Here's how to set up a broadband connection for your home or office LAN.
With the arrival of technologies such as cable modems and xDSL (digital subscriber line) technologies, individuals can now have a moderate to extremely fast constant connection to the Internet, instead of the usual analog telephone-line-based modem. Such new technologies use different hardware and sometimes, as in the case of cable, a different transmission medium.
In this article, I will describe how to set up a cable modem with a local area network (LAN) to provide a fast connection to the outside world. However, you don't need to have a cable modem to benefit from this article, just a fast and constant/semi-constant connection to the Internet, such as ISDN or Frame Relay. The setup procedures are almost the same, with the exception that your hardware may require special drivers. Contact the manufacturer for details on support.
There are three types of cable modems on the market today. One is the static type, which is always up and connected. This type is generally expensive and has a static IP address. It also offers two-way communications for downloading and uploading as well. This is the best type of modem to run a web, FTP or TELNET server. The second type of modem is the dynamic cable modem, which also offers two-way communications, but has a login procedure, where you are assigned a dynamic IP address each time you wish to use it. Such modems use a DHCP client to obtain a dynamic IP address from the headend server. The third and cheapest type of modem on the market requires that you use a telephone line to upload information, such as web page requests, and use the cable to download information, such as web pages. This type of service is generally inexpensive, but suffers from extremely high latency. This isn't the type of modem to set up a server on, since the upstream connection is so slow. However, this type has blazingly fast download speeds.
This article will focus on the first type of modem, since those are the most common. There are excellent resources on-line for all types of modems. An excellent page for the dynamic modem is http://home.neo.lrun.com/rrlinux. This page has links to software needed such as DHCP clients and a login program for RoadRunner modem customers. A good resource on how to correctly set up DHCP for a cable modem can be found at http://elycion.geology.ualberta.ca/~dkimmel/cablemodem.html. The third type of modem, a cable modem that uses a telephone line to upload data, is pretty much controlled with proprietary software and hardware. These solutions are in place because of the high cost of outfitting existing cable plants for two-way communications, which is a basic part of the cable modem theory. Such solutions require hackish, kludgey software solutions on the Linux side. A blend of DHCP and PPP must be used to get the routing to work correctly, but after it's done, it is ultra fast. Consult the PPP HOWTO for help in getting your analog modem correctly configured. For the cable modem part, follow the instructions shown here or on the aforementioned web pages. The DHCP should work in the same manner.
With coaxial-cable-based Internet access there is no signal degradation for many miles. At this time, cable is the favored high-speed, low-cost connect method for homes and small to medium-sized businesses due to reliability factors. Cable Internet access availability is spreading to more areas each day.
Cable modem packages generally include a modem lease or purchase fee along with a service fee. Leases usually cost between 15 and 20 dollars, and service can cost from 35 to 70 dollars a month, depending on location. Speed varies from service to service. For example, @Home and RoadRunner offer speeds that are extremely fast—equal to multiple T1 performance in uploading and downloading. However, services such as GTE charge twice as much and have speeds that compete only with double ISDN, which operates at a transmission speed of 128 kilobits per second, which is roughly 15 to 16 kilobytes per second. It all depends on your provider.
xDSL Technology uses the same copper wires that have been in place for decades with hardware on both ends to accelerate data transfer. One drawback to this method is repeaters and/or amplifiers must be used along the route to prevent signal degradation. xDSL as yet remains untested and extremely expensive in terms of service and hardware. In fact, xDSL technology is still considered to be in the testing phases at this time (February), so I will focus on cable technology in this article.
xDSL technology, the telephone company's answer to cable modem technology, will probably be more expensive. There isn't an average price, since the whole technology is in its early stages. You can expect to pay anywhere from cable modem prices to several hundred dollars a month to get this service. However, the speeds of the service are phenomenal for the transmission medium. The speed you get depends on your telephone company and location.
With these two new technologies, how is the Linux user supposed to exploit them to their full potential? Easy. With a few simple pieces of software, you can have a full in-house network with a simple firewall, capable of World Wide Web browsing, Internet relay chatting and connecting to the outside world via FTP from each of the computers. Software such as CU-SeeMe, a video conferencing program, have IP Masquerading modules in order to work in this environment. Note that IP Masquerading does not allow for incoming connections to the client machines, so the client machines are truly client machines.
All of the newer Linux kernels include support for IP masquerading, which allows a group of computers on a network to access the Internet using a specified computer's Internet address. All connections from the computers must go through a specified IP masquerading “host”, or server. This server functions as the gateway machine and can be used as a DNS machine, if you set up a DNS server. With route and ipfwadm, you can set up a simple but effective packet routing scheme to deliver packets to the appropriate client machines. The prerequisites for such a setup are as follows:
One Linux server
Client machine(s) running a network-capable OS
One or two Ethernet cards, depending on the type of your router
The standard Linux network package; see your distribution documentation for details.
I am assuming that you have Ethernet support for your client machines already. If your client machines are Linux and you haven't yet set up the Ethernet cards, read the documentation and do it—all of the drivers are most likely already working.
For the server, the first step of setting up a network is setting up the Ethernet hardware. This is relatively simple: recompile the kernel or compile a module to include support for your card or cards. In the case that your card is supported by the Linux kernel, as root compile support into the kernel by typing make menuconfig at the top of the Linux source tree and use the menus to configure support. More information on how to recompile a kernel is available at the Linux Kernel HOWTO, located at http://sunsite.unc.edu/linux/HOWTO/Kernel-HOWTO.html.
In the kernel setup program, under “Code Maturity Level Options”, check the “Prompt for development and/or incomplete code/drivers” box, so that you will be given the option of using IP masquerading. Also, in the “Networking Options” section, check the following: Network Firewalls, Network aliasing, TCP/IP networking, IP forwarding/gatewaying, IP multicasting, IP firewalling, IP accounting, IP masquerading and IP tunneling. Although IP masquerading is experimental, it is fairly stable and must be included.
If your card (such as the EtherExpress Pro 10 PCI card from Intel) isn't supported in the kernel or support is broken, you can download and make a module for your card. A great resource for Ethernet card information on Linux is at the Linux Ethernet HOWTO, at http://sunsite.unc.edu/linux/HOWTO/Ethernet-HOWTO.html. At the Ethernet HOWTO, you should find complete information about your card and how to use it under Linux. Another great resource is Donald Becker's Ethernet drivers page, found at http://cesdis.gsfc.nasa.gov/pub/linux/linux.html. This page has drivers (many written by Mr. Becker) for many cards, including some that are in alpha stage. Be aware that many of the alpha drivers are perfectly usable and many are completely unusable. To find out, check the Ethernet HOWTO for support status. You can also read the actual source of the module, which should include instruction on installation and compilation near the top or bottom. Install the Ethernet card module into the /lib/modules/2.0.xx/net file and put the following lines into one of your startup scripts:
depmod -a modprobe drivername
Note that the modprobe drivername does not include the “.o” at the end of the file name. It isn't necessary, so you shouldn't put it in; modprobe knows how to handle the loading of the module. To see if you've loaded the module into memory, type lsmod at the prompt. If you see a listing for your card, the module is loaded. Troubleshooting steps can also be found at the Linux Ethernet HOWTO. It's an excellent resource that should not be missed when setting up Ethernet cards.
If your cable modem or other high bandwidth device doesn't support being plugged into a hub or coax network, the simple solution is to buy a cheap NE2000 clone for the device and keep it separate from the other parts of the network. Yes, that's right, you'll have two Ethernet cards in your server computer. The number one problem concerning multiple Ethernet card support is the order in which the cards get detected. This is important, since Linux addresses the Ethernet cards in numerical order, depending on the order detected during the boot process. If you know the IRQs or the I/O addresses of your Ethernet cards (it may be settable on board or via software), you can add this line to the top of your lilo.conf file:
append = "ether=irq,ioadd,eth0 ether=irq,ioadd,eth1"
This line tells the kernel which Ethernet devices to assign to which I/O or irq combinations. For example, if you have a 3Com 3c509b on irq 10 and memory address 0x300 and you wish that card to be eth0, you add this line to the very top of your lilo.conf file:
append = "ether=10,0x300,eth0"For additional Ethernet cards, you just add another ether=x,x,ethx after the first one inside the append quotes, as shown in the previous example. This is the easiest method of getting the kernel to assign the proper devices to the correct cards. All modern Ethernet cards come with software or jumpers that let you set the irq and memory addresses. If they don't, look in your computer's BIOS or, if you have another OS such as Win95, look in the system settings for the mapped address. To check that the Ethernet card was properly detected, simply type cat /proc/interrupts and see if your card is listed there.
Now that you have your card or cards set up, go ahead and boot into Linux. First, login or su as root and run the command ifconfig. You'll get a few paragraphs of information, stating the status of your network interfaces. At this point, your Ethernet interfaces (eth0, eth1) will not be listed, since you haven't configured them yet. The only interfaces listed should be the loop back interface, and anything else you have already set up.
What we wish to do now is set up each interface. In the case of a single Ethernet card system, issue the following command:
ifconfig eth0
replacing x.x.x.x with your specified IP address. This number is provided by your ISP (Internet service provider). Also change the eth0 to whichever interface you wish the address to be mapped to. Now, run ifconfig as root. You will see the eth0 interface listed, with all the card details and transmission statistics. If you have a second card, issue the same command, this time with eth1 instead of eth0 and the internal network IP address. For your internal network, the addresses should be in the form of 192.168.0.0, with 192.168.1.1 being the machine that is going to host the connection. In other words, all your other machines should be assigned 192.168.1.1, 192.168.1.2, 192.168.1.3, etc. These IP addresses are not publicly routed on the Internet and should not interfere with the outside world.
With the interfaces set up, it's time to set up routing. This may sound complicated, but it is quite easy once you are familiar with the route command. This command controls the flow of data between all network interfaces. The route man page gives complete details of all the intricacies of this command. For now, use this series of commands to configure routing:
route add route add default gw route add -net 192.168.1.0 eth1
Replace the gateway_address flag with your actual gateway machine address, also provided by your ISP. The first two commands tell the machine that the host gateway_address can be accessed directly via the eth0 interface. The third command says that the default route (0.0.0.0, any machine) should be accessed through the gateway gateway_address. The last line indicates that any machine in network 192.168.1.0 can be accessed through the interface eth1. Put these three lines and the ifconfig line above into the startup script, usually found in /etc/rc.d for Slackware or /etc/rc.d/rc.init for Red Hat. Check your documentation for your distribution.
Now set up DNS resolutions by editing the /etc/resolv.conf file to include the following lines:
domain isp.com nameserver nameserver
Replace isp.com with your ISP's domain, and replace x.x.x.x with your ISP's primary name server, and y.y.y.y with your ISP's secondary name server. If you don't have a secondary name server, don't worry, only one is actually needed. After you've added these lines, save the files and reboot.
When your computer is back on-line, you will be able to use your cable modem on the host machine to execute the regular Internet functions such as FTP, TELNET and visiting the WWW.
To effectively share bandwidth between computers without actual IP addresses for each computer, use internal IP addresses as discussed above. The masquerading server forwards packets from each of the client machines to the Internet and relays the packets back to the client machines. This is done quite efficiently, with little noticeable load on the server. A tool called ipfwadm is used to set up “rules” for IP forwarding and denying. The following commands should also be added to one of your startup scripts (see Listing 1), after the ifconfig and route sections:
ipfwadm -F -p deny ipfwadm -F -a M -S 192.168.1.0/24 -D 0.0.0.0/0
The first command tells ipfwadm to change the policy for IP firewalling to deny. The second command is a little more complicated; it instructs ipfwadm to append the commands that follow, which in this case are the M, -S and -D flags. The M adds a masquerade rule, which states that all packets with a source address of 192.168.1.0 and a destination address of 0.0.0.0 (which basically means any host machine) are accepted. The /24 specifies the number of set bits in the netmask. Remember, in binary, you can only have a set or unset bit, and in netmasks, the value is always 255 or 11111111 in binary. You can also replace the 24 with the real netmask, which in this case would be 255.255.255.0. The zero in the -D rule just means that any netmask is allowed. The man page for ipfwadm for more details.
At this point, it is a good idea to restart, run all the scripts and load all the modules. If you don't want to bring the machine down, you can re-run the startup scripts and hope for the best.
The hard part is now over, and it's time to set up the client machines which will be using IP masquerading to gain access to the Internet. In most major operating systems, the values for netmask, IP address, gateway and DNS server are required to effectively use the Internet. Also, routes must be specified in UNIX machines. Routing setup in Win95 is more transparent, although there is a route command.
On a Win95 or Macintosh machine, the first step is to install the network hardware which is probably an Ethernet card. These platforms are well supported, and the hardware should come with full documentation and software for installation. Read the operating system documentation on how to set network settings. Once you know how to set up the network, use 192.168.1.x for the IP address, where x is less than 255 but greater than 1. Don't assign identical network addresses to two computers on the same network. For the Gateway address, use 192.168.1.1 which will correspond to your server machine if you've followed my examples. For the DNS server search order, or DNS servers, enter the same DNS servers used for the server machine. Or, if you have a DNS server running on the server machine, you can specify it as the DNS machine. Don't enable any funky WINS settings; set the interface to be the default. In Win95, this can be found under the “Advanced” tab. In other operating systems, you should be able to specify it with a command such as route. On Macintosh systems, you shouldn't have to worry about this, unless you have multiple Ethernet cards, which isn't likely. Also, on Macintosh systems, the Gateway address may be referred to as the “Router Address”. Treat this the same as the “Gateway address” term.
Your operating system may be different in setup, but the values you use are the same universally. Read your operating system documentation for more information on how to set these values.
Now is the time to test your setup, if you haven't already. Make sure your server machine is running, and all software is configured properly. Then, turn on a client machine and type ping 192.168.1.1 at the command prompt or in the Run window in Win95. You should get a bunch of numbers every second or so. This means that the network is alive and kicking. Press CTRL-C to stop the ping command from pinging. Next, open up a piece of client software such as an FTP program or a web browser and bring up your favorite WWW site. If the site appears, your setup is working fine. If not, then you should go over the settings and try again. Remember, it may take a bit longer for the web site to appear through IP Masquerading than through a regular connection.
If you would like to discuss any of this with me, please feel free to e-mail me.