Jake,
Sharing one Ip address with multiple computers is easy with linux.
The technology is called NAT: network address translation.
First you must recompile your kernel (see kernel HOWTO:/usr/doc/HOWTO)
with IP_Masquerading support enabled.
There is an IP Masquerade HOWTO. Skim through that, to get the specific kernel
options you need. (Although, this is much more extensive than you need to just setup
NAT).
Then you need a startup script, commonly called rc.firewall. This script enables
packet forwarding, and masquerading.
Here's a sample script, attached. You'll need to edit it for your understanding, and
for your IP addresses.
There's also plenty of resources online, and more examples, functionality, and scripts
with ipchains, ipmasqadm, and other utilities to configure your kernel firewall.
Search on google for keywords such as: NAT rc.firewall masquerade, each one with
'linux'.
Cory
On Wed, Oct 25, 2000 at 12:02:39AM -0700, jake wrote:
> > # perl -MCPAN -e 'shell'
>
> Great if on the 'net. Unfortunately, I'm putting this on my laptop, which has a
> softmodem, for which I could not find linux software. I only have one IP
> address, and I haven't figured out IP masquerading yet, or if it's possible to
> have a network share one IP address on the internet. (that would be a good
> topic for a Thursday night clinic, IMOHO;)
>
> The Debian modules and executables are in /usr/lib/perl5 (appearantly perl
> 5.6.0 doesn't like this generic path) and /usr/lib/perl5/Debian
>
> Here's how I did it (as if anyone cares):
> lap:/usr/local/perl# sh Configure
> <defaults until...>
> Installation prefix to use? (~name ok) [/usr/local] /usr
> <defaults until...>
> Do you want to configure vendor-specific add-on directories? [n] y
> Installation prefix to use for vendor-supplied add-ons? (~name ok)
> /usr/lib/perl5/Debian
> Pathname for the vendor-supplied library files? (~name ok)
> [/usr/lib/perl5/Debian/lib/perl5/vendor_perl/5.6.0] /usr/lib/perl5/Debian
> <defaults until...>
> Installation prefix to use for add-on modules and utilities? (~name ok) [/usr]
> /usr/lib/perl5
> <defaults until...>
> Pathname where the add-on public_executables should be installed? (~name ok)
> [/usr/lib/perl5/bin] /usr/lib/perl5
> <defaults until...>
> Pathname for the vendor-supplied executables directory? (~name ok)
> [/usr/lib/perl5/bin] /usr/lib/perl5
> <defaults to the end>
> lap:/usr/local/perl# make
> lap:/usr/local/perl# make test
> lap:/usr/local/perl# make install
> lap:/usr/local/perl# perl -e 'foreach (@INC) { print "$_\n"; }'
> /usr/lib/perl5/5.6.0/i586-linux
> /usr/lib/perl5/5.6.0
> /usr/lib/perl5/lib/perl5/site_perl/5.6.0/i586-linux
> /usr/lib/perl5/lib/perl5/site_perl/5.6.0
> /usr/lib/perl5/lib/perl5/sie_perl/5.005
> /usr/lib/perl5/lib/perl5/site_perl
> /usr/lib/perl5/Debian/i586-linux
> /usr/lib/perl5/Debian
> /usr/lib/perl5/Debian
> ###still no /usr/lib/perl5###
> lap:/usr/local/perl# cd /usr/lib/perl5
> lap:/usr/lib/perl5# mv Devel/ Debian/Devel
> lap:/usr/lib/perl5# mv Dpkg/ Debian/Dpkg
> lap:/usr/lib/perl5# mv I18N/ Debian/I18N
> lap:/usr/lib/perl5# mv Net/ Debian/Net
> lap:/usr/lib/perl5# mv Proc/ Debian/Proc
> lap:/usr/lib/perl5# mv Filesys/ Debian/Filesys
> lap:/usr/lib/perl5# mv SGMLS/ Debian/SGMLS
> lap:/usr/lib/perl5# mv Term/ Debian/Term
> lap:/usr/lib/perl5# mv Text/ Debian/Text
> lap:/usr/lib/perl5# mv URI/ Debian/URI
> lap:/usr/lib/perl5# mv *.pm Debian/
> lap:/usr/lib/perl5# cd Debian/
> lap:/usr/lib/perl5/Debian# ln -s ../ppd.pl ppd.pl
> lap:/usr/lib/perl5/Debian# ln -s ../dialog.pl dialog.pl
> lap:/usr/lib/perl5/Debian# ln -s ../printcap.pl printcap.pl
> lap:/usr/lib/perl5/Debian# ln -s ../psptools.pl psptools.pl
> lap:/usr/lib/perl5/Debian# ln -s ../sgmlspl-specs/ sgmlspl-specs
>
> I haven't had any problems yet, but it's only been a couple of days. At least
> dpkg works now. (I didn't move and link all the files at first)
>
> Jake,
> [EMAIL PROTECTED]
#!/bin/sh
#
PATH=/sbin:/bin:/usr/sbin:/usr/bin
case "$1" in
stop)
#flush all rules
ipchains -F input
ipchains -F output
ipchains -F forward
;;
down)
#flush all rules, and turn off firewall
ipchains -F input
ipchains -P input ACCEPT
ipchains -F output
ipchains -P output ACCEPT
ipchains -F forward
ipchains -P forward ACCEPT
;;
start)
#enable rules for forwarding and masquerading
# Load required ip_masq modules (FTP included here)
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
# Enable IP forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
# Assign external IP variables
extip="208.130.234.33"
extif="eth1"
# Assign internal IP variables
intif="eth0"
intnet="10.0.0.0/24"
# Initialize MASQ timeout and standard chains
ipchains -M -S 7200 10 60
ipchains -F input
ipchains -P input REJECT
ipchains -F output
ipchains -P output REJECT
ipchains -F forward
ipchains -P forward DENY
# Setup input policy
# local interface, local machines, going anywhere is valid
ipchains -A input -i $intif -s $intnet -d 0.0.0.0/0 -j ACCEPT
# reject IP spoofing where external computer claims to be a local
ipchains -A input -i $extif -s $intnet -d 0.0.0.0/0 -l -j REJECT
# allow external access via external interface
ipchains -A input -i $extif -s 0.0.0.0/0 -d $extip/32 -j ACCEPT
# loopback interface is valid
ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
# Setup output policy
# all outgoing traffic is allowed
ipchains -A output -i $intif -s 0.0.0.0/0 -d $intnet -j ACCEPT
# prevent traffic for local network from using external interface
ipchains -A output -i $extif -s 0.0.0.0/0 -d $intnet -l -j REJECT
# prevent traffic from local network from using external interface
ipchains -A output -i $extif -s $intnet -d 0.0.0.0/0 -l -j REJECT
# anything else can go out
ipchains -A output -i $extif -s $extip/32 -d 0.0.0.0/0 -j ACCEPT
# loopback interface is valid
ipchains -A output -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
# Setup forwarding policy
# Masquerade local net traffic to anywhere
ipchains -A forward -i $extif -s $intnet -d 0.0.0.0/0 -j MASQ
;;
* | status)
#display all rules
ipchains -L -n
;;
esac
