How to make small home network with Slackware.

 l!nux  Comments Off on How to make small home network with Slackware.
Jun 072011
 
Small Home Network

Small Home Network

Let’s assume, you have one real IP address given by your ISP and half dozen computers  (like me, hehe 😉 )

You can hold all you machines behind a Linux box equipped with 2 networks cards. The box is capable of translating your local network addresses and to mask them behind your real IP address. This process is called Network Address Translation (NAT) and Masquerading.

To setup a small home network as the one in the diagram in left, you need some tools. All of them are built in Slackware if you made full installation.

If you are not, you will have to put them manually. All of them are placed in category N of your Slackware installation disk or FTP, but you probably already have them. Check if you have the following commands: ifconfig and iptables.

bash-4.1# which ifconfig
/sbin/ifconfig
bash-4.1# which iptables
/usr/sbin/iptables
bash-4.1#

Everything you need can be done with them. It’s not hard at all. You need to set the real IP address to eth1 and an address from a private network to eth0. It looks like this:

root@router:~# ifconfig eth1 55.66.77.88/24 up
root@router:~# ifconfig eth0 172.16.1.1/24 up
root@router:~# ifconfig 
eth0      Link encap:Ethernet  HWaddr 00:14:C2:C8:F7:2D  
          inet addr:172.16.1.1  Bcast:172.16.1.255  Mask:255.255.255.0
...
eth1      Link encap:Ethernet  HWaddr 00:30:84:0A:6B:5C  
          inet addr:55.66.77.88  Bcast:55.66.77.255  Mask:255.255.255.0
...

The address shown in red here is of course … fake. Use your own real IP address on eth1. You may set the local PCs on your network to use addresses of the range 172.16.1.2 to 172.16.1.254 with default gateway 172.16.1.1 and the same DNS settings your ISP has given you. If you don’t know what they are, have a look in the file /etc/resolv.conf or in your Windows control panel under Network settings (or use ipconfig /all from Windows cmd). Check from your other computers if you can ping 172.16.1.1. If this is okay, we move forward to the masquerading itself.

root@router:~# iptables -t nat -P PREROUTING ACCEPT
root@router:~# iptables -t nat -P OUTPUT ACCEPT
root@router:~# iptables -t nat -P POSTROUTING ACCEPT
root@router:~# iptables -t nat -F
root@router:~# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
root@router:~# echo 1 > /proc/sys/net/ipv4/ip_forward
...
root@router:~# ssh root@172.16.1.13
password:
root@Desktop:~# ping www.google.com
PING www.l.google.com (209.85.149.104) 56(84) bytes of data.
64 bytes from ber01s02-in-f104.1e100.net (209.85.149.104): icmp_req=1 ttl=56 time=50.6 ms
64 bytes from ber01s02-in-f104.1e100.net (209.85.149.104): icmp_req=2 ttl=56 time=51.2 ms
64 bytes from ber01s02-in-f104.1e100.net (209.85.149.104): icmp_req=3 ttl=56 time=50.7 ms
64 bytes from ber01s02-in-f104.1e100.net (209.85.149.104): icmp_req=4 ttl=56 time=51.1 ms
^C
--- www.l.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 50.656/50.967/51.268/0.309 ms
root@Desktop:~#

The above explained. We create an IP table named “nat” to accept pre/post routing and output rules. Flush the table. Set the postrouting to use as output interface eth1 and masquerade all IP addresses as the real IP on this interface. Then set the dynamic Kernel parameter for IP forwarding to true and login to one of the local machines in this network we created to check if it worked. That’s it. Job is done. Of course, you need to set everything to go up in boot time, if this is to be made the right way. First set the Ethernet cards in /etc/rc.d/rc.inet1.conf to point those addresses:

IPADDR[0]="172.16.1.1"
NETMASK[0]="255.255.255.0"

# Config information for eth1:
IPADDR[1]="55.66.77.88"
NETMASK[1]="255.255.255.0"

# Default gateway IP address:
GATEWAY="55.66.77.1"

Change the red address to your real default gateway IP given by your ISP. The other thing we need is all those IP tables to be executed in run time. Either make additional script or just add them last to the rc.local.

root@router:/etc# echo -e "\n# Start networking" >> /etc/rc.local
root@router:/etc# cat >> rc.local
echo "Starting masquerade ..."
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

This will do the job on every startup.

