', like this:

linux:/>  /sbin/ifconfig
eth0      Link encap:Ethernet  HWaddr 00:02:B3:49:2D:5E  
          inet addr:137.65.68.15  Bcast:137.65.71.255  Mask:255.255.252.0
          inet6 addr: fe80::202:b3ff:fe49:2d5e/64 Scope:Link
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:58949 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5367 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:16434036 (15.6 Mb)  TX bytes:997627 (974.2 Kb)

eth1      Link encap:Ethernet  HWaddr 00:08:54:D4:6F:20  
          inet6 addr: fe80::208:54ff:fed4:6f20/64 Scope:Link
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1893 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2680 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:227116 (221.7 Kb)  TX bytes:2861917 (2.7 Mb)
          Interrupt:10 Base address:0xa000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:81 errors:0 dropped:0 overruns:0 frame:0
          TX packets:81 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:5290 (5.1 Kb)  TX bytes:5290 (5.1 Kb)

linux:/>

You will see that this command produces some information for each of your adapters. The first adapter is called eth0 and the second one is called eth1. Disregard the lo adapter. We will not use any of its output here.

We need to determine which adapter is the external adapter. When I say external adapter, I mean that it is the one that the Internet plugs into. So, how do we find the external adapter? Well, it's the one with the IP address.

Find the line in the output above that starts with 'inet addr:'. We can see that the second line of the eth0 section has this information. The IP address follows. In this case, the IP is 137.65.68.15. Because the eth0 adapter has the IP address, we know that it is the external adapter.

For best results, eth0 should be the external adapter. If the 'inet addr:' information (IP address) appears in the eth1 section of your output on your screen, plug the Internet connection into the other card. Then, open a terminal. As the root (or 'su') user, restart your network by issuing the '/etc/init.d/network restart' command as shown above. When you are certain that the eth0 adapter is your external adapter (i.e., it has the IP address), continue with the next step.

Now that we know that the eth0 adapter is our external adapter, we need to locate its hardware address. In the sample output above, on the line above the IP address, in the middle of the line, it says "HWaddr" and has some numbers and colons after it. This is the hardware address for my eth0 adapter.

Let's take a look at your output, again. Find the adapter on your screen that has the IP address (the eth0 adapter should be the one with the IP address). Find the hardware address for this adapter (on the line above the IP address, after "HWaddr"). Write the hardware address for this adapter on the "External Card" line on the Router Config sheet.

Now we need to find your internal card. That's easy. It's the one that's not the external card. It has no IP address. It should be the eth1 adapter. Find the hardware address of your internal card. Write it on the "Internal Card" line on the Router Config sheet.

In my output, the hardware address for my external card is highlighted in green. My internal card's hardware address is highlighted in red.

If you were unable to get an IP address from the ISP, try restarting your cablemodem or whatever device you use to connect to the Internet. When it comes back up, run these commands (shown above) again to restart your network and display your IP.

Write Down Name Servers and Gateway

Quick Explanation

Find and write your Name Servers and Gateway on the Router Config sheet.

Detailed Steps

We need to find out what your Name Servers and Gateway are. This is very easy to do in SUSE. First, fire up YAST. On the left, click NETWORK SERVICES. Then select DNS AND HOSTNAME from the options on the right:

If a small window appears, click on the MODIFY button.

A window comes up that's called "Host Name and Name Server Configuration":

We're not going to change anything here. We're just looking for Name Servers. If the Name Servers are greyed out and hard to read, uncheck the "Update Name Servers and Search List via DHCP" checkbox:

Write down the Name Servers on the Router Config sheet in the NAME SERVER 1 and NAME SERVER 2 spots. Disregard the 3rd Name Server. Then, just click BACK or ABORT to close the window (do not click FINISH). Also, close YAST.

Now, we need to find out what your ISP's Gateway is. Again, this is incredibly simple. Open up a terminal and type '/sbin/route -n' and hit ENTER, as follows:

linux:/> /sbin/route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
137.65.68.0     0.0.0.0         255.255.252.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         137.65.71.254   0.0.0.0         UG    0      0        0 eth0
linux:/>

Again, we don't care about most of this output. Just look at the very last line in the 'Gateway' column. It will have an IP address. That's your Gateway. Mine is 137.65.71.254 (highlighted green) in this example. Write your Gateway on the Router Config sheet on the line next to "Gateway". You can now close the terminal window.

