Home Network Setup, Part 2

Ok,

This is the second part of my guide on a home network setup. If you’ve only just dropped in I’d recommend you have a quick read over Part 1 . Throughout this guide I’ve exclusively used CentOS4 and I’ve assumed it’s a basic clean install.

I cover the following topics in this part:

  • ADSL Setup
  • DHCP Server Setup
  • NAT Setup
  • Caching DNS Server Setup


ADSL Setup
First off, we SSH into Dione and setup the DSL connection. Obviously your setup will vary moderately so use your best judgement:

[root@dione root]# adsl-setup

Welcome to the ADSL client setup. First, I will run some checks on
your system to make sure the PPPoE client is installed properly…

LOGIN NAME

Enter your Login Name (default root): seekbrain

INTERFACE

Enter the Ethernet interface connected to the ADSL modem
For Solaris, this is likely to be something like /dev/hme0.
For Linux, it will be ethX, where ‘X’ is a number.
(default eth0): eth1

Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds
after which the link should be dropped. If you want the link to
stay up permanently, enter ‘no’ (two letters, lower-case.)
NOTE: Demand-activated links do not interact well with dynamic IP
addresses. You may have some problems with demand-activated links.
Enter the demand value (default no): no

DNS

Please enter the IP address of your ISP’s primary DNS server.
If your ISP claims that ‘the server will provide dynamic DNS addresses’,
enter ‘server’ (all lower-case) here.
If you just press enter, I will assume you know what you are
doing and not modify your DNS setup.
Enter the DNS information here: 203.0.178.191
Please enter the IP address of your ISP’s secondary DNS server.
If you just press enter, I will assume there is only one DNS server.
Enter the secondary DNS server address here:

PASSWORD

Please enter your Password:
Please re-enter your Password:

USERCTRL

Please enter ‘yes’ (two letters, lower-case.) if you want to allow
normal user to start or stop DSL connection (default yes): yes

FIREWALLING

Please choose the firewall rules to use. Note that these rules are
very basic. You are strongly encouraged to use a more sophisticated
firewall setup; however, these will provide basic security. If you
are running any servers on your machine, you must choose ‘NONE’ and
set up firewalling yourself. Otherwise, the firewall rules will deny
access to all standard servers like Web, e-mail, ftp, etc. If you
are using SSH, the rules will block outgoing SSH connections which
allocate a privileged source port.

The firewall choices are:
0 – NONE: This script will not set any firewall rules. You are responsible
for ensuring the security of your machine. You are STRONGLY
recommended to use some kind of firewall rules.
1 – STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 – MASQUERADE: Appropriate for a machine acting as an Internet gateway
for a LAN
Choose a type of firewall (0-2): 2

Start this connection at boot time

Do you want to start this connection at boot time?
Please enter no or yes (default no):yes

** Summary of what you entered **

Ethernet Interface: eth1
User name: seekbrain
Activate-on-demand: No
Primary DNS: 203.0.178.191
Firewalling: MASQUERADE
User Control: yes
Accept these settings and adjust configuration files (y/n)? y
Adjusting /etc/sysconfig/network-scripts/ifcfg-ppp0
Adjusting /etc/resolv.conf
Adjusting /etc/ppp/chap-secrets and /etc/ppp/pap-secrets
(But first backing it up to /etc/ppp/chap-secrets.bak)
(But first backing it up to /etc/ppp/pap-secrets.bak)

Congratulations, it should be all set up!

Type ‘/sbin/ifup ppp0’ to bring up your xDSL link and ‘/sbin/ifdown ppp0’
to bring it down.
Type ‘/sbin/adsl-status /etc/sysconfig/network-scripts/ifcfg-ppp0’
to see the link status.

[root@dione root]#

Now we have our PPP connection setup. You should be able to run ifup ppp0 and then proceed to ping a common website like google.com to ensure connectivity isn’t a problem.

