LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 07-31-2003, 07:13 PM   #1
dannyflounders
LQ Newbie
 
Registered: Jul 2003
Posts: 20

Rep: Reputation: 0
Heres what i consider, tricky


How if possible can i use a shared internet connection.

Our server is connected to the internet but our other computer which im installing linux on uses the internet through the other computer so is it possible to use it through the other comp like on windows?

Thanks
 
Old 07-31-2003, 07:35 PM   #2
tangle
Senior Member
 
Registered: Apr 2002
Location: Smithville, TN
Distribution: Slackware
Posts: 1,749

Rep: Reputation: 71
Yes, either using some form of NAT, iptables or a proxy server.
 
Old 07-31-2003, 07:46 PM   #3
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912
Quote:
some form of NAT, iptables or a proxy server.
I don't want to be a nit-picker here,
but if you use iptables for conection
sharing it does NAT ;)

As for the original question:
Quote:
Our server is connected to the internet but our other computer which im installing linux on uses the internet through the other computer so is it possible to use it through the other comp like on windows?
Yes :} ... it is possible.

Cheers,
Tink
 
Old 07-31-2003, 08:01 PM   #4
tangle
Senior Member
 
Registered: Apr 2002
Location: Smithville, TN
Distribution: Slackware
Posts: 1,749

Rep: Reputation: 71
Quote:
I don't want to be a nit-picker here,
but if you use iptables for conection
sharing it does NAT
I seen on here where some say that what iptables does isn't really NAT. I think that it is. But I thought that I would sperate them so as not to get flames.

Can't win them all.
 
Old 07-31-2003, 08:32 PM   #5
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912
Quote:
Originally posted by tangle
I seen on here where some say that what iptables does isn't really NAT. I think that it is.
I think it is, too, and so do the iptables
developers and the kernel maintainers :)

Quote:
Can't win them all.
Now THAT one is certain :}

Cheers,
Tink
 
Old 07-31-2003, 08:36 PM   #6
tangle
Senior Member
 
Registered: Apr 2002
Location: Smithville, TN
Distribution: Slackware
Posts: 1,749

Rep: Reputation: 71
If you took offence, I did mean anything by the post.
 
Old 07-31-2003, 08:38 PM   #7
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912
No worries...

Cheers,
Tink
 
Old 07-31-2003, 11:25 PM   #8
Rodrin
Member
 
Registered: May 2003
Location: Upstate NY, U.S.
Distribution: Slackware
Posts: 248

Rep: Reputation: 31
Just to chime in on iptables capabilities. I believe it can do both full fledged NAT (Network Address Translation) and another form of NAT that is more specifically called IP masquerading. The earlier program ipchains, which iptables replaced, was, I believe, only capable of doing IP masquerading, so that may be why someone said that iptables is not capable of doing NAT.

The difference between IP masquerading and full fledged NAT is as follows:

With NAT the Linux router picks up traffic directed to any of a number of ouside IP addresses and translates certain outside addresses to inside addresses on a one to one basis, and also translates the internal addresses to outside addresses on the same basis. It is also possible to make it so users of several inside addresses have Internet browsing access using a NAT pool of fewer outside addresses (I haven't seen this done on a Linux box; I've never checked to see if it was possible with iptables, but I imagine that it is), but this arrangement will not make the inside machines that are using the pool visible to the outside world as servers. You can combine one to one translations for servers and a pool for other Internet access on the same router.

With IP masquerading you share Internet access through a single outside address by making it so different ports of the outside address are used to represent different inside IP addresses. This can even be used to make servers available to the outside by creating virtual servers on the router that simply redirect traffic addressed to them to different inside addresses (usually) on the same port.
 
Old 08-01-2003, 07:39 AM   #9
bobmac010
LQ Newbie
 
Registered: Jun 2003
Distribution: Slackware
Posts: 29

Rep: Reputation: 15
I am using iptables to do just that.
I have several server that are NAT'ed, and internal users that are pooled.
You can load balance with NAT, etc.
Sample Rules:
This set assumes that you have some knowledge of iptables.

###########################
# Configure Interfaces #
###########################
#
/sbin/ifconfig eth0:1 "enter_public_ip_here" broadcast "b-cast" netmask 255.255.255.0
/sbin/ifconfig eth1:0 192.168.2.1 broadcast 192.168.2.255 netmask 255.255.255.0
###########################
# Flush Rules #
###########################
#
iptables -F
iptables -X
iptables -F FORWARD
iptables -F INPUT
iptables -F OUTPUT
iptables -Z # Zero ALL counters
#
##########################
# Set policies for rules #
##########################
#
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
#
########################
# Setup NAT forwarding #
########################
#
iptables -N nat
iptables -t nat -F
#
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#
################
# Drop PING
################
#
iptables -A INPUT -s 0.0.0.0/0 -d "enter_public_ip_here" -p icmp -j DROP
#
################
# The following systems, unspecified with NAT,
# to have the IP of "enter_public_ip_here" when visiting the internet
################
#
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to "enter_public_ip_here"
#
#######################
# NAT translations start below
#######################
#
#######################
# Server Config
#######################
#
iptables -t nat -A PREROUTING -d "enter_other_public_ip_here" -j DNAT --to 192.168.2.2
iptables -t nat -A POSTROUTING -s 192.168.2.2 -j SNAT --to "enter_other_public_ip_here"
#
##############
# End Of File
##############
 
Old 08-26-2003, 01:28 PM   #10
raypen
Member
 
Registered: Jun 2002
Location: Midwest
Distribution: Slackware
Posts: 365

Rep: Reputation: 30
Just a little extra info:

SNAT and MASQUERADE are essentially the same in that internal
addresses are changed to match the public IP when outgoing
and changed back to the internal address when incoming.

The incoming packets are identified as belonging to a certain
internal IP through connection_tracking and are allowed in
with state matching (iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT)

The difference between the two is that SNAT is used with a
fixed IP address whereas MASQUERADE is used when the IP
address is assigned from a pool of IP addresses assigned
by an ISP either through PPP or DHCP. Obviously, MASQUERADE
involves a little more overhead in determining what IP address
has been assigned by the ISP, but will work automatically
no matter which IP address is being used currently.

You can use SNAT with an indicated IP address, but you will have
to change it in the firewall script each time an assigned address
changes.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
heres a project .. any thoughts? andzerger Linux - General 3 02-22-2004 11:42 AM
heres something i havent seen posted before andzerger Linux - Networking 0 02-20-2004 12:52 AM
heres a strange question.... zenji General 7 01-05-2004 05:50 PM
k kids heres a challenge (GRRRRRRRRRR) oneiric Linux - Newbie 4 06-27-2003 04:21 PM
Heres a real problem SIAS99 Linux - Networking 3 09-27-2001 07:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 07:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration