# Adding an extra network card (for connection sharing)

## stoffe

Hello all, I have a little problem here...

My main box at home is running Gentoo on an AMD 1800 XP something something, and as far as that goes everything is fine and jolly - just the expected amount of trouble you have with computers. =)

Today, however, my school gave me a laptop, running Windows XP. I was pondering switching OS on it (I am allowed to), but that will be a later quest. For now, I would be very happy if I could  just get it to share internet (and network) with my main computer at home. I've browsed around in forums here and on google, and found some resources, such as http://gentoo-wiki.com/HOWTO_setup_a_home-server and others that seems reasonabvly easy to follow. Sharing internet connection etc with an extra NIC and a patch cable is just one checkbox away in Windows 2000 and XP, so I thought it couldn't be that much harder.

However, the part that has me stopped dead in my tracks already is the adding of an extra network card - I just can't find the info on how to do it, and all I managed to do was kill my connection... since I have hotplug, I thought it would be just to add the card and reboot, then configure interfaces... but nope. I did something like what is described here: http://gentoo-wiki.com/HOWTO_setup_a_home-server#Network-devices_working but all it did was hanging on trying to bring up eth0 via DHCP.

I don't really know where to look for logs as to what is happening, and I don't know if I've missed som magic on the way - for instance, how does the computer know which is which interface? I tried setting the internet cable in both NICs and starting up, but there was no difference. And it was a big hassle getting the connection back at all, even after resetting everything back, I had to boot over into windows for the first time in months to get DHCP to wake up again, then boot right back.

I wish I could provide more information, and more clues... but I am so confused as to where to start, so if something is unclear, could you please ask for clarifications?  :Smile: 

All I want to do is:

* Add a second NIC

* Provide network and preferably intenet access to a laptop via patch cable

(DHCP would be convenient, because that is what I use at school too).

Anybody out there that could provide any tips?

----------

## tovrstra

The network card problem

Boot your computer with both network cards. They don't need to be configured now. Make sure your kernel has drivers for both cards. Run

```
ifconfig eth0
```

and

```
ifconfig eth1
```

If you get a 

```
eth1: error fetching interface information: Device not found
```

then your kernel doesn't have any driver for one of your network cards. (I'll suppose this is not the problem.) Otherwise you'll get some info about eth0 and eth1 even if they are not configured yet. Then type

```
cat /proc/pci
```

You will see all your pci devices listed, with vendor info and so on. Note the IRQ's mentioned in the ouputs of the former three commands. This should tell which card accords to which interface, unless you have two exactly the same types of network cards. In that case, boot with only one card plugged in and use ifconfig to find the (unike!) hardware adress of your network card.

The reason why your network card didn't work is probably your ISP that does HW-adress caching. My ISP in Belgium does this. When you change the card your cablemodem is connected to, you must wait about an hour before you will recieve a new ip-adress. There might be other reasons.

Then sharing your connection.

I read http://gentoo-wiki.com/HOWTO_setup_a_home-server. It's a good starting point but you won't need everything mentioned there. You'll probably want a dhcpserver for the internal part of your network and ip-masquerading on your machine with two network cards. I use net-misc/dhcpcd as dhcp server. Take a look at /etc/conf.d/dhcpd and 'man dhcpd.conf'.

----------

## stoffe

Sounds like excellent advice, I will try this out as soon as I can - makes a bit more sense now too, I hope.  :Wink:  I know I don't need all on that wiki site, but what seemed good about it was that it was all on one page, collected, and one could pick parts from it.

 *tovrstra wrote:*   

> The reason why your network card didn't work is probably your ISP that does HW-adress caching. My ISP in Belgium does this. When you change the card your cablemodem is connected to, you must wait about an hour before you will recieve a new ip-adress. There might be other reasons.

 

Is there any way to refresh this? On Windows, ipconfig /release and/or /renew usually takes care of this - any similar command in Gentoo? (Re)starting the interface is not enough, if this is the issue. I use Telia ADSL in Sweden, in case anyone knows how they do this stuff.

Thanks a lot, I'll report back with success/failure as soon as possible.  :Smile: 

----------

## tovrstra

 *stoffe wrote:*   

>  *tovrstra wrote:*   The reason why your network card didn't work is probably your ISP that does HW-adress caching. My ISP in Belgium does this. When you change the card your cablemodem is connected to, you must wait about an hour before you will recieve a new ip-adress. There might be other reasons. 
> 
> Is there any way to refresh this? On Windows, ipconfig /release and/or /renew usually takes care of this - any similar command in Gentoo? (Re)starting the interface is not enough, if this is the issue. I use Telia ADSL in Sweden, in case anyone knows how they do this stuff.
> 
> 

 

Releasing your dhcp lease is done when you shut down your gentoo box. Try as root: '/etc/init.d/net.eth0 stop' If eth0 has gotten it's adress with dhcp, it will also release it. (and you will get a message on screen) Unfortunatly this doesn't take the cached hardware adress out of the database of my ISP. The same goes for ipconfig /release under windows.

I just think about a possible source of network misery. When you change your network settings in /etc/conf.d/net while your network is up, and then do a /etc/init.d/net.xxx restart, things can go horribily wrong. This script also uses the config file for the correct shutdown of an interface.

----------

## stoffe

Hello again!

Had a lot of trouble with my computer since last - completely unrelated but really bad ones. So today, I finally got around to trying these tips after lots and lots of cleaning and maintenance... and do you know:

This I am typing from my laptop, via the Gentoo box! Once I used the above tips, everything went really smooth. So I just wanted to stop by again and say a big thanks for the help!  :Very Happy:  (Old eth0 became eth1 when adding the card, as somewhat suspected - taking this in account when configuring just made it work).

Only thing I'm kinda wondering about now is how to set things up so internet traffic from the laptop just gets passed through - using Squid seems kinda limited? Or am I just spoiled wanting to SSH directly to my school instead of doing a two-pass SSH?  :Wink:  Nah, really it is mostly stuff like not having to switch proxies on and off in browser, icq client and so forth all the time... any tips as easy to read as the above HOWTO?

Either way, again a huge thanks!  :Smile: 

----------

## tovrstra

Hi,

I've been off the forum for a while. At my apartment I have a internet-connected box that serves as NAT-router so that all boxes connected to it have acces to the internet. You can fix this with iptables. My firewall configuration is like this (ssh is running on port 22222)

```

toony root # iptables-save

# Generated by iptables-save v1.2.9 on Thu Jun 17 20:52:07 2004

*nat

:PREROUTING ACCEPT [73:7261]

:POSTROUTING ACCEPT [108:6480]

:OUTPUT ACCEPT [316:19010]

-A POSTROUTING -o eth0 -j MASQUERADE

COMMIT

# Completed on Thu Jun 17 20:52:07 2004

# Generated by iptables-save v1.2.9 on Thu Jun 17 20:52:07 2004

*filter

:INPUT DROP [0:0]

:FORWARD DROP [0:0]

:OUTPUT ACCEPT [5522:672865]

:dos - [0:0]

-A INPUT -s 127.0.0.1 -j ACCEPT

-A INPUT -s 192.168.0.0/255.255.255.0 -j ACCEPT

-A INPUT -i eth0 -p udp -m udp ! --dport 0:1023 -j ACCEPT

-A INPUT -i eth0 -p tcp -m tcp ! --dport 0:1023 ! --tcp-flags SYN,RST,ACK SYN -j ACCEPT

-A INPUT -i eth0 -p icmp -j ACCEPT

-A INPUT -i eth0 -p udp -m udp --dport 123 -j ACCEPT

-A INPUT -i eth0 -p tcp -m tcp --dport 22222 -m limit --limit 3/min -j ACCEPT

-A INPUT -i eth0 -p tcp -m tcp --dport 22222 -m limit --limit 3/min -j dos

-A INPUT -p 47 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-port-unreachable

-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT

-A FORWARD -i eth1 -o eth0 -j ACCEPT

-A FORWARD -j LOG --log-prefix "FORWARDPROBLEEM: "

-A FORWARD -j REJECT --reject-with icmp-port-unreachable

-A dos -m limit --limit 3/hour -j LOG --log-prefix "DOSAANVAL: "

-A dos -j REJECT --reject-with icmp-port-unreachable

COMMIT

# Completed on Thu Jun 17 20:52:07 2004

```

I'm not a firewall guru, but this works very well. I can connect from the outside to my box at home. All other connections from the outside are blocked. (My provider blocks all conections under port 1024 from machines outside the provider network.)

The nat table and the forward rules in the filter table turn my box into a nat router. If you want to learn more: http://www.netfilter.org/ This is the one and only starting point for firewalling, nat routing and packet mangling under linux. Certainly take a look at the NAT HOWTO.

----------

## stoffe

Thanks yet again! (And sorry for being so slow with responses).

By looking at your example together with what I had, I constructed this:

```
bash-2.05b# iptables-save

# Generated by iptables-save v1.2.9 on Mon Jun 21 23:13:35 2004

*nat

:PREROUTING ACCEPT [7949:622494]

:POSTROUTING ACCEPT [1585:111736]

:OUTPUT ACCEPT [0:0]

-A POSTROUTING -o eth1 -j MASQUERADE

COMMIT

# Completed on Mon Jun 21 23:13:35 2004

# Generated by iptables-save v1.2.9 on Mon Jun 21 23:13:35 2004

*mangle

:PREROUTING ACCEPT [43577:13659447]

:INPUT ACCEPT [42857:13300990]

:FORWARD ACCEPT [719:358405]

:OUTPUT ACCEPT [36176:7022984]

:POSTROUTING ACCEPT [36903:7383281]

COMMIT

# Completed on Mon Jun 21 23:13:35 2004

# Generated by iptables-save v1.2.9 on Mon Jun 21 23:13:35 2004

*filter

:INPUT DROP [93:5036]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [36176:7022984]

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -i ! eth1 -m state --state NEW -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

-A FORWARD -i eth0 -o eth1 -j ACCEPT

COMMIT

```

and it seems to be working very nicely... however I am not entirely sure yet that I've gotten it right, so I thought I'd better post it here and see if anyone screams out loud.  :Wink:  Anyhow, this together with a small program called dnsmasq allows me to plug in my laptop (which now runs Mandrake as a simple test to see how it behaves under Linux  :Smile: ) and SSH in on remote servers, surf the web etc. I just hope it's doing the right thing when it comes to the scary outside world.  :Smile: 

Again and again: Thanks! You are most helpful.  :Smile: 

----------

## tovrstra

yup, looks cool. If you really want to be sure, try to find the open ports of your box with nmap from a host on the internet. Their also seems to be an intresting iptables thread on the forum: https://forums.gentoo.org/viewtopic.php?t=159133

happy networking !   :Smile: 

----------

## ynef

Since Telia are so kind and give us a public IP address and not just an internal one, you can always use the port scanners at scan.sygate.com to check your system's firewall.

----------

## stoffe

 *