Getting a small office LAN online using one modem and Linux

Setting up a small office or home with Internet access through one Linux Box

This tutorial will get you running with a minimal amount of knowledge or expertise in Linux. This tutorial uses RedHat Linux, but can be adapted to any Linux environment (just about). Do obtain a basic Unix book so that you understand what "/, cd, ls, rm, ln, cp, mv and vi" are. You will have to know the vi editor to work with all of these text files. I have created a quickie tutorial here.

The problem for small offices is that for internet access, they either need individual analog lines and modems, or they need proxy software. Proxies are fine, but Linux is free or close to it, and is transparent to the client. The advantage a proxy offers is bandwidth savings. This scenario will not cache ftp or http connections. If you require proxy caching, you may be interested in Linux 'squid'. The advantage to masquerade is that it is invisible to the user. It also runs great on old hardware you may have thought about throwing out.

This diagram shows the standard setup for a Linux masquerade for a small office. You could hang 30 or 40 clients off of the Linux router, but the 56k modem wouldn't be able to handle it. If that is your plan, substitute 2 channel ISDN, ADSL, Cable modem or a T1. It isn't as difficult as it may sound. Your ISP would configure the ISDN or T1 router, then hand a crossover cable to another Ethernet card on the Linux box. But I'm not getting into that detail here. The same principles I outline could easily be adapted with a little understanding. If you are interested in T1 or DS3 cards for Linux, see my WAN page.

The parts shown in red are considered 'hot'. Any outside traffic could be dangerous, even if your ISP gives you a variable IP address every time you dial in. You are still prone to attack. That's why you will configure this box not only as a router, but as a firewall as well.

Anyway - if you have come this far, you already know WHY you want to use Linux, now lets get into the HOWTO.

Prep the machine
First - get a hold of a 486 or low grade Pentium. It needs a basic video card, 8Mb ram, small hard drive (500 Mb is fine), CD-ROM, 3.5 Floppy, 56k modem and a good network card. I use the Netgear FA310TX 10/100 card which uses the tulip driver included with RH5.2. It took me a while to get that specific driver working under earlier versions of RH, but 5.2 seems to have cleared out the bugs.

Install your Ethernet card and other peripherals. Insert the boot disk that came with RedHat (or build a new one using the dos utilities on the CD) and start the install. You will need some basic information, like your ISP's nameservers and what you want to call your new box. The install is fairly straightforward. If you are feeling adventurous, install X Windows (a GUI interface similar to MS Windows 95) as well. I don't use it for dedicated routers, and I won't cover how to set it up or use it here. I will assume you are not using it.

How you set up your hard drive is up to you. On a smaller drive, I just set a 50Mb swap file and give the remainder (mount point /) to the native Linux partition. There are a number of reasons not to do this however. If a process fills the drive, the system will crash. Try to allocate a good portion to /usr, another portion to /var and another to /home, with the remainder to /. How much you assign depends on your needs. You may wish to have a dos fat partition as well. Up to you. Use fdisk or disk druid to set up the partitions. Both are straightforward and easy to use.(fdisk is not like the dos fdisk by the way)

At the end of the question and answer period, you will be presented with a list of packages to install. Typically, you will only need the C and C++ libraries, anonymous ftp, extra documentation and the Linux kernel source tree. The kernel source can be obtained by selecting individual packages, then marking the kernel packages for install. When it prompts you for services to turn on at boot, be sure to turn on routed and turn off sendmail (unless you plan to use Linux as a mail proxy which I will not cover here).

Now you are done - it will prompt you to reboot the machine. Once the machine is up normally, you can type "reboot" at the prompt, or "halt" to shut the machine down. Never just power off the machine. The filesystem could get trashed. Use a UPS!

After the machine reboots, you will see a string of messages, then you should be presented with a name and password prompt. The name is root and the password is the one you chose during install. Don't write it down, and don't forget it!

You may wish to create a new user account for poking around the system. I will require you to be root for all configuration, and as a dedicated router, you really only need the one user account.

Now, to take advantage of various abilities, you will need to follow the steps on the following pages.....(then come back here and continue). You may skip number one (building kernel) for ip_masquerade if you are running 2.0.36 (Red Hat 5.2).

Build a new kernel (the core of the operating system)
Get PPP working
Get ip_masquerade working

After you have followed the instructions on the links above, you may also wish to set up a firewall, or use diald to automatically dial to your ISP when users need connectivity. Since this setup is for a small office, I will have you "cron" the dial-up and disconnect. You are welcome to use diald instead.

Since this is a small office, you have set business hours, say 9 to 5. Some users come in early and others stay late. So, you may wish to set it up so that the internet connection is up from 7:30am to 7:30pm Monday through Friday.

To do this is relatively simple in Unix. I am assuming that you have PPP working properly, by executing /etc/ppp/ppp-on. Test this by typing one of the following:

cd /etc/ppp ; ./ppp-on
/etc/ppp/ppp-on

The modem should dial normally and connect.

First - log in as root. Type in
crontab -l > crontab (that letter is an "L" not a "one"......)

Now there will be a file in your present directory called "crontab". Type "vi crontab".

The document will probably be blank. Append the following:

# Format of lines:
# min hour daymo month daywk cmd
30 7 * * 1-5 /etc/ppp/ppp-on
30 19 * * 1-5 /etc/ppp/ppp-off
0 8 * 1-5 /usr/bin/rdate -p -s apublic.timeserver.com > /dev/null

This just says at 7:30am, Monday - Friday execute ppp-on to dial up the ISP, then at 7:30pm, shut it down. You can enter in your own values. 0-6 would be Sunday through Saturday. You can also enter comma delimited numbers, like 1,2,4 (Monday, Tuesday, Thursday).

The last line (optional!) keeps the clock synchronized - ask your ISP if they have a time server available.

Now save the document (ZZ), and type "crontab crontab" which will put the cron job in memory and execute it at the appropriate time. It is important for your machine to always be running, and to always have the correct time. rdate will keep your Linux clock right on track. This app uses the time protocol to contact a master clock and keep your system up to date with the atomic clock. Using a daemon like xntpd, clients could also point to the Linux box for their time, keeping the entire network synchronized.

Now that you have everything configured and working properly on the Linux box, it is time to set up a client machine. I am assuming that your Linux Ethernet card is set up as 172.16.50.1 with a netmask of 255.255.255.0. This is a fake class B network block, subnetted down to be a class C. You could also use 192.168.0.x or 10.x.x.x. I don't recommend the 192 block, since diald uses those addresses to form a proxy to your isp.

Client Side

Go to a client machine, and set up their networking as follows:

IP	172.16.50.x	Any number from 2 to 254 - pick one, and keep a record!
GATEWAY	172.16.50.1
DNS	Your ISP's DNS Servers	you could also set up DNS on the Linux box, which is preferred.

Reboot the client machine and try to ping 172.16.50.1.

If it works, then try to ping your ISP's web server (make sure ppp is up!) . If that works, then you are on track.
Now try to ping a known host like www.perl.com or www.sendmail.org. Don't ping Zen Data...we don't allow ICMP.
If it doesn't work, go back and check each of your configuration files. Make sure the Linux box is dialed up and connected to the net. Check all of your hardware, and try another client. Failing all of this, try the newsgroups.

This concludes the small office setup. Your clients can now surf, use email, IRC, ftp or even play quake through the masquerade. A little work, and you have a packet filtering, IP masquerade Linux router for the cost of some old hardware and a single, perhaps free copy of Linux.

You may want to use the Linux box as an internal ftp site, print server, DNS or even a file server. Printing is beyond the scope of this set of documents, but samba will get you rolling as a Windows 9x file server.