[root@dione ~]# ping google.com.au
PING google.com.au (216.239.39.104) 56(84) bytes of data.
64 bytes from 216.239.39.104: icmp_seq=0 ttl=241 time=1276 ms
64 bytes from 216.239.39.104: icmp_seq=1 ttl=241 time=1210 ms
64 bytes from 216.239.39.104: icmp_seq=2 ttl=241 time=1142 ms

— google.com.au ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 1142.934/1210.112/1276.995/54.745 ms, pipe 2
[root@dione ~]#

DHCP Server setup

The next thing you probably want to do is allow your normal client machines to automatically pick up their own IP addresses. This is handled by the ISC DHCP daemon. Firstly, we need to install the DHCP server via yum (which we can access now that we have internet access):

[root@dione ~]# yum install dhcp
Setting up Install Process
Setting up repositories
update 100% |=========================| 951 B 00:00
base 100% |=========================| 1.1 kB 00:00
addons 100% |=========================| 951 B 00:00
extras 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
–> Populating transaction set with selected packages. Please wait.
—> Downloading header for dhcp to pack into transaction set.
dhcp-3.0.1-12_EL.centos4. 100% |=========================| 17 kB 00:00
—> Package dhcp.i386 7:3.0.1-12_EL.centos4 set to be updated
–> Running transaction check

Dependencies Resolved

=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
dhcp i386 7:3.0.1-12_EL.centos4 base 567 k

Transaction Summary
=============================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 567 k
Is this ok [y/N]: y
Downloading Packages:
(1/1): dhcp-3.0.1-12_EL.c 100% |=========================| 567 kB 00:04
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: dhcp ######################### [1/1]

Installed: dhcp.i386 7:3.0.1-12_EL.centos4
Complete!
[root@dione ~]#

Next we need to actually SETUP the dhcp server with the appropriate configuration to hand out IP addresses. My /etc/dhcpd.conf file looks like this:

ddns-update-style interim;
ignore client-updates;

subnet 192.168.128.0 netmask 255.255.255.0 {
range dynamic-bootp 192.168.128.25 192.168.128.50;
option subnet-mask 255.255.255.0;
option routers 192.168.128.1;
range 192.168.128.245 192.168.128.254;
option domain-name-servers 192.168.128.4, 192.168.128.1;
}

This basically says that the DHCP server lives on the 192.168.128.0/24 subnet, we are to hand out .128.245 -> 128.254 to non-PXEBoot clients and .128.25 -> 128.50 to PXEBoot clients. It also defines that 128.1 is the router & we have 2 DNS servers which I’ve set to the master/slave setup as defined in Part 1.

I then setup dhcp to start at boot time and started it:

[root@dione ~]# chkconfig –level 345 dhcpd on
[root@dione ~]# service dhcpd start
Starting dhcpd: [ OK ]
[root@dione ~]#

So now you’ve got a live internet connection & machines on your network can automatically get their own IP addresses. Now we need to share internet access.

Internet Sharing (aka NAT)

Setting up basic internet sharing is a fairly easy process.

First we add iptables rules for our private subnet:

[root@dione ~]# iptables -t nat -A POSTROUTING -s 192.168.128.0/255.255.255.0 -o ppp0 -j MASQUERADE
[root@dione ~]# service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
[root@dione ~]#

Next we need to modify /etc/sysctl.conf and enable ip_forward. Consequently, you’ll need to add the following line to /etc/sysctl.conf:

net.ipv4.ip_forward = 1

Then run sysctl -p to reload the sysctl.conf file. 🙂

Caching DNS Server Setup

Now that you’ve got internet sharing up and running & your clients are receiving automatic IP allocations it’s time to setup a caching nameserver so that your clients don’t have to wait for DNS resolution for multiple occurances of the same domain name.

This is easy as well simply by installing the appropriate RPM via yum:

[root@dione etc]# yum install caching-nameserver
Setting up Install Process
Setting up repositories
update 100% |=========================| 951 B 00:00
base 100% |=========================| 1.1 kB 00:00
addons 100% |=========================| 951 B 00:00
extras 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
–> Populating transaction set with selected packages. Please wait.
—> Package caching-nameserver.noarch 0:7.3-3 set to be updated
–> Running transaction check

Dependencies Resolved

=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
caching-nameserver noarch 7.3-3 base 22 k

Transaction Summary
=============================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 22 k
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: caching-nameserver ######################### [1/1]

Installed: caching-nameserver.noarch 0:7.3-3
Complete!
[root@dione etc]#

Now we need to make sure the DNS server is set to start automatically and start it at the same time:

[root@dione etc]# chkconfig –level 345 named on
[root@dione etc]# service named start
Starting named: [ OK ]
[root@dione etc]#

Now you should be able to do a local DNS lookup:

[root@dione ~]# host google.com.au localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:

google.com.au has address 216.239.57.104
google.com.au has address 216.239.59.104
google.com.au has address 216.239.39.104
[root@dione ~]#

Well that about wraps it up for now. You should now be have a basic internet sharing server. I’ll continue explaining the ins and outs of all the objectives over the next few updates.

Until next time, have fun! 🙂

Stuart