[SWLUG] Making a network

Robert McQueen robot101 at debian.org
Sat Dec 21 02:27:47 UTC 2002 

On Sat, Dec 21, 2002 at 01:41:43AM +0000, STEPHEN CONSTANTINOU wrote:
> If I:
> 1) turn all devices off
> 2) physicaly connect the patch cables from switch to pc and from switch to laptop and from switch to cable modem
> 3) turn cable modem on and let it light up and settle down so that all lights are on
> 4) turn on laptop
> 5) turn on PC
> will I achive my objectives ?

Unfortunately not. The cable modem only has one IP for you, and will
give it to the first system to turn on. This means the laptop will get
the internet IP and get internet access, but the PC will not get any
network access at all, and there will be no inter-communication between
them.

If you wish to have several computers behind a connection that's
designed for a single system, you need something called NAT (Network
Address Translation) or IP Masquerading - these are the same thing,
although NAT can encompass far more complicated things. The idea of IP
masquerading is that machines inside the LAN have private IP addresses,
which are reserved for LANs and the like, and not valid on the internet.

These LAN machines can thereby talk to each other, and to a machine or a
little box which connects the LAN to the internet, called a gateway.
When they try and make a connection outside of the LAN, they contact the
gateway (this is how IP usually works). In IP masquerading, the gateway
forwards the request on to the internet, but pretends the request
originated with itself. It remembers the original machine in the LAN
that made the request, and forwards the replies to the request it gets
from the internet back in to that machine on the LAN.

The LAN then thinks it has a direct internet connection, but the outside
world only sees one machine. Furthermore, the machines in the LAN
cannot be directly contacted from the outside because they are so
hidden. The only traffic forwarded in by the gateway (unless you
configure it otherwise) is in reply to outgoing traffic, so it acts as a
simple firewall too.

You have three choices about what the gateway is, in order of
preference:
 * An old box running Linux. I have a stack of ~8 suitable machines in
   my bedroom, and I'd be very happy to see one go to a good home. You
   could install it with smoothwall to ease the configuration and setup
   of your LAN. This is my preference - I have one under my stairs doing
   this job (although it runs Debian =). The only cost would be a pint
   for the machine, and probably £10 or so for two old network cards
   (one for the LAN, one for the cable modem).
 * Some sealed device from NetGear or D-Link that integrates a cable
   modem, a switch, and simple IP Masq. This has the disadvantage of
   being more expensive and thoroughly inflexible, so even if you wanted
   to, say, run a server, or forward ports in to machines on your LAN
   for gaming, instant messaging, media streaming, or whatever, you'd be
   unable to. It's probably still fairly secure as a consequence, but I
   wouldn't like one. =)
 * A suitable overpowered machine running Windows ME, 2000 or XP with
   two network cards and using Internet Connection Sharing (which is
   basically IP masq). This has the disadvantage that the machine facing
   the internet runs Windows, which has a tendency to be a little too
   liberal with what ports it keeps open and such like. It will also
   mean the Windows machine would have to be on in order for the laptop
   to get internet connectivity, which sucks.

> Ant advice appreciated.

Hope this helps.

> Hope to hear from you
> 
> Stephen (Swansea, Wales, UK)

Regards,
Rob

More information about the Swlug mailing list