For connection sharing to work you need to have two or more network devices in your firewall. If the local network is set up correctly, enabling connection sharing is as easy as enabling the option in either the firewall wizard or the Firestarter preferences.
The physical setup and network device settings
The Firewall/gateway machine connected to the Internet will need two network cards and the clients need one each.
The first network card in the firewall, the external interface, will be the one physically connected to the Internet. This card is usually automatically configured with DHCP. The second network card in the firewall, the internal interface, will be connected to the client machines via either a crossover cable if the connection goes directly to another computer, or regular cable if you have a hub or switch.
No matter how you decide to configure the network cards, these are settings you should enter:
For the external device (usually eth0):
- Enable dynamic IP configuration (DHCP)
- That's it. You're done, don't touch this card further.
- Disable dynamic IP configuration
- IP address: 192.168.0.1
- Netmask: 255.255.255.0
- Default gateway (IP):
Configuring the clients
There are two ways to configure the clients. The more elegant and in the long run easier way is to run a DHCP service on the firewall. A DHCP server distributes the network settings such the IP address, the default gateway, nameservers, etc. at run time to the each client. The alternative to using a DHCP server is to configure every client manually.Using the DHCP service is as easy as simply enabling it in Firestarter. For more information about the service and how to configure it, refer to the section on configuring the DHCP server.
When using DHCP, the clients need only be configured to use dynamic IP configuration. No other settings need to be changed.
Configuring the clients manually
If you do not wish to use the DHCP service, configure the network devices of the clients to use the following settings:- Disable dynamic IP configuration
- IP address: 192.168.0.2 to 192.168.0.254, with each client using an unique IP
- Netmask: 255.255.255.0
- Default gateway (IP): 192.168.0.1
- Primary nameserver: Set this to the same nameserver as used on the firewall. You can see the correct setting in the /etc/resolv.conf file on the firewall.
Testing the Setup
The computers should now be connected and the hardware level configuration complete. To test that everything is ok, try pinging the gateway from the client and vice versa.Enter the following at the firewall machine console, to test that the gateway can reach the client:
[bash]$ ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2) from 192.168.0.1 : 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_seq=1 ttl=255 time=1.37 ms
64 bytes from 192.168.0.2: icmp_seq=2 ttl=255 time=0.635 ms
64 bytes from 192.168.0.2: icmp_seq=3 ttl=255 time=0.638 ms
--- 192.168.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% loss, time 2010ms
rtt min/avg/max/mdev = 0.635/0.882/1.375/0.349 ms
[bash]$
In case of DHCP, the IP's might be randomly assigned
PING 192.168.0.2 (192.168.0.2) from 192.168.0.1 : 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_seq=1 ttl=255 time=1.37 ms
64 bytes from 192.168.0.2: icmp_seq=2 ttl=255 time=0.635 ms
64 bytes from 192.168.0.2: icmp_seq=3 ttl=255 time=0.638 ms
--- 192.168.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% loss, time 2010ms
rtt min/avg/max/mdev = 0.635/0.882/1.375/0.349 ms
[bash]$
If it is not working you know that the problem lies with the hardware or network configuration. It is common to get the default gateway setting wrong, so double check it.
At this point:
- The firewall machine should be able to reach the Internet
- The clients and firewall should be able to ping each other
- The clients should be able to reach the Internet if the Internet connection sharing option is enabled in Firestarter.
Navdeep Infotech Pvt Ltd Copyright 2010
No comments:
Post a Comment