[Glastonbury] Cable [LONG REPLY]

Andrew M.A. Cater glastonbury at mailman.lug.org.uk
Sun Aug 3 16:17:01 2003


On Sat, Aug 02, 2003 at 04:49:09AM -0700, Maurice Onmaplate wrote:

Steve,

Martin advises that you are actually close to Plymouth.

If the following doesn't get you started, then I would suggest
you contact the Devon and Cornwall Linux Group (www.dclug.org.uk)
who appear well set up and will at least be more local to you.

--

This is a Telewest connection.  I also have a Telewest connection
which has been working substantially without problems for more than a 
year.  I'm guessing you have TV and a small cable modem separately.

The modem I have has three connections on the back.  The topmost one
is an Ethernet socket for a Cat5 Ethernet connector (looks slightly like
an oversized telephone handset plug).
  
The next down is a plug with coaxial cable.

The bottom is a two pole mains connector - something like the IEC cable
you get for a cassette recorder or radio.

--

The basics of Telewest cable (badly written and in nutshell format)
============================

Cable company (Telewest) gives you one IP address on the real 'Net.  
This is assigned to the cable modem and linked to route to the card 
whose Ethernet MAC (hardware) address they have registered.
The 'Net IP address is assigned dynamically: it is open to change, 
although you may have the same address for many months.

Telewest staff know your machine (and you) by an alias. As you go online
to start Web browsing or whatever so your cable modem comes up and
Telewest routes traffic to you.  Telewest broadband a.k.a. Blueyonder 
is thus , effectively, a gigantic internal company LAN which has 
intelligent routers on the outside edges to connect you to the "real" 
Internet.  The only way you authenticate your machine's identity to the 
cable modem is via some checking of the Ethernet MAC address of the 
interface card connected to the cable modem.

--

You have two choices open to you to persuade the cable modem to link 
into an internal home network as distinct from one Windows machine:

1.) You can buy a pre-made "Ethernet router" from somewhere
like PC World for £50 - £80 (The £80 version will probably have
a switch rather than a hub.)  The size is comparable to an Ethernet 
four port hub.  These things usually have a Web browser interface
to set them up.  They may have a "firewall capability" of sorts built 
into them.  

Pros: They cost less than a brand new machine and are generally
silent.  
The box is small.  

Cons: Who made them and how much do you trust their 
reliability?
Their security may not be up to much - they may need firmware
updates to fix problems.
They may not be flexible enough for some purposes.

I've never needed to use one, so know little more about them.
Others who read this mailing list and others may have some
more informed opinion.

Network topology (all assumed to be wired using Cat5 Ethernet cable)
----------------

Just plug the cables in and set up the router via the web interface.

                                                          |------ Mach 1
-{Cable modem}-> single Ethernet cable -> {Ethernet router}
                                                          |______ Mach 2
                                                          |
                                                          |------ Mach 3

--

2.) You use a multi-function Linux box.  This is a Linux User Group
mailing list, so I'll assume that you want to use a Linux box. I'll
set this out as basically as I can.

Pros: You can do a lot of clever stuff to filter nasty packets and
virus payloads. 
You can do intelligent filtering and also use the box to implement 
anti-spam for your incoming mail - less rubbish to read.
Good use for redundant hardware that has been pensioned off elsewhere.

Cons: You have the noise/size of another PC machine.

Network diagram
---------------

To do this most effectively, as outlined in previous messages, you need
a machine which has two network interfaces.  In this case, you need a 
machine with two Ethernet cards to make a firewall and router.

>From the back of this machine, you hang an Ethernet hub/switch. 
[Hereafter assumed to be a hub, only because it's less to type]

Your other machines connect to this hub. 
[Arrows in ASCII art only for simplicity - all connections are
actually bidirectional]

               __________________
               [PC running Linux]
{Cable modem}->[card1           ]
               [                ]
           /-<-{card2           ]
           |   [________________]
           |
           V
       (Hub with several ports)
        |      |     |     |    
        V      V     V     V  
      Mach1  Mach2 Mach3 Mach4 ...

--

Children's level analogy of what we want to achieve.
====================================================

[All copyrights and author's rights for the comic strip characters
are acknowledged.  The names are used without express permission but 
purely and solely for illustrative and teaching purposes]

Superman and Superman's girlfriend want relative anonymity and safety.  
They don't want to be widely known/hacked. Superman sets up a Linux box 
which is effectively the "Daily Planet" to the outside world.  Any 'Web 
browsing / file transfer therefore appears to the rest of the world to 
originate from the Daily Planet.   

Any mail from the outside world to Clark Kent and Lois Lane is 
forwarded in to Superman and/or Superman's girl as appropriate.

Mail from "superman@krypton.net" is inherently suspicious :)
so transparent address rewriting takes place as "internal" mail
goes "out" such that all mail appears to come from the machine of 
"clarkkent@dailyplanet.com"

---

Fundamental problem: You want to use your cable modem and to share it 
between several machines. You also want network connectivity / "Windows
shares" to share your three printers out amongst your machines. 

--
Two choices:

Preliminary step: add a second network card to your Win98 box.
If you feel unable to do this, find someone to help you.

1.) Install SuSE 7.2 or later with kernel 2.4 on your Win98 box.  Add in 
the appropriate modules for iptables and netfiltering/netforwarding.
Using the HOWTO's as a reference guide, specifically the 
Masquerading-Simple HOWTO, set up a basic firewall.

Plug internal network hub into one card.  Register second card with
Telewest and plug cable modem into this. Plug other machines into hub
set them up with private addresses and you're done.

If you can't do this, read the manuals first, show that you've read 
them, tried stuff and it didn't work and then complain giving enough 
details as to how it didn't work for someone else to begin to diagnose
the problems.
   
Don't expect too much handholding - you need to be prepared to do some 
things yourself.

Or

Ring up John Winters of the Linux Emporium on Monday morning.
[01491 837010] - I've no connection with him except as a satisfied
customer.

He sells pressed CD's of virtually anything Linux.  Ask him for a copy
of Smoothwall GPL and/or IPCop. [IPCop is a fork from Smoothwall].
£2.50 a disk, delivered by return of post.

Take your Windows box with two network cards.  Insert CD.  Boot.
Follow prompts. This will wipe out the pre-existing contents of your
hard disk - but it will almost invariably give you a working 
firewall/router configuration.

I can guarantee you that with less than two hours work in either
case, you should have a running firewall/router.

<slightly OT>

If you want to run Linux, run Linux.  If you want to complain about
how you can't run Linux because the world is against you, you may
wish to consider your motivations for running Linux or using a PC
in general - if it hurts this much to venture beyond your familiarity
zone then maybe you are better off not doing so.  

Despite the fact that each long email takes me some time to write and 
debug, I am prepared to continue to help you and the wider world 
provided that you and the rest of the wider world are prepared to at 
least attempt a learning curve. 

Now go away or I shall emulate you with a small shell script :)

</slightly OT>

HTH,

Andy