fli4l.de

Mini-Howto for substituting multiple NICs & crossover cable for a hub

Foreword
Part 1: Configuration for ISDN
    Choosing network card drivers
    Defining networks
    Setting up masquerading
    Domain configuration
Part 2: Differences when using DSL
Part 3: Client setup
Part 4: Particularities for Windows Networks

Foreword:

In general, this setup is useful only for small networks, due to limited expantion slots and available IRQ resources of PC hardware. If you are planning on building a large network, or will be adding more clients in the future, it is a good idea to think about getting a hub (or even better, a switch) right at the beginning. This is no longer such an expensive option and has the additional benefit of being able to mix 10 & 100MBit clients with fewer problems. While being a lot easier to set up, a hub/switch has the additional advantage, that in the end, it does not leave you with a pile of NICs you do not actually need. You must also consider that all of the clients also require NICs. However, a good reason for this setup is the possibility of mixing TP and BNC connections, turning your Fli4l router into a cheap media converter.

On to the things we will need:

as many NICs as clients within the network (+1 if using DSL), preferably of the same model, so only one driver is necessary.
a Fli4l Host with enough spare isa/pci sockets for the NICs
a crossover cable for each client in the network

In this example, I will be using cheap Realtek 8139 based NICs. Many noname PCI NICs come equipped with this chip at a price of about 10 EUR, making it an affordable 10/100MBit solution. They are avoided for mission-critical networks, but should be fine for home use. A few notes about using different NICs will, however, also be given. The following example is for 3 computers, namely the Fli4l router and 2 clients.

top

Part 1: Configuration for ISDN

I wont go through the general setup of an ISDN router, as it is sufficiently covered in the main documentation.

Choosing network card drivers:

#------------------------------------------------------------------------------
# Ethernet card drivers:
# uncomment your ethernet card
#------------------------------------------------------------------------------
ETH_DRV_N='1'                   # number of ethernet drivers to load, usually 1
ETH_DRV_1='rtl8139'             # PCI: RealTek 8129/8139 (not 8019/8029!) PCI
ETH_DRV_1_OPTION=''             # additional option, e.g. 'io=0x340' for ne

Although we have 2 NICs installed, we only need to load one driver because they are identical. Generally, the Realtek 8139 PCI should need no options passed to it, as all adresses will be configured by BIOS.

In the case that different network cards will be used, it is necessary to load a seperate driver for each different card type. Example:

ETH_DRV_N='2'                   # number of ethernet drivers to load, usually 1
ETH_DRV_1='rtl8139'             # PCI: RealTek 8129/8139 (not 8019/8029!) PCI
ETH_DRV_1_OPTION=''             # additional option, e.g. 'io=0x340' for ne
ETH_DRV_2='8390 ne'             # ISA: NE2000 ISA clone
ETH_DRV_2_OPTION='io=0x220'     # additional option, e.g. 'io=0x340' for ne

In this example we are using one or more Realtek 8139 based cards and an ISA NE2000 clone. It is necessary to load a new driver for each different model card added. You can learn more about using different cards and drivers in the Fli4l documentation, section 2.3.

The cards will be bound to ethx devices in the given order, whereas with identical cards the driver sorts the cards at its own discretion. In this case you should ping clients from the router and play around with the cables until you identify which card is which. Example: connect the cable from client 192.168.1.2 to several network cards in the router while continually attempting to ping 192.168.1.2, until you get an answer. Then continue in this manner until you have identified the clients for the remaining cards.

Defining networks:

#------------------------------------------------------------------------------
# Ether networks used with IP protocol:
#------------------------------------------------------------------------------
IP_ETH_N='2'                        # number of ip ethernet networks, usually 1
IP_ETH_1_NAME=''                    # optional: other device name than ethX
IP_ETH_1_IPADDR='192.168.1.1'       # IP Address of the router NIC within the 1st network
IP_ETH_1_NETWORK='192.168.1.0'      # first network
IP_ETH_1_NETMASK='255.255.255.0'    # subnet mask, same for all
IP_ETH_2_NAME=''
IP_ETH_2_IPADDR='192.168.2.1'       # IP Adresse of the router NIC within the 2nd network
IP_ETH_2_NETWORK='192.168.2.0'      # second network
IP_ETH_2_NETMASK='255.255.255.0'
# and so on:
#IP_ETH_3_NAME=''
#IP_ETH_3_IPADDR='192.168.3.1'
#IP_ETH_3_NETWORK='192.168.3.0'     # 3rd network
#IP_ETH_3_NETMASK='255.255.255.0'
#IP_ETH_4_NAME=''
#IP_ETH_4_IPADDR='192.168.4.1'
#IP_ETH_4_NETWORK='192.168.4.0'     # 4th network 
#IP_ETH_4_NETMASK='255.255.255.0'

Setting up masquerading:

#------------------------------------------------------------------------------
# Masquerading:
#------------------------------------------------------------------------------
MASQ_NETWORK='192.168.0.0/16'       # networks to masquerade (e.g. our LAN)
# the modules, depending on which you will need...