Internal Ethernet Card Setup

Quick Explanation

Set up your internal adapter to have a static IP of 192.168.0.1.

Detailed Steps

Now, we have to go back into YAST. On the left, select NETWORK DEVICES. On the right, select NETWORK CARD:

The "Network Card Configuration Overview" window appears. We need to find the internal card in this list. Click on an adapter. Now, look in the pane below. "Device Name" is another name for "hardware address." You're looking for the adapter in the list whose Device Name shows up on your Router Config sheet as the Internal Card. When you've determined which adapter is the internal one, select it and click EDIT:

The "Network Address Setup" screen appears. In this window, select the "Static Address Setup" radio button. Type 192.168.0.1 into the IP Address box:

Then, click NEXT to go back to the main screen. Click NEXT there, also. YAST then saves the network configuration and the window closes.

Routing Setup

Quick Explanation

In YAST, set up routing. The gateway will be the one from your ISP. Also, tick "Enable IP Forwarding."

Detailed Steps

Head back into YAST. On the left, click NETWORK SERVICES. Then select ROUTING from the options on the right:

A window comes up called "Routing Configuration". This is where we need the Router Config sheet. In the DEFAULT GATEWAY box in this window, put in the GATEWAY from the Router Config sheet. Then, tick the "Enable IP Forwarding" box. It should look something like this:

When you have done this, click FINISH. You are taken back to the YAST window.

Firewall Setup

Quick Explanation

Set up the firewall. Assign cards to proper zones, enable desired services, and enable masquerading.

Detailed Steps

In YAST, select SECURITY AND USERS on the left side. Select FIREWALL from the options that appear at the right:

A window appears called "Firewall Configuration: Start-Up". In this window, in the SERVICE START section, select the "When Booting" option:

When this is done, select the INTERFACES option from the pane on the left. The INTERFACES screen appears. This lists your Ethernet cards. You need to tell it which is the internal card and which is the external card. This is a snap using your Router Config sheet. First, select the card whose INTERFACE OR STRING matches what you have listed as your External Card on your sheet. Click CHANGE:

Another, small window appears. In this window, select the EXTERNAL ZONE from the drop-down box. Then click OK:

You will see that your card is now configured in the External Zone:

Next, we need to configure the other card on the Internal Zone. Select the other card from the list, and click CHANGE. In the small window that appears, select INTERNAL ZONE, then click OK. Your second card is now configured in the Internal Zone:

Now choose ALLOWED SERVICES from the pane on the left. A new screen appears:

This is where we tell the firewall what to allow. At the top, there is a drop-down box labeled "Allowed Services for Selected Zone". Select EXTERNAL ZONE from this box. Next, we're going to add services to allow. The SSH service may be enabled by default. If you do not use SSH, feel free to remove this. Also, if you have a web server on this machine, you may wish to add the HTTP service.

At the bottom, make sure the "Protect Firewall from Internal Zone" checkbox is not ticked. If you have a reason for ticking this box, you'll probably know how to allow services for it, so I won't cover that here.

Your screen will now resemble this:

Let's move to the next step and enable Masquerading. Select MASQUERADING from the pane on the left. A new screen appears called "Firewall Configuration: Network Masquerading." All we need to do here is tick the checkbox labeled "Masquerade Networks":

To continue, go back to START-UP in the pane on the left. To start up the firewall, click the button labeled "Save Settings and Restart Firewall Now":

When it has started, click NEXT. You are taken to a SUMMARY screen. Verify that all information is correct. When you are satisfied with what this screen says, click ACCEPT:

YAST saves the firewall configuration and the window closes.

Install and Configure DHCP Server

Quick Explanation

Install the 'dhcp-server' package. Go into the DHCP Server in YAST. Select the internal adapter to run the DHCP Server on. Put in the Name Servers from the ISP, and 192.168.0.1 as the Gateway. Put in an IP range for your network. Start the DHCP server.

Detailed Steps

First, let's make sure you have the DHCP server installed. In YAST, select SOFTWARE from the left, and SOFTWARE MANAGEMENT on the right:

When the window appears, search for the package called dhcp-server. When it comes up in the right pane, tick the checkbox next to dhcp-server. Then, click ACCEPT:

If another window about resolving dependencies appears, just click CONTINUE. YAST will then prompt you for a CD, which you gladly supply. YAST then installs the package(s), writes the system configuration, and asks if you wish to install more packages. Just click FINISH.

