User Tools

Site Tools


unix:gateway

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
unix:gateway [2010/01/13 21:09]
robm
unix:gateway [2018/10/04 14:37] (current)
robm Update link to Knoppix
Line 21: Line 21:
  node [shape=record]  node [shape=record]
  modem [label="{Modem|{<wan>WAN|<lan>LAN}}"]  modem [label="{Modem|{<wan>WAN|<lan>LAN}}"]
- gateway [label="{Gateway|{<lan>eth1|<uplink>eth0}}"]+ gateway [label="{Gateway|<eth0>eth0}"]
  switch [label="Switch"]  switch [label="Switch"]
 } }
Line 31: Line 31:
  modem:lan:e -> switch  modem:lan:e -> switch
  lan -> switch  lan -> switch
- switch -> gateway:lan:w + switch -> gateway:eth0:w
- gateway:uplink:e -> switch+
 } }
  
Line 40: Line 39:
 ^ Device ^ Notes ^ ^ Device ^ Notes ^
 | modem | ADSL modem with 1x phone line socket and 1x ethernet socket. Tends to get clogged for some reason (high latency, but connection stays up) | | modem | ADSL modem with 1x phone line socket and 1x ethernet socket. Tends to get clogged for some reason (high latency, but connection stays up) |
-| gateway | Fast desktop PC with two network adaptorsloads of RAM and nothing much to do |+| gateway | Linux host with *one* network adaptor, and nothing much to do |
 | LAN | 4 or so PCs, Wii, Xbox, couple of Nintendo DS consoles, etc | | LAN | 4 or so PCs, Wii, Xbox, couple of Nintendo DS consoles, etc |
  
Line 63: Line 62:
  subgraph cluster_gateway_pc  subgraph cluster_gateway_pc
  {  {
- gateway_pc [shape=record,label="{<uplink>eth0: 192.168.1.3|{DNS|Traffic Shaping}|<lan>eth1: 192.168.1.2}"]+ gateway_pc [shape=record,label="{DNS|Traffic Shaping|<eth0>eth0: 192.168.1.2}"]
  label="Gateway PC"  label="Gateway PC"
  }  }
Line 73: Line 72:
 { {
 edge [arrowhead=none] edge [arrowhead=none]
-internet -> gateway_modem:wan +internet -> gateway_modem:eth0 
-gateway_modem:lan-> gateway_pc:uplink +gateway_modem:eth0-> gateway_pc:eth0 
-gateway_pc:lan -> lan [label="DNS, IP traffic"+gateway_pc:eth0 -> lan [label="DNS, IP traffic"
-gateway_modem:len -> lan [label="DHCP Only"]+gateway_modem:eth0 -> lan [label="DHCP Only"]
 } }
  
Line 86: Line 85:
   - PC broadcasts via DHCP for an IP address   - PC broadcasts via DHCP for an IP address
   - Modem (LAN, 192.168.1.1) responds with an IP address + static settings   - Modem (LAN, 192.168.1.1) responds with an IP address + static settings
-    * Gateway IP = Gateway (eth1, 192.168.1.2) +    * Gateway IP = Gateway (eth0, 192.168.1.2) 
-    * Primary DNS = Gateway (eth1, 192.168.1.2)+    * Primary DNS = Gateway (eth0, 192.168.1.2)
     * Secondary DNS = Modem (LAN, 192.168.1.1)     * Secondary DNS = Modem (LAN, 192.168.1.1)
   - User of PC starts to browse example.com   - User of PC starts to browse example.com
   - PC queries Gateway (eth1) for IP of example.com (1.2.3.4)   - PC queries Gateway (eth1) for IP of example.com (1.2.3.4)
     * If Gateway's DNS service does not know the IP it will contact the internet via Modem, as below     * If Gateway's DNS service does not know the IP it will contact the internet via Modem, as below
-  - PC connects to example.com (1.2.3.4) via Gateway (eth1, 192.168.1.2)+  - PC connects to example.com (1.2.3.4) via Gateway (eth0, 192.168.1.2)
   - Gateway applies traffic shaping   - Gateway applies traffic shaping
-  - Gateway (eth0) forwards the shaped traffic to Modem (LAN)+  - Gateway forwards the shaped traffic to Modem (LAN)
   - Modem (WAN) forwards connection to ISP   - Modem (WAN) forwards connection to ISP
   - ISP do their thing   - ISP do their thing
   - ISP sends response to Modem (WAN)   - ISP sends response to Modem (WAN)
-  - Modem (LAN) forwards response to Gateway (eth0) +  - Modem (LAN) forwards response to Gateway 
-  - Gateway (eth1) applies traffic shaping and forwards response to PC+  - Gateway applies traffic shaping and forwards response to PC
  
 ===== Configuration ===== ===== Configuration =====
Line 164: Line 163:
 Kernel IP routing table Kernel IP routing table
 Destination     Gateway         Genmask         Flags Metric Ref    Use Iface Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
-192.168.1.1     0.0.0.0         255.255.255.255 UH    0      0        0 eth0 +192.168.1.0     0.0.0.0         255.255.255.0            0        0 eth0
-192.168.1.0     0.0.0.0         255.255.255.0            0        0 eth1+
 0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0 0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
 </code> </code>
  
 Important features: Important features:
-  * The modem is always accessed via interface ''eth0'' +  * All LAN traffic goes via ''eth0''
-  * All other LAN traffic goes via ''eth1''+
   * The rest (internet traffic) should be forwarded through 192.168.1.1 (Modem LAN)   * The rest (internet traffic) should be forwarded through 192.168.1.1 (Modem LAN)
  
Line 181: Line 178:
 </code> </code>
  
-{{:unix:eth1_lan.png|GNOME Network Manager settings for eth1 (LAN)}}+Configuration files to edit: 
 + 
 +''/etc/dhcp3/dhclient.conf''((The ''<hostname>'' text is literal, it seems that dhclient expands this at the right time somehow)): 
 +<code> 
 +option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; 
 + 
 +send host-name "<hostname>"; 
 +send dhcp-requested-address 192.168.1.2; 
 +supersede domain-name "local robmeerman.co.uk"; 
 +supersede routers 192.168.1.1; 
 +prepend domain-name-servers 127.0.0.1; 
 + 
 +request subnet-mask, broadcast-address, time-offset, routers, 
 +        domain-name, domain-name-servers, domain-search, host-name, 
 +        netbios-name-servers, netbios-scope, interface-mtu, 
 +        rfc3442-classless-static-routes, ntp-servers; 
 +</code>
  
-{{:unix:eth0_plusnet.png|GNOME Network Manager settings for eth0 (WAN)}} 
  
 ==== IP Forwarding and NAT ==== ==== IP Forwarding and NAT ====
 +On-the-fly:
 +
 Taken from [[http://www.technize.com/2007/05/03/configuring-a-nat-gateway-in-linux/]] Taken from [[http://www.technize.com/2007/05/03/configuring-a-nat-gateway-in-linux/]]
  
 <code sh> <code sh>
-iptables –flush +echo 1 > /proc/sys/net/ipv4/ip_forward 
-iptables –table nat –flush +</code>
-iptables –delete-chain +
-iptables –table nat –delete-chain+
  
-#Setup IP forwarding and masquerating.. +Persistent:
-iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE +
-iptables –append FORWARD –in-interface eth0 -j ACCEPT+
  
-echo 1 > /proc/sys/net/ipv4/ip_forward+Edit **/etc/sysctl.conf**: 
 +<code> 
 +# Uncomment the next line to enable packet forwarding for IPv4 
 +net.ipv4.ip_forward=1
 </code> </code>
  
-TODOHow to make persistent?+=== Disabling ICMP Host Redirection === 
 + 
 +As you probably noticed from the physical topology diagram, there is only one network interface on the gateway PC, and so you may find that the gateway PC informs all of its clients that they can talk to the modem directly: 
 + 
 +<code> 
 +PING google.com (173.194.37.104) 56(84) bytes of data. 
 +From skuld.local (192.168.1.2): icmp_seq=1 Redirect Host(New nexthop: 192.168.1.1) 
 +64 bytes from lhr14s02-in-f104.1e100.net (173.194.37.104): icmp_seq=1 ttl=57 time=15.4 ms 
 +</code> 
 + 
 +This can be disabled on-the-fly via: 
 + 
 +<code> 
 +echo 0 | sudo tee /proc/sys/net/ipv4/conf/*/accept_redirects 
 +echo 0 | sudo tee /proc/sys/net/ipv4/conf/*/send_redirects 
 +</code> 
 + 
 +**Update 2013-10:** This guide used to update ''/proc/sys/net/ipv4/conf/all/accept_redirects'', but now uses ''*'' in place of ''all''. That was bad as the ''all'' configuration merely sets the default, but won't alter any existing interfaces. Thanks to [[http://unix.stackexchange.com/a/58081/22537|unix.stackexchange.com]] for this tip. 
 + 
 +Or permanently by adding the following to ''/etc/sysctl.conf''. Again, be on the safe side and explicitly name your interfaces: 
 + 
 +<code> 
 +net/ipv4/conf/all/accept_redirects = 0 
 +net/ipv4/conf/all/send_redirects = 0 
 +net/ipv4/conf/eth0/accept_redirects = 0 
 +net/ipv4/conf/eth0/send_redirects = 0 
 +</code>
  
 +See http://www.itsyourip.com/Security/how-to-disable-icmp-redirects-in-linux-for-security-redhatdebianubuntususe-tested/
 ==== DNS Service ==== ==== DNS Service ====
-<code>sudo aptitude install bind9</code> -- nothing to configure!+<code>sudo aptitude install bind9</code> 
 + 
 +  Enable caching 
 +    * ''sudoedit /etc/bind/named.conf.options'' 
 +    * Uncomment ''forwarder'' section and add ISP DNS server IPs: <code> 
 +    forwarders { 
 +        212.159.13.49; 
 +        212.159.13.50; 
 +    }; 
 +</code> 
 +    * ''sudo service bind9 restart'' 
 +  Alias ''ikari.robmeerman.co.uk'' (real public domain name) to a private IP. (This is not required if you have ''search robmeerman.co.uk'' in ''/etc/resolv.conf''
 +    * ''sudoedit /etc/bind/named.conf.local'' 
 +    * <code> 
 +// LAN hosts 
 +zone "ikari.robmeerman.co.uk"
 +    type master; 
 +    file "/etc/bind/db.lan.ikari"; 
 +};    
 +</code> 
 +    * ''sudoedit /etc/bind/db.lan.ikari'' 
 +    * <code> 
 +
 +; BIND data file for local area network (LAN) 
 +;    
 +$TTL    604800 
 +@       IN      SOA     ns.localhost. root.localhost. ( 
 +                              1         ; Serial 
 +                         604800         ; Refresh 
 +                          86400         ; Retry 
 +                        2419200         ; Expire 
 +                         604800 )       ; Negative Cache TTL 
 +;    
 +@       IN      NS      ns.localhost. 
 + 
 +@       IN      A       192.168.1.2 ; Zone's address 
 +*       IN      A       192.168.1.2 ; Wildcard (all sub-domains) 
 +</code>
  
 ==== Traffic Shaping ==== ==== Traffic Shaping ====
Line 213: Line 290:
 sudo wondershaper eth0 $((3712*1000)) $((448*1000)) sudo wondershaper eth0 $((3712*1000)) $((448*1000))
 </code> </code>
 +
 +I used to use Ubuntu's stock ''wondershaper'' package, but now use my own adaptation of it that does *not* shape or police LAN traffic. This allows my gateway PC to double as a file server: internet traffic is shaped and policed to match my ADSL line speeds, while file-server (local) traffic runs at gigabit speeds.
 +
 +See my ADSL project on GitHub: https://github.com/meermanr/adsl
 +
 +<code bash wondershaper>
 +#!/bin/bash -e
 +
 +# Adapted from http://lartc.org/wondershaper/
 +
 +DEV=$1
 +DOWNLINK=$2
 +UPLINK=$3
 +
 +# The following fudge factors allow you to express the usable % of your link.  
 +#
 +# Experimentation has shown that ~75% of the author's ADSL downlink can be used 
 +# before upstream congestion starts to affect round-trip times. In other words, 
 +# by throttling our download speeds we can ensure that our ISP does not queue 
 +# any packs on our behalf, giving us full control over congestion.
 +DOWNFACTOR='74/100'
 +UPFACTOR='75/100'
 +
 +if [ "x$DEV" = "x" ]
 +then
 +    echo "Usage: $0 (DEV) [ 'clear' | (DOWNLINK kbit/s) (UPLINK kbit/s) ]"
 +    exit 0
 +fi
 +
 +# Display status when DOWNLINK/UPLINK are ommitted
 +if [ "x$DOWNLINK" = "x" ]
 +then
 +    #echo "--------------------------------------------------------------------------------"
 +    #iptables -nvL -t mangle
 +    #echo "--------------------------------------------------------------------------------"
 +    tc -s filter ls dev $DEV
 +    echo "--------------------------------------------------------------------------------"
 +    #tc -s qdisc ls dev $DEV
 +    #echo "--------------------------------------------------------------------------------"
 +    tc -s class ls dev $DEV
 +    exit 0
 +fi
 +
 +# Clear both IN and OUT
 +tc qdisc del dev $DEV root    2> /dev/null > /dev/null || true
 +tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null || true
 +
 +# Flush and delete all mangle rules
 +iptables -F 
 +iptables -X 
 +iptables -t mangle -F 
 +iptables -t mangle -X 
 +
 +if [ "x$DOWNLINK" = "xclear" ]
 +then
 +    echo "Cleared traffic rules on $DEV"
 +    exit 0
 +fi
 +
 +trap "$0 $1 clear" ERR
 +
 +# Calculations
 +#
 +# Target latency is < 50ms. This means max burst length should be limited to 
 +# 1/20th the queue's rate.
 +
 +
 +LOCALIP=$(ifconfig eth0 | sed -ne 's/^.*inet addr:\([0-9.]\+\).*/\1/p')
 +
 +# =============================================================================
 +# Queues and Classes
 +# =============================================================================
 +# 1: ROOT
 +# |-- 1:ff LOCAL_TRAFFIC (to/from this host itself)
 +# | `-- ff: (sfq)
 +# |-- 1:1 INTERNET->LAN (downlink)
 +# | `-- 10: (red) Drop traffic as link approaches congestion
 +# `-- 1:2 LAN->INTERNET (uplink)
 +#   |-- 1:21: High priority
 +#   | `-- 21: (sfq)
 +#   |-- 1:22: Medium priority
 +#   | `-- 22: (sfq)
 +#   `-- 1:23: Low priority
 +#     `-- 23: (sfq) Low priority
 +
 +# ROOT
 +tc qdisc add dev $DEV root handle 1: htb
 +
 +    # LOCAL TRAFFIC
 +    tc class add dev $DEV parent 1: classid 1:ff htb \
 +        rate 100mbit \
 +        burst $((100/20))mbit \
 +        cburst $((100/20))mbit \
 +        prio 1
 +
 +        # .. and its actual queue that holds the packets
 + tc qdisc add dev $DEV parent 1:ff handle ff: sfq perturb 10
 +
 +    # INTERNET->LAN (downlink)
 +    tc class add dev $DEV parent 1: classid 1:1 htb \
 +        rate $(($DOWNLINK*$DOWNFACTOR))kbit \
 +        ceil $(($DOWNLINK*$DOWNFACTOR))kbit \
 +        burst $(($DOWNLINK*$DOWNFACTOR/20))kbit \
 +        cburst $(($DOWNLINK*$DOWNFACTOR/20))kbit \
 +        prio 10
 +
 +        # .. and its actual queue that holds the packets
 +        # Note: All values are in BYTES. It doesn't seem to accept "kbit"
 +        #
 +        # The burst calculation needs to be increased by one so as to avoid an 
 +        # internal assert in the qdisc (seems our target and their min 
 +        # acceptable burst are one and the same)
 +        tc qdisc add dev $DEV parent 1:1 handle 10: red \
 +            limit $(($DOWNLINK*$DOWNFACTOR*1000/8)) \
 +            avpkt 1500 \
 +            burst $((($DOWNLINK*1000/8/20/1500)+1)) \
 +            min   $(($DOWNLINK*1000/8/20)) \
 +            max   $(($DOWNLINK*$DOWNFACTOR*1000/8)) \
 +            ecn \
 +            probability 1
 +
 +    # LAN->INTERNET (uplink)
 +    tc class add dev $DEV parent 1: classid 1:2 htb \
 +        rate $(($UPLINK*$UPFACTOR))kbit \
 +        ceil $(($UPLINK*$UPFACTOR))kbit \
 +        burst $(($UPLINK/20))kbit \
 +        cburst $(($UPLINK/20))kbit \
 +        prio 20
 +
 +        # High priority
 +        tc class add dev $DEV parent 1:2 classid 1:21 htb \
 +            rate $(($UPLINK*$UPFACTOR*4/6))kbit \
 +            ceil $(($UPLINK*$UPFACTOR))kbit \
 +            prio 0
 +
 +        # Medium priority
 +        tc class add dev $DEV parent 1:2 classid 1:22 htb \
 +            rate $(($UPLINK*$UPFACTOR*2/6))kbit \
 +            ceil $(($UPLINK*$UPFACTOR))kbit \
 +            prio 1
 +
 +        # Low priority
 +        tc class add dev $DEV parent 1:2 classid 1:23 htb \
 +            rate $(($UPLINK*$UPFACTOR*1/6))kbit \
 +            prio 2
 +
 +        # .. and their actual queues that hold the packets
 +        for ID in 21 22 23
 +        do
 +            tc qdisc add dev $DEV parent 1:$ID handle $ID: sfq
 +            ## tc qdisc add dev $DEV parent 1:$ID handle $ID: red \
