Caution! Entering the realm of confusion and frustration!

There's two ways (in my mind) to share a broadband (DSL/Cable) connection - the Easy Way, or the Sometimes Cheap way. Since this guide is based on a Linux firewall/router, you need to possess some Linux experience. If etc/rc.d/ or make bzImage look unfamiliar, I highly recommend going the Easy Way. Not to say that you won't be able to do the Sometimes Cheap way, but time is money and you'll probably end up saving both.

This isn't a generalized guide (check Resources for that), but I think it'll help for (former) Excite@Home and AT&T@Home customers. A little. I hope.

The One Requirement for Either Method:

An external modem
- A modem that outputs via ethernet is a must. If you got an internal or USB modem. . . well, try and switch to an external modem.
- A USB or internal modem can't connect to a hub, meaning the signal can't be sent to other computers.

Easy Way

Buy one of those new fangled switch/firewall boxes. The best site (by far) for reviews/help/info is PracticallyNetworked. A typical installation goes like:

Plug modem into box
Plug computers into box
Configure box and computers
Done!

The manufactures (usually) include nice manuals and have toll-free tech support; the Sometimes Cheap way has neither. So why bother with the Sometimes Cheap way? If you have a computer laying around, the Sometimes Cheap way is much cheaper then a switch/firewall (around $150). If not, you'll have to scrounge up a computer or buy another one, hence the name of this method - it could be cheap, then again, maybe not.

You'll probably have to add another NIC ($10+), but not much else. If you got the equipment, the time, and most importantly the patience, read on. For those lacking two out of three, but still want to feel vagely

Sometimes Cheap way

What's Your Setup?

AT&T@Home - The only cable modem provider in my area.
RCA DCM215 Cable Modem - No, I don't know any hacking tricks. Also, there are no drivers! It's totally reliant on your ethernet card.
Slackware 7 - My Linux distro of choice, current version is 8.
Kernel 2.2.19 - 2.4 is out, but since everything is working, I'm not upgrading.
IP Masquerade
IP Chains
Netgear FA310TX NIC x 2 - Both are the older version that use the Digital 21140 (Tulip) chipset, newer versions (anything in stores today) use a clone chip. I couldn't get the clone version to work, but Your Mileage May Vary. Check Donald Becker's site for the latest drivers.
Netgear EN104TP Hub - No drivers for this piece of equipment either (some people search for "en104tp drivers"). Hubs usually aren't the cause of any problems, unless you've pressed the "uplink" button by accident.
Random Cat-5 ethernet cables
PMFirewall - A script that does it all! When the hardware is setup, PMFirewall takes over and does the rest.

I didn't exactly start from scratch. The box functioned as a SETI@Home cruncher, and everything ran smoothly. The only thing I did was toss in another NIC and enable/change some software.

In a fearsome display of drawing prowess, here's my actual setup:

My network setup through the power of Visio!

The Linux box (Slacker) contains two NICs, one running to the cable modem, and the other to a hub which the other computers are connected. Thus the Linux box straddles two networks, the Internet, and the private network. The Internet side requires a real IP address, while the internal network can use any private network address. I use the 192.168.1.X address space for unknown reasons. The other computers are (left to right) Win98, Win98, Win2000.

Step One: Hardware

I recommend using two identical NICs, preferably PCI so you won't have to mess with probing and such. I don't have any experience beyond the FA310TX, so read up here to figure out what to buy.

Step Two: Software Config of the Linux Box

My config files (with some privacy edits):

/etc/rc.d/rc.inet1 - Sets the ethernet cards. For PCI cards, eth0 is the first card from the top (assuming you have a tower-style case).
/etc/rc.d/rc.inet2 - Turns on packet forwarding.
/etc/modules.conf - note the two alias lines for eth0 and eth1.
/etc/hosts - Type names instead of IPs for the computers on the LAN.
/etc/resolv.conf - All important DNS lookup, forget this and nothing will resolve.

Pull out the yellow sheet of paper the cable installer gave you. On it are all the numbers you'll need, although they're poorly labeled. I chose to hardcode the IP because I couldn't get DHCP to work, YMMV. I haven't experienced any problems with the hardcoded IP address. Here's the guide:

CIP: IP Address
PRI: Primary DNS
SEC: Secondary DNS
DGA: Gateway
BA: Broadcast Address
NET: Netmask

If you've just been switched to AT&T Broadband, here's what you'll need to do to get back online. Plug the cable modem into one of your Windows computers, clear out all the networking settings (setting IP to "obtain automatically"), then reboot. Run winipcfg then hit the "more info" button. Write down the new IP address, DNS address, netmask, and gateway. Plug these numbers into the Linux box, the broadcast address is just the IP address with the last three digits as 255

Most addresses go into rc.inet1, while the DNS addresses go into resolv.conf.

For specific kernel compilation options, read this section of the IP Masquerade HOW-TO. Really. It won't work if you don't. Ignore the sections about creating a rc.firewall file, we'll let PMFirewall do that.

TIP: Compile the driver for the NICs into the kernel (*) not as a module (M).

Compile, make modules, etc, reboot. Confused? Read the Kernel How-To.

Connect the cable modem to the Linux box if you haven't already.

Everything ok? Try using lynx or ftp on the Linux box, you should be able to get out to The World.

Download PMFirewall and install (very simple), it'll turn on the various IP Masq options you created in the kernel. At this point your box is ready to serve! (After another reboot).

Step Three: Software Config of the Other Boxes

Quick text rundowns from the IP Masq HOW-TO; contains instructions for almost every OS under the sun.

Windows 98

Head for the Network Control Panel. Open up TCP/IP -> NIC properties. Only two changes to make:

Gateway properties

Add the IP address of the Linux box's internal NIC as the gateway. Note that in rc.inet1 the internal NIC isn't assigned a gateway.

DNS properties

Create a hostname (I use the computer name), add the domain (for AT&T customers: attbi.com), then the primary DNS address.

That's it! Reboot the computer and you're done. Most services (FTP, WWW, ICQ, etc) will function normally without any configuration changes. If something pukes, check the IP Masq Apps page.

Windows 2000

Follow the first four boxes of the Win2K Networking Page to arrive at the correct dialog box, only two changes to make:

Win2K Setup

Add the IP address of the Linux box's internal NIC as the gateway.
Add the DNS server(s).
Reboot and be happy!

@Home Notice: You'll need to change your mail/news settings from "mail" and "news" to a FQDN. My full address is c-123456a.sttln1.wa.home.com, so my POP3/SMTP host is set as mail.sttln1.wa.home.com and my NNTP server is news.sttln1.wa.home.com. Again, look at the yellow sheet of paper for the proper city/state code.

AT&T customers: The POP3/SMTP address is simple, mail.attbi.com

Resources

Sentry Firewall is a Slackware-based "firewall/router on a CD".
A great page on Linux networking (with more diagrams!) is the nanux.com Lab, in fact, it's a whole lot more complete then this page will get. If you don't find a solution here, I recommend browsing around the nanux.com site.
PracticallyNetworked
Slackware.com General Forum - Just remember to search the archives before posting a question.
alt.os.linux.slackware - Accessible via deja.com if you don't have USENET access. It's populated by reasonable Slack-heads.

Version 1.3.1
Last updated......... 12/2/01

Return to Basic Home Networking
Email questions/comments