The DHCP server is now installed. Next, let's configure it. In YAST, select NETWORK SERVICES at the left. On the right, click DHCP SERVER:

The "DHCP Server Wizard (1 of 4): Card Selection" window appears. This screen lists your Ethernet cards. You just need to pick and add your internal card. It will be the one with the IP of 192.168.0.1. Select this card and click ADD:

A small "x" should appear in the ACTIVE column for that card. Also, tick the checkbox labeled "Open Firewall for Selected Interfaces". Your window should now look something like this:

Click NEXT to continue. The "DHCP Server Wizard (2 of 4): Global Settings" screen appears. I usually just type in "my.box" for the DOMAIN NAME in this screen. Whip out your trusty Router Config sheet. Type the NAME SERVERS from the sheet into the PRIMARY NAME SERVER IP and SECONDARY NAME SERVER IP spots on this screen. Type "time.nist.gov" for the TIME SERVER. Also, put in 192.168.0.1 into the DEFAULT GATEWAY (ROUTER) field on this page. Leave everything else as it is. Your screen should look like this:

Click NEXT to continue. The "DHCP Server Wizard (3 of 4): Dynamic DHCP" screen appears. For the First IP Address, put 192.168.0.100. For the Last IP Address, put 192.168.0.250. Don't change anything else. It should look like this:

To continue, click the NEXT button. We go to the "DHCP Server Wizard (4 of 4): Start-Up" screen. Select the "When Booting" option:

To finalize the DHCP setup, click the FINISH button.

YAST saves the settings, restarts the DHCP Server, and closes the window. You can also close any remaining YAST windows.

Assemble the Network

Quick Explanation

Put the network together. Restart the network on the router machine.

Detailed Steps

Now, it's time to plug everything in the way it is supposed to be. Make sure the Internet connection is plugged into the external card on the router box. Plug the internal card into your hub (or switch). Plug any and all client machine(s) into your hub. Your network should look like this, now:

When this is all plugged in, open a terminal window and restart the network on your router machine:

linux:/> su
Password:
root:/> /etc/init.d/network restart

It will have a ton of output, but just let it all finish before you move on. When it does finish, you can close this window.

Clients Setup

Quick Explanation

Renew IP addresses on the client machines and then ping google.com from each to make sure everything is working properly.

Detailed Steps

You should now be able to release and renew IP addresses on each of your client machines. Depending upon the operating system on each computer, this is done differently.

Linux Client Machines:

Open up a terminal, and renew your IP address:

linux:/> su
Password:
root:/> /etc/init.d/network restart

When this command finishes, ping google.com to make sure you are able to access the Internet through the router box:

linux:/> ping google.com
PING google.com (216.239.39.99) 56(84) bytes of data.
64 bytes from 216.239.39.99: icmp_seq=1 ttl=239 time=33.2 ms
64 bytes from 216.239.39.99: icmp_seq=2 ttl=239 time=32.2 ms
64 bytes from 216.239.39.99: icmp_seq=3 ttl=239 time=32.4 ms
64 bytes from 216.239.39.99: icmp_seq=4 ttl=239 time=32.9 ms

If it starts to scroll responses down the page, everything is working. Press CTRL+C to stop the pinging.

You are finished with this machine and can move on to the next one.

Windows Client Machines:

Use the ipconfig command to release:

c:\>ipconfig /release

It will print out a bunch of stuff. Then use the same command to renew the IP address:

c:\>ipconfig /renew

And it will renew your IP address. Then, ping google to test:

c:\>ping google.com

It should ping three or four times and then quit.

You are now finished with this machine and can move on to the next one.

Conclusion

A router will allow you to share your Internet connection to an internal network of many computers. This is great if you have 10 computers and only one connection. If you are like me, you won't want to spend $100 on a new router. Hopefully, this guide will save you some time in learning how to set one up on a machine running SUSE Linux 10.

UPDATE (2006-01-13): You can now use this article in conjunction with the Port Forwarding on a Router Machine Running SUSE 10.0 article. The Port Forwarding article is designed to be an extension of this current article (Router Setup). The Port Forwarding article teaches how to forward incoming connections from the firewall directly to a server internal to your network.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell