LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 04-15-2018, 10:16 PM   #1
dchmelik
Member
 
Registered: Nov 2008
Location: Washington state, USA
Distribution: NetBSD, FreeBSD, OpenBSD, Slackware, FreeSlack, OpenSolaris, Android, Replicant, DOS
Posts: 325

Rep: Reputation: 38
router to Slackware desktop to Slackware laptop network setup?


I'd like to finish setting up my Slackware desktop as a DHCP server (and if necessary, DNS, but my ISP and maybe router do that) for eth1 to my Slackware laptop. Actually, I ran dhcpd (and other things... ip_forward, and maybe some iptables command) on the desktop and connected fine with the laptop's rc.inet1, but it can only see the desktop, not past there onto the Internet. Here's the 'topology.'

Internet <-> router <-> Slackware desktop <-> Slackware laptop

I'm not sure I need to finish setting up the desktop's dnsmasq, or do resolv.conf on the laptop a certain way, or just some other network software.

I'm not a network professional, but the reason to try this is to learn more of what they know... I think this is called double NAT, and maybe needs a certain netmask? In relation to that (learning) if you just have an answer like they'd give at a less intellectual OS' distribution's forum, or at a computer shop 'buy a switch' (I also have one, not the point) just don't answer. For now, I also don't want to know about software alternatives... always wanted to try setting up a Slackware computer as a DHCP server, and might have several uses for it in the future. Also, obviously, there's no usage of isolation or firewall or demilitarized zone in this case (it's just at home... just NAT.)

Someone mentioned using TUN & TAP. I know almost nothing about it except that if I did, it might take less work... but wouldn't have as wide a range of future usage for this type of case (such as on a server with several ethernet connections maybe also to another that's doing the same.) That's interesting, so I might want to try it later, but that'd be another thread, or I'd post below if this sort of DHCP setup can't be explained for a long time.

Last edited by dchmelik; 04-15-2018 at 10:17 PM.
 
Old 04-16-2018, 02:26 PM   #2
bassmadrigal
LQ Guru
 
Registered: Nov 2003
Location: West Jordan, UT, USA
Distribution: Slackware
Posts: 5,350

Rep: Reputation: 3104Reputation: 3104Reputation: 3104Reputation: 3104Reputation: 3104Reputation: 3104Reputation: 3104Reputation: 3104Reputation: 3104Reputation: 3104Reputation: 3104
What do you have in your /etc/dhcpd.conf file? And how are you starting the dhcpd server? Many are using Eric's example rc.dhcpd located here and then you could just add an entry to your /etc/rc.d/rc.local to start that file on boot.
 
1 members found this post helpful.
Old 04-16-2018, 06:45 PM   #3
abga
Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 702

Rep: Reputation: 388Reputation: 388Reputation: 388Reputation: 388
@dchmelik

I was about to ask the same as bassmadrigal, focusing on the network configuration between the two hosts (desktop&laptop), so I'm just teaming up now.
You state that you can already reach your desktop from your laptop and that means that your laptop network adapter is configured, thus your dhcppd configuration might look valid - still need to verify that.
Your setup is indeed a double NAT, so to say, but nothing extraordinary. You can daisy-chain NATs until your exhaust the private address spaces. A good learning example, BTW.
To make sure I got your setup right, I've redrawn your simple topology schematic focusing on the name of the ethernet adapters on your desktop:
Internet <-> router <DHCP->-eth0> Slackware desktop <eth1-DHCP->-> Slackware laptop

Basically, in order to achieve NAT on your desktop, you'll need to:
- enable the packet forwarding -> make sure /etc/rc.d/rc.ip_forward is executable & launch it manually with the start parameter (it'll get launched automatically on boot from within /etc/rc.d/rc.inet2)
- assign a private network space on the eth1 interface, different from the one used on your router, which usually comes by default with the 192.168.0.0/16 (192.168.0.0 or 192.168.1.0). To avoid confusion, especially as you're learning now, I'd suggest to use the 10.0.0.0/24 private network space for your second NAT in your dhcpd conf file. The IP Address for your eth1 card will be the gateway for your second NAT and I'd suggest to use 10.0.0.1 - netmask 255.255.255.0 - broadcast 10.0.0.255
- do the actual NAT on your desktop with the help of iptables (netfilter), capture the packets that are coming from your laptop (10.0.0.0/24) and translate them into the LAN connected to your eth0 adapter (router LAN). iptables (netfilter) is the only tool you need for the NAT and I'd suggest to learn more about it.
You can start with this simple iptables script that you can define as your desktop's rc.firewall:
Code:
#!/bin/sh
# flushing all previous rules
/usr/sbin/iptables -F
/usr/sbin/iptables -t nat -F
/usr/sbin/iptables -t mangle -F
/usr/sbin/iptables --delete-chain
/usr/sbin/iptables --table nat --delete-chain
#ipv4 default policies - should be on DROP, but then you'll need to address individually all the traffic and maybe too complicated ATM :)
/usr/sbin/iptables -P INPUT ACCEPT
/usr/sbin/iptables -P FORWARD ACCEPT
/usr/sbin/iptables -P OUTPUT ACCEPT
# do the actual NAT - you have a dynamic IP Address on your eth0 (provided by the router DHCP) and therefore you'll need to use MASQUERADE
/usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#or - stricter, NAT-ing only the packets that come from your desktop-laptop LAN
#/usr/sbin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
- on the laptop you'll need to use the nameserver of your ISP or router (router is acting as a resolver by itself) in your /etc/resolv.conf, as your desktop does not run any DNS resolver on its own. This DNS entry should be configured in your desktop dhcpd conf file and provided automatically to your laptop.
- that's pretty much it. No need for any additional software, Slackware comes packed with all the goodies you need.
- some references/lecture:
https://en.wikipedia.org/wiki/Privat...address_spaces
https://www.netfilter.org/documentat...T-HOWTO-6.html