 +            ##     limit $(($UPLINK*$UPFACTOR*1000/8)) \
 +            ##     avpkt 1500 \
 +            ##     burst $((($UPLINK*1000/8/20/1500)+1)) \
 +            ##     min   $(($UPLINK*1000/8/20)) \
 +            ##     max   $(($UPLINK*$UPFACTOR*1000/8)) \
 +            ##     ecn \
 +            ##     probability 1
 +        done
 +
 +
 +# =============================================================================
 +# Filters
 +# =============================================================================
 +
 +# -----------------------------------------------------------------------------
 +# LOCAL TRAFFIC
 +# Mark traffic generated by this host itself (INPUT + OUTPUT, but not FORWARD)
 +iptables -t mangle -A INPUT  -p all -i $DEV -j MARK --set-mark 0xff
 +iptables -t mangle -A OUTPUT -p all -o $DEV -j MARK --set-mark 0xff
 +
 +# ("fw" means the handle refers to a MARK, rather than a qdisc)
 +tc filter add dev $DEV parent 1: protocol ip prio 1 handle 0xff fw classid 1:ff
 +
 +# -----------------------------------------------------------------------------
 +# INTERNET->LAN (downlink)
 +#
 +# Note: We assume that LAN->LAN traffic is *not* forwarded through this host, 
 +# and so we need only check the destination of a given packet. We've already 
 +# taken care of this host's own traffic above.
 +
 +iptables -t mangle -N DOWNLINK
 +iptables -t mangle -A DOWNLINK -p all -j MARK --set-mark 0x1
 +tc filter add dev $DEV parent 1: protocol ip prio 2 handle 0x1 fw classid 1:1
 +
 +for SUBNET in 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12 
 +do
 +    iptables -t mangle -A PREROUTING -p all -i $DEV ! -s $SUBNET -d $SUBNET -j DOWNLINK
 +done
 +
 +
 +# -----------------------------------------------------------------------------
 +# LAN->INTERNET (uplink)
 +#
 +# Note: Assumes that all downlink and private traffic have already been 
 +# classified, so no source checks are performed.
 +
 +iptables -t mangle -N UPLINK
 +iptables -t mangle -A UPLINK -p all -j MARK --set-mark 0x22     # Default to medium priority
 +#for CHAIN in PREROUTING INPUT FORWARD OUTPUT POSTROUTING DOWNLINK UPLINK
 +#do
 +#    iptables -t mangle -I $CHAIN -p tcp --sport 12345 -j MARK --set-mark 0/0
 +#    iptables -t mangle -I $CHAIN -p tcp --dport 12345 -j MARK --set-mark 0/0
 +#done
 +
 +for SUBNET in 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12 
 +do
 +    iptables -t mangle -A PREROUTING -p all -i $DEV -s $SUBNET ! -d $SUBNET -j UPLINK
 +done
 +
 +##
 +## HIGH PRIORITY ##
 +##
 +
 +# TOS Minimum Delay (ssh, NOT scp)
 +tc filter add dev $DEV parent 1: protocol ip prio 20 u32 \
 +    match ip tos 0x10 0xff \
 +    flowid 1:21
 +
 +# ICMP (ip protocol 1) in the interactive class so we can do measurements & 
 +# impress our friends:
 +tc filter add dev $DEV parent 1: protocol ip prio 20 u32 \
 +    match ip protocol 1 0xff \
 +    flowid 1:21
 +
 +# Prioritize small packets (<64 bytes)
 +tc filter add dev $DEV parent 1: protocol ip prio 20 u32 \
 +    match ip protocol 6 0xff \
 +    match u8 0x05 0x0f at 0 \
 +    match u16 0x0000 0xffc0 at 2 \
 +    flowid 1:21
 +
 +# Prioritise ACK packets (but only if they are small)
 +# IP protocol 6,
 +# IP header length 0x5(32 bit words),
 +# IP Total length 0x34 (ACK + 12 bytes of TCP options)
 +# TCP ack set (bit 5, offset 33)
 +tc filter add dev $DEV parent 1: protocol ip prio 20 u32 \
 +    match ip protocol 6 0xff \
 +    match u8 0x05 0x0f at 0 \
 +    match u16 0x0000 0xffc0 at 2 \
 +    match u8 0x10 0xff at 33 \
 +    flowid 1:21
 +
 +# Traffic headed to robmeerman.co.uk (typically SSH proxying to else where)
 +tc filter add dev $DEV parent 1: protocol ip prio 20 u32 \
 +    match ip dst 85.119.82.218/32 \
 +    flowid 1:21
 +
 +# Traffic originating from the Xbox should be treated as urgent
 +tc filter add dev $DEV parent 1: protocol ip prio 20 u32 \
 +    match ip src 192.168.1.2/32 \
 +    flowid 1:21
 +
 +
 +##
 +## LOW PRIORITY ##
 +##
 +
 +# # WiiU, while it's downloading purchases
 +# tc filter add dev $DEV parent 1: protocol ip prio 30 u32 \
 +#     match ip src 192.168.1.5/32 \
 +#     flowid 1:23
 +
 +# TOS High Throughput
 +tc filter add dev $DEV parent 1: protocol ip prio 30 u32 \
 +    match ip tos 0x8 0xff \
 +    flowid 1:23
 +
 +# If no other filter has classified the packet, then use FW markers (set by 
 +# iptables -j MARK). All UPLINK packets are marked as 0x22 by default (see 
 +# iptables command earlier)
 +tc filter add dev $DEV parent 1: protocol ip prio 40 handle 0x21 fw classid 1:21 # High priority
 +tc filter add dev $DEV parent 1: protocol ip prio 40 handle 0x22 fw classid 1:22 # Medium priority
 +tc filter add dev $DEV parent 1: protocol ip prio 40 handle 0x23 fw classid 1:23 # Low priority
 +
 +
 +# Reset counters, so that packet counts are in sync (it takes time to add 
 +# rules, and during that time the first rule added may be hit, leading to 
 +# confusing packet counts: "But these rules should always apply to the same 
 +# packets! How can their hit count be different?"
 +iptables -t mangle -Z
 +</code>
 +==== Transparent Web Proxy ====
 +
 +<code>sudo aptitude install squid</code> to install Squid v2.7.
 +
 +Then edit ''/etc/squid/squid.conf'' so that
 +  - the ''http_port'' tag is set to ''http_port 3128 transparent''
 +  - the ''http_access allow localnet'' is uncommented
 +
 +Restart Squid (''sudo service squid restart'') and then foribly redirect web traffic to the proxy:
 +
 +<code>iptables -t nat -A PREROUTING ! -d 192.168.0.0/16 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128</code>
  
 ===== The 1 NIC problem ===== ===== The 1 NIC problem =====
Line 218: Line 589:
  
 ==== My Solution ==== ==== My Solution ====
-I use WinXP on my laptop, and happened to have a copy of [[http://www.vmware.com/|VMware]]((A "PC Emulator", it creates a blank virtual PC for you to do what you like with.)) installed so I setup a new virtual machine with two NICs and inserted my trusty [[http://www.knoppix.org/|Knoppix Linux LiveCD]]((This is a bootable copy of Debian Linux, which is famous for having a complete toolset and great hardware auto-detection)). Once booted I used the [[http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html|Linux IP Masquerade HOWTO]] to get things going.+I use WinXP on my laptop, and happened to have a copy of [[http://www.vmware.com/|VMware]]((A "PC Emulator", it creates a blank virtual PC for you to do what you like with.)) installed so I setup a new virtual machine with two NICs and inserted my trusty [[http://www.knopper.net/knoppix/index-en.html|Knoppix Linux LiveCD]]((This is a bootable copy of Debian Linux, which is famous for having a complete toolset and great hardware auto-detection)). Once booted I used the [[http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/index.html|Linux IP Masquerade HOWTO]] to get things going.
  
 Amazingly, this worked! I had 3 IPs on one NIC: 2 for the virtual machine running Knoppix, and 1 for Windows itself. Actually, IIRC, all 3 actually had seperate MAC addresses too. Amazingly, this worked! I had 3 IPs on one NIC: 2 for the virtual machine running Knoppix, and 1 for Windows itself. Actually, IIRC, all 3 actually had seperate MAC addresses too.
unix/gateway.1263416989.txt.gz · Last modified: 2010/01/13 21:09 by robm