newbie - connecting to internet with ssh, is there a better way?

brandonweinberg · 02-07-2004, 01:33 PM

I'm a newbie using two networked Linux computers listed below:

1 -- [Let's call it P166] -- Pentium (166 MHZ), 64MB RAM, 28.8k Modem, No Monitor
2 -- [Let's call it P600] -- Pentium III (600 MHZ), 128MB RAM, Monitor, No Modem

The P600 is more powerful but it has no modem, so the modem from the less powerful P166 must be used to dial the internet.

My present setup leaves me feeling like I am not utilizing the P600 resources and unnecessarily overutilizing the P166 resources. I connect to the internet from a P600 console as listed below:

FIRST -- use SSH to log in an account on the P166
SECOND -- establish an internet connection on the P166
THIRD -- run Mozilla on the P166
FOUR -- browse the internet with X forwarding enabled on the P600

As you can see, Mozilla runs remotely on the P166. It sures feels like the P166 is doing a lot of work. I'm looking to (if possible) replace the need to run Mozilla remotely on the P166 to browse the internet.

i.e. Maybe I don't have to SSH into the P166 and rather should change file permissions, like +x for /dev/ttyS0 on the P166. Maybe this is a way to execute the remote modem so I do not have to SSH?

This may be far-fetched, I don't know. Again, I would like to remotely use a modem with a locally running web browser. My present setup, with SSH and X forwarding requires the web broswer to run remotely. I tried my best to describe this question clearly and please pardon any incoherent babble! BTW, I use Links sometimes, but this would help me alot because I really like Mozilla Firebird!

spurious · 02-07-2004, 02:11 PM

Essentially, your P166 should be functioning as an internet gateway / router for your P600. Since you can ssh from the P600 to the P166, I assume you've already set up local area networking between the two boxes.

On the P600 box, you need to tell it to use the P166 box as the internet gateway. As root, do "route add default gw 192.168.xx.xx" (192.168.xx.xx is the internal ip address for the P166 box). Further, you need to edit the /etc/resolv.conf on your P600 box to include the ip addresses for your ISP's DNS servers; the entry in your /etc/resolv.conf is "nameserver 12.23.45.67" where 12.23.45.67 is your ISP's DNS server address. Since your P166 box already accesses the internet, you could probably just copy the /etc/resolv.conf file from the P166 box to the P600 box.

On the P166 box, you need to configure iptables on the P166 box to allow IP masquerading and network address translation (NAT) to allow the P600 to access the internet through your P166 gateway router. You indicate that you are using Slackware. Assuming that on the P166 box, the modem interface is "ppp0" and the ethernet interface is "eth0", then copy and paste the following code into /etc/rc.d/rc.firewall:

Code:

# !/bin/sh
IPTABLES='/usr/sbin/iptables'

# load iptables modules
/sbin/modprobe iptable_nat
/sbin/modprobe ip_conntrack

# enable ip forwarding
/bin/echo 1 > /proc/sys/net/ipv4/ip_forward

# flush tables
$IPTABLES -F
$IPTABLES -X

# enable masquerading to allow LAN internet access
$IPTABLES -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

# forward internal LAN traffic from eth0 to ppp0 internet interface
$IPTABLES -A FORWARD -i eth0 -o ppp0 -m state --state NEW,ESTABLISHED -j ACCEPT

# block out internet intrusion on ppp0
$IPTABLES -A INPUT -i ppp0 -m state --state NEW,INVALID -j DROP
$IPTABLES -A FORWARD -i ppp0 -m state --state NEW,INVALID -j DROP

As root, run /etc/rc.d/rc.firewall. On Slackware, /etc/rc.d/rc.firewall is executable by default, but if for some reason it isn't, then chmod +x /etc/rc.d/rc.firewall.

You should now be able to browse the internet from the P600 box. As a nice bonus, your P166 is also a firewall.

DISCLAIMER: I don't use dialup, so I am merely guessing that your modem interface is ppp0. On my rc.firewall script, my internet interface is eth0 (ethernet connected to cable modem) and my internal lan interface is eth1.

Misel · 02-07-2004, 02:13 PM

There are a couple howtos on the web how to turn your P166 into a linux router. This way the P3 asks the P1 for a website and the P1 forwards it to the net. It's pretty common to do so, that's why I'm wondering why you haven't heard of it yet but are already as advanced as to use ssh to forward an X-client.

I admit I haven't done it by myself but it shouldn't be that difficult.

brandonweinberg · 02-07-2004, 02:22 PM

Thanks Spurious and Misel for your advice. I will now turn my P166 into a router and post the results on LQ (hopefully without a hitch). Special thanks to Spurious for one of the best replies I have ever read on this or any forum. Well, I'm off to it-

brandonweinberg · 02-07-2004, 04:25 PM

The instructions provided by Spurious were fantastic. Was easy to make my P166 into a router/firewall and now I can run Mozilla on the P600. Now I have a bunch of reading to do, so I can help build on this. LQ (like Linux) can be extremely helpful. Thanks again.

spurious · 02-09-2004, 02:02 AM

Thanks for the praise! One thing I forgot; to make the "route add default gw 192.168.xx.xx" permanent, either add it to your /etc/rc.d/rc.inet1 or edit the GATEWAY variable in /etc/rc.d/rc.inet1

struggled_newbie · 01-14-2011, 12:14 AM

wow! really helps