 Posted by at 5:36 pm

How to make passwordless sudo in Slackware.

 l!nux  2 Responses »
Jun 062011
 

You probably already know or heard me saying “I do not recommend doing this!“. At least Do not do it if you are not sure your machine is safe. Even a friend of yours can get drunk and make you a bad prank if he knows he can sudo in your machine and remove your root directory. It takes a single command.

sudo rm -rf /

If you still need to make passwordless sudo for some reason, there are few things you must set.

Create a user if you don’t have it yet. It takes pressing [enter] about 10 times. Choose a good password. It is important. This user will be able to wreak havoc in your machine.

bash-4.1# adduser baduser
Login name for new user: baduser
User ID ('UID') [ defaults to next available ]:
Initial group [ users ]:
...
...
...
Changing password for baduser
Enter the new password (minimum of 5 characters)
Please use a combination of upper and lower case letters and numbers.
New password: AhBlahBlah123456
Re-enter new password: AhBlahBlah123456
passwd: password changed.

Account setup complete.
bash-4.1#


Edit /etc/sudoers and /etc/group. Add this bad user to group wheel and uncomment the unsafe passwordless sudo in the sudoers. There. You are set. Let’s try if it works:

baduser@sandbox:~$ sudo touch /etc/test.txt
baduser@sandbox:~$ sudo echo "Machine exploited by baduser" > /etc/test.txt
 Posted by at 10:20 am

How to enable jumbo frames in Slackware

 l!nux  2 Responses »
Jun 032011
 

What is a Jumbo Frame and why should you enable it when they will go fragmented over the Internet? First of all, in small local 1G networks it has quite a good impact on performance. Especially on multimedia over IP. And Second – it’s quite good on file transfer too. It takes less overhead and more real payload when Jumbo frames are enabled even on your own local home network (I have 7.5 PCs in my home. One behind the TV. One holds the internet connection and protects the others. One holds all my files with a Samba sharing. Other keeps live backup of my blog. One heavy game PC. One Linux sand-box for experiments. One UMPC. And one Android smartphone.) So it will not affect performance if both my TV PC plays a movie directly from the Samba and I am uploading a backup of my Blog, while a uTorrent session on the game PC is downloading the files over the Samba. All 3 in parallel.

Good enough?

First of all. You must have Jumbo frames enabled in Kernel. Second. You must check if your NIC is high MTU capable (MTU = Max Transfer Unit) with ifconfig. If it’s unable, you will see error message. I have a 4 NIC PC for experiments with old classic RTL8139 chip. They don’t do the job at all:

bash-4.1# lspci | grep [Ee]ther
01:01.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
01:02.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
01:03.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
01:04.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
bash-4.1# ifconfig eth3 mtu 512
bash-4.1# ifconfig eth3 mtu 4000
SIOCSIFMTU: Invalid argument
bash-4.1# ifconfig eth3 mtu 9000
SIOCSIFMTU: Invalid argument
bash-4.1#

Not going to help me at all. So I switch to the more potent machine on my work desk.

root@router:~# lspci | grep [Ee]ther
0c:00.0 Ethernet controller: D-Link System Inc Gigabit Ethernet Adapter (rev 11)
0c:01.0 Ethernet controller: D-Link System Inc Gigabit Ethernet Adapter (rev 11)
root@router:~#

For this test I am using one Telco Systems network unit in the Laboratory where I work to generate traffic of 5 Mbits/s over a linux  bridged connection. Obviously, the bridged connection over the Lab PC is not allowing Jumbo frames. PDU sizes of 2000 and 9000 bytes, do not pass.

----------------------------------------------------------------
|  Size  | Successful rate | Net Successful rate |  Frame-loss |
+--------+-----------------+---------------------+-------------+
|    64  |      5000Kbps   |        3809Kbps     |     0.000 % |
|   128  |      5000Kbps   |        4324Kbps     |     0.000 % |
|   256  |      5000Kbps   |        4637Kbps     |     0.000 % |
|   512  |      5000Kbps   |        4812Kbps     |     0.000 % |
|  1024  |      5000Kbps   |        4904Kbps     |     0.000 % |
|  1280  |      5000Kbps   |        4923Kbps     |     0.000 % |
|  1518  |      5000Kbps   |        4934Kbps     |     0.000 % |
|  2000  |         0Kbps   |           0Kbps     |   100.000 % |
|  9000  |         0Kbps   |           0Kbps     |   100.000 % |
+--------+-----------------+---------------------+-------------+

----------------------------------------------------------------
|  Size  |    Min Delay    |    Avg Delay    |    Max Delay    |
+--------+-----------------+-----------------+-----------------+
|    64  |       77.312 us |       79.037 us |      166.400 us |
|   128  |      102.912 us |      104.884 us |      255.488 us |
|   256  |      154.624 us |      156.385 us |      197.632 us |
|   512  |      249.856 us |      251.178 us |      501.248 us |
|  1024  |      432.128 us |      433.554 us |      444.416 us |
|  1280  |      523.264 us |      524.655 us |      649.728 us |
|  1518  |      607.744 us |      609.398 us |      635.904 us |
|  2000  |        0.000 us |        0.000 us |        0.000 us |
|  9000  |        0.000 us |        0.000 us |        0.000 us |
+--------+-----------------+-----------------+-----------------+

And this is what happened when I issued the commands

ifconfig eth0 mtu 9000
ifconfig eth1 mtu 9000
...
...
----------------------------------------------------------------
|  Size  | Successful rate | Net Successful rate |  Frame-loss |
+--------+-----------------+---------------------+-------------+
|    64  |      5000Kbps   |        3809Kbps     |     0.000 % |
|   128  |      5000Kbps   |        4324Kbps     |     0.000 % |
|   256  |      5000Kbps   |        4637Kbps     |     0.000 % |
|   512  |      5000Kbps   |        4812Kbps     |     0.000 % |
|  1024  |      5000Kbps   |        4904Kbps     |     0.000 % |
|  1280  |      5000Kbps   |        4923Kbps     |     0.000 % |
|  1518  |      5000Kbps   |        4934Kbps     |     0.147 % |
|  2000  |      5000Kbps   |        4950Kbps     |     0.000 % |
|  9000  |      5000Kbps   |        4988Kbps     |     0.000 % |
+--------+-----------------+---------------------+-------------+

----------------------------------------------------------------
|  Size  |    Min Delay    |    Avg Delay    |    Max Delay    |
+--------+-----------------+-----------------+-----------------+
|    64  |       14.336 us |       14.401 us |       14.848 us |
|   128  |       15.872 us |       16.723 us |       17.408 us |
|   256  |       19.456 us |       20.703 us |       22.016 us |
|   512  |       28.672 us |       28.686 us |       29.184 us |
|  1024  |       43.520 us |       44.229 us |       44.544 us |
|  1280  |       51.712 us |       52.437 us |       53.248 us |
|  1518  |       58.880 us |       59.927 us |       60.928 us |
|  2000  |       74.240 us |       74.844 us |       75.264 us |
|  9000  |      293.888 us |      294.365 us |      294.912 us |
+--------+-----------------+-----------------+-----------------+

So It actually works, but not with my cheap NICs in home. The RTL family is quite good, but the good models with faster chip are a bit expensive for my home networks. If you want the MTU set on startup, there are 2 ways. First one, you add lines like this in /etc/rc.d/rc.inet1.conf:

# Config information for eth0:
IPADDR[0]="172.16.1.1"
NETMASK[0]="255.255.255.0"
USE_DHCP[0]=""
DHCP_HOSTNAME[1]=""
MTU[0]="9000"
# Config information for eth1:
IPADDR[1]="10.1.1.1"
NETMASK[1]="255.255.255.0"
USE_DHCP[1]=""
DHCP_HOSTNAME[1]=""
MTU[1]="9000"

Anyone giving away his “old” gigabit cards? 😉

 Posted by at 2:38 pm
 Older Entries  Newer Entries