openSUSE ICS: Internet Connection Sharing (Linux IP Masquerading) with Suse or Windows Servers
Keywords: Suse, openSUSE, Windows, ICS, Internet Connection Sharing, server, NAT, IP masquerading, network, LAN, crossover
You have an Internet connection to a single workstation and want to connect one more additional workstations to the Internet without using a fully fledged router setup. With Internet Connection Sharing your active workstation becomes the server for a small LAN. The LAN can be as small as a single extra workstation connected by a single crossover cable to the server or it can be larger with the server connected to all the other workstations via a network switch.
This tutorial is not about connecting the Internet to the machine that forms the ICS server. You do that first. It's about relaying the working Internet connection from the server to other machines, using Network Address Translation (as Microsoft describes the process) or IP Masquerading (as Linux describes the same process).
This tutorial is in four simple parts, one part describing the configuration of each of the possible Windows or openSUSE servers or clients. There are various ways to organise the IP addressing but i will use fixed IP addressing here just to keep the tutorial short; automatic addressing will work but it can also have occasional glitches, so I avoid it here. Here, then, are the parts which you can mix and match according to your needs:
Network Interfaces in the Server: The server needs two network connections. One will connect the Internet to the server via perhaps a dial up or broadband modem or some other device that might require a network card, dial up adapter, usb linkage or whatever is required to lead the Internet into the server. A prerequisite for this tutorial is that the server, running either Windows or openSUSE, has a pre-existing working Internet connection. The server also requires a free, unused network connection of the conventional wired ethernet type.
Connecting the Server and the Client/s: If you have one client only, you can connect it to the server with a "crossover" cable running between the ethernet cards in the workstations. If you have more than two clients, connect them and the server as a LAN through an ethernet switch.
Choosing the LAN Subnet: The IP address associated with the Internet connection on the server is fixed by your ISP. You generally can't have two network devices on the same subnet in the server, so you must choose a subnet for your network of attached computers that is different from the subnet associated with the Internet connection. When your server is a Windows machine, windows will initially automatically apply the address 192.168.0.1/255.255.255.0 to the second network device in the server. By default and through ignorance that tends to become the default address of the gateway in the ICS server. Note that you are not obliged to accept that address for the gateway and can change it to any sensible private subnet. I will use 192.168.5.100 for the IP address of the gateway in this tutorial just to illustrate that the widespread belief that one must use 192.168.0.1 is a myth.
↑↑↑↑Windows Server: The illustrations are from Windows XP with broadband wireless Internet installed. Locate and reconfigure the network interface for the Internet connection: GoTo Control Panel --> Network Connections and R-click the icon for the Internet connection --> Properties --> and select the Advanced tab. There activate the check box to "Allow other network users to connect through this computer's network connection". Screenshot #1
There's also a checkbox to "allow other users to control or disable the shared Internet connection". That's for windows clients to open or close the connection in the server remotely. I leave that unchecked because I don't know how it will react from a Linux client. You can experiment and E-mail me the results if you like.
You lock the setting in by clicking the OK button. That will open a warning panel (see Screenshot #2) informing you that the IP address of the network interface in the windows server will be set to 192.168.0.1 and like it or not you must adjust your client computers to fit in with that address as the Internet gateway. Well as you will see you can alter the IP addressing to suit yourself. For now just click the "Yes" button on the panel to temporarily accept the IP address of 192.168.0.1.
You now check that the network interface to the LAN has been correctly configured. Once again open Control Panel --> Network Connections and R-click the icon for the other network connection. Select "Properties" and then under the "General" tab you highlight "Internet Protocol (TCP/IP)" and open the "Properties" button. That should reveal the settings automatically installed for the second network card by the Windows ICS scripting. There should be no DNS server addresses and the card should have the fixed IP address of 192.168.0.1/255.255.155.0 as in Screenshot #3.
As I mentioned before, you are not obliged to accept this subnet and can change the addressing to suit yourself. For example in this tutorial we will change the gateway address to 192.168.5.100. That has much better security implications than using the well known 192.168.0.1 address. There's an example of altered settings in Screenshot #4.
Firewalls: Windows firewall allows network traffic for ICS by dewfault. Check whether you need to adjust third party firewalls to allow ICS traffic.
↑↑↑↑openSUSE Server: The illustrations are from openSUSE 10.3. Once again it is assumed that the server has a working Internet connection and also a spare ethernet network interface which will form the gateway for client machines on the LAN. Tip: there is no need to activate IP forwarding (AKA Bridging). Tip: Don't use a network connection manager (use "traditional ifup").
There are 4 steps:
- • Assign a fixed IP address to the "gateway" network interface, e.g. 192.168.5.100
- • Assign the active Internet interface to the firewall's "External Zone"
- • Assign the gateway interface to the firewall's "Internal Zone"
- • Enable IP Masquerading
The gateway address: Open Yast --> Network devices --> Network card. Set for "traditional method with ifup" under the Global Options. Highlight the network card that will be the gateway and Configure/Edit it. Set a statically assigned IP address and enter the data for the gateway address, e.g. 192.168.5.100/255.255.255.0, as in Screenshot #5. If you have trouble activating the network card, check the tutorial on this site for installing wired network cards.
Firewall zones - internal and external: Open Yast --> Security and Users --> Firewall. IN the left panel select "Interfaces" and on the right side highlight the device that connects to the Internet. In my case it's a modem see Screenshot #6. Click the "Change" button and select "External zone" from the drop-down list of options. Next, do much the same thing for the gateway network card, in my case the "Acer Incorporated BCM4401" device but set that to the "Internal zone" see Screenshot #6
Masquerading: While still in Yast's firewall configurator, select "Masquerading" on the left panel and on the right panel simply checkmark beside "Masquerade Networks" see Screenshot #7. Then click "Next" to exit the firewall configurator.
↑↑↑↑openSUSE Client: The illustrations are from openSUSE 10.3. Open Yast --> Network Devices and the "Network Settings" panel will open. Highlight the network card as in Screenshot #8. Click to "Configure" the card and give it a static IP address as in Screenshot #9. You must use the same subnet as the gateway card. Note (in Screenshot #9) that my choice was 192.168.5.8. Use the "Next" button to lock that in and you will return to the "Network Settings" panel. Select the "Routing" tab and enter the gateway address 192.168.5.100 as in Screenshot #10. After that activate the "Hostname/DNS" tab and enter the IP addresses of the Name Servers provided by your ISP as in Screenshot #11. You can find those addresses on the web site of your service provider or in the coding in your ICS server. In Suse you open a console and enter cat /etc/resolv.conf and it should return the IP addresses. In Windows you open a Dos/System prompt and enter ipconfig/all to retrieve the information. If those fail, consult the ISP's help pages in the Internet.
Firewalls: No special settings are required of the openSUSE firewall. You will reach the Internet with the network interface assigned to either of the external or internal zones. I didn't try the DMZ.
↑↑↑↑Windows Client: The illustrations are from Windows XP. Open Control Panel --> Network Connections and R-click open the icon for your LAN network card --> select Properties and the "LAN Connection Properties" panel opens as in Screenshot #12. Highlight "Internet Protocol (TCP/IP)" and open its "Properties" panel. There you fill in the a fixed IP address consistent with the IP address of the gateway in the server (e.g. 192.168.5.2) as in Screenshot #13. You also enter the IP addresses of the gateway and of the Name Servers provided by your ISP. You can find the Name Server addresses on the web site of your service provider or in the coding in your ICS server. In Suse you open a console and enter cat /etc/resolv.conf and it should return the IP addresses. In Windows you open a Dos/System prompt and enter ipconfig/all to retrieve the information. If those fail, consult the ISP's help pages in the Internet.
Firewalls: Windows firewall allows network traffic for ICS by default. Check whether you need to adjust third party firewalls to allow ICS traffic.
Be well, enjoy
Swerdna: 02 April 08
SOHO LAN Primer
Troubleshoot Samba
Browsing Explained
Recipes for Browsing
Making File Shares
About Usershares
CIFS: Mapped Drives& Mounted Shares
Samba and Vista
SuSE Firewall
Configure Network Card
Configure Wireless Card
Configure (K)torrent
Nokia Mobile PhoneHSDPA Wireless Modem
Maxon BP3-USBBigPond NextG HSDPA
BigPond EVDO CDMA
Broadband via VMware
Apache + SSI & CGI
Windows Print Server
Suse Samba Print Server
Suse IPP Print Server
Samba File Server
Internet Connection Sharing
Mount FAT32 Read/Write
Mount NTFS Read/Write
Multiboot Windows & openSUSE with Grub
Multiboot openSUSE with Windows bootloader
Mount /home on a Separate Partition
Linux Ghost Clone
Unattended Backups& SystemRescueCD