In this case all networks are masqueraded and the firewall rules stay simple. If you want though, each network can be specified seperately as in the next example (for some users, this seems to work better):

MASQ_NETWORK='192.168.1.0/24 192.168.2.0/24'

If, however, ISDN is used to connect to another 192.168.x network (e.g. company network) you have to masquerade the networks separately.

Domain configuration:

HOSTS_N='3'                         # number of hosts in your domain
HOST_1='192.168.1.1 fli4l'          # fli4l (first NIC)
HOST_2='192.168.1.2 client1'        # first client
HOST_3='192.168.2.2 client2'        # second client
# and so on:
HOST_4='192.168.3.2 client3'
HOST_5='192.168.4.2 client4'

top

Part 2: Differences when using DSL

When using DSL, the ISDN card is of course unnecessary, in its place an additional NIC will be installed. However, you do not need to define a network or an IP adress for this card , because it uses the PPPoE protocol to communicate with the DSL box.

The configuration for 2 clients and a router is as follows:

The settings for the NIC drivers stays the same, as long as another card type has not been added, in which case another driver must be loaded. It is a good idea to use an old 10MBit card for this purpose if one is available to save some money, as the connection to the DSL box will only be at this speed. Network settings, subnets, etc, are - as explained - not necessary for this card.

Although you might want to change the variable PPPOE_ETH:

#------------------------------------------------------------------------------
# Optional package: PPPoE
#------------------------------------------------------------------------------
OPT_PPPOE='yes'                 # use ppp over ethernet: yes or no
PPPOE_NAME='T-DSL'              # circuit name, don't write spaces
PPPOE_ETH='eth2'                # eth card connected to ADSL modem, e.g. 2nd

The variable 'eth' indicates the NIC used for the connection to the DSL box. NICs are allocated ethx numbers in the order the drivers are loaded, and you can control this to a degree as described above. Remember, under Linux eth0 is the first card. Personally, I used the last NIC for this because it is the simplest method. When you are using multiple identical NICs it is irrelevant which card you use. It is however relevant when you have selected a specific card for the DSL connection, for example when you want to use 100MBit NICs for the client connections, and a 10MBit for the DSL connection. In this case the ETH_x_NAME can be explicitly specified above.

top

Part 3: Client setup

Client1:

IP: 192.168.1.2
Subnetz: 255.255.255.0
Hostname: client1
DNS-Server: 192.168.1.1
Gateway: 192.168.1.1

Client2:

IP: 192.168.2.2
Subnetz: 255.255.255.0
Hostname: client2
DNS-Server: 192.168.1.1
Gateway: 192.168.2.1

top

Part 4: Particularities using Windows Networks:

The current Fli4l version 2.0.x has the additional option to allow forwarding of NetBIOS ports between networks. This allows using file and printer shares between the Windows computers on the internal network, while still protecting them from external access.

#------------------------------------------------------------------------------
# Routing: ports to reject/deny forwarding (from inside and outside!)
#------------------------------------------------------------------------------
FORWARD_DENY_PORT_N='1'                  # no. of ports to reject/deny forwarding
FORWARD_DENY_PORT_1='137:139    REJECT'  # deny/reject forwarding of netbios
FORWARD_TRUSTED_NETS='192.168.1.0/24 192.168.2.0/24' # but allow forwarding beetween LANs

It is imperative to use the current version of Fli4l, as the previous 1.6.x versions did not offer the FORWARD_TRUSTED_NETS option and thus when NetBIOS was used for internal sharing between the subnets, it was also available from the internet - an enormous security risk.

Due to the fact, that the router will not forward the broadcasts used in connection with the Windows Network Neighborhood, available clients will not show up in your Network Neighborhood folder.

There are 2 solutions to this problem:

1) Create the "LMHOSTS" file on each client. Each version of Windows already has an example for this file included by default, called "lmhosts.sam" which can be found in the Windows directory itself or a subdirectory. It contains a commented sample configuration, which will serve as a starter for creating your own. Afterwards, the file has to be saved as "LMHOSTS". If there are still no clients visible in the Network Neighborhood, the protocol NetBEUI should be installed.

or:

2) Use Fli4l as DHCP and WINS server. The DHCP server which is part of OPT_DHCP makes it unnecessary to configure the clients with individual IP, etc. settings. The WINS server (nmbd) is part of OPT_SAMBA. Details on configuring these servers are to be found in their respective documentations. Security-conscious users might have second thougths about installing Samba on an internet router, though.

For further questions on the Windows Networking part of this howto, please refer to Arno Behrends.

top

Well, things should hopefully be working by now :-). Have fun.

If there are any questions, mistakes or comments, feel free to email me , Karsten Winkelmann. If, after thoroughly studying this howto, the documentation and mailing list archives you still have questions, I will be glad to help. Credit for the english version of this document goes to Leon White.

Click here to print this page.