On your TUN/TAP question, these are tunneling interfaces and used by the openvpn tunneling software (it's shipped by default with Slackware).
You can achieve a NAT also through tunneling between the desktop and laptop, by having them both connected to the router, it'll look like this:
Code:
Internet <-> router <DHCP-eth0> Slackware desktop
		\		|
		 \		Tunnel - tun (openvpn)
		  \		|
                    <DHCP-eth0> Slackware laptop
This is a simpler setup because you'll rely only on the private network space and on the only DHCP server running on your router, but might be a little more complicated on the networking&routing part, at least conceptually.
As a starting point, you'll need to setup a point-to-point vpn tunnel between your desktop and laptop by following the Simple Example from the following link. Don't create the static key and don't use the secret static.key option, you don't need encryption within your LAN (too much overhead):
https://openvpn.net/index.php/open-s...ini-howto.html
- configure the desktop as your "server" and the laptop as the "client"
- start on both the openvpn deamon - best way to put the following in your rc.local file:
Code:
# Start VPN
/sbin/modprobe tun
/usr/sbin/openvpn /etc/openvpn/openvpn.conf
- then on your laptop you'll need to redirect all the traffic through the established tunnel, adding these additional lines to your rc.local file:
Code:
# delete the default route provided by your router, substitute Router_GW with your router IP
/sbin/ip route del default via Router_GW
#if you follow the openvpn.net link Simple Example strictly, then TUNNEL_END_POINT will be 10.8.0.1
/sbin/ip route add default via TUNNEL_END_POINT
- then you'll need to manually configure the nameserver from your ISP or router IP in your laptop /etc/resolv.conf file
- finally, on your desktop, make sure that the packet forwarding is enabled and run your iptables NAT script, same configuration as described before this TUN/TAP section, the only difference now is that the packets originating from your laptop are coming through the tun0 interface instead of the eth1.

Last edited by abga; 04-16-2018 at 07:36 PM. Reason: bad formatting - topology
 
3 members found this post helpful.
Old 04-17-2018, 02:05 AM   #4
dchmelik
Member
 
Registered: Nov 2008
Location: Washington state, USA
Distribution: NetBSD, FreeBSD, OpenBSD, Slackware, FreeSlack, OpenSolaris, Android, Replicant, DOS
Posts: 325

Original Poster
Rep: Reputation: 38
Thanks for replies so far. I still have to read the above more closely then try most of it, but after reading a few articles on somewhat different setups, here is my /etc/dhcpd.conf

Code:
# dhcpd.conf
#
# Configuration file for ISC dhcpd (see 'man dhcpd.conf')
#

default-lease-time 1440;
max-lease-time 10080;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.3;
option domain-name-servers 192.168.2.3;
option domain-name "cosmos.windwireless.net";
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.4 192.168.2.100;
range 192.168.2.150 192.168.2.200;
}
 
Old 04-17-2018, 02:51 AM   #5
dchmelik
Member
 
Registered: Nov 2008
Location: Washington state, USA
Distribution: NetBSD, FreeBSD, OpenBSD, Slackware, FreeSlack, OpenSolaris, Android, Replicant, DOS
Posts: 325

Original Poster
Rep: Reputation: 38
I altered my dhcpd.conf according to abga's suggestions, used the script, and it worked!

I plan to read about netfilter & iptables, then try the tun & tap thing. If the way it works is simpler, I should use something like that in an easy case of not doing several NATs in a row.
 
Old 04-17-2018, 04:12 PM   #6
abga
Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 702

Rep: Reputation: 388Reputation: 388Reputation: 388Reputation: 388
Happy to hear that it worked!

I'd suggest to start with a CCNA (cisco) material, you'll get some guides for free on the Internet nowadays, that's in case you're not already savvy with the networking. It'll get you comprehensively and programmatically through the basics of networking, static routing, NAT-ing, etc. and I remember it was the best (didactically) and most complete way to learn for me, decades ago. I even went and prepared (theory) for a CCNP exam but dropped it as I started to focus on more business related activities. Before the CCNA I had known some stuff, but only bits and pieces learned from experience & different guides. At that time I only had Internet at work (ISP) and mainly lectured pretty thin printed material.

iptables (netfilter) and iproute2 utilities are your standard (core) tools for managing the networking under Linux and once you know them you can start to do "wonders".
https://en.wikipedia.org/wiki/Iproute2

TUN/TAP interfaces are basically virtual network kernel devices - pseudo ethernet adapters, that you can manage exactly like physical adapters. With the help of openvpn you can define as many as you want with the point-to-point setup, by starting additional openvpn sessions for each of them, with distinct configuration files, distinct ports and distinct tun devices, for example openvpn1.conf header:
Code:
dev tun1
port 1195
proto udp4
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Slackware server / router setup? pwatk Slackware 21 01-23-2011 01:53 PM
Slackware DHCP works but cannot ping or access router setup RedFox937 Linux - Networking 8 12-24-2007 10:36 PM
I want to use my slackware 10.0 as a router for my network. cyto Slackware 10 09-04-2004 05:13 AM
d-link wireless router setup on slackware kodon Slackware 2 07-31-2004 04:53 PM
Home Network Help (Slackware 10 laptop and Windows Desktop) Corallis Linux - Networking 0 07-03-2004 03:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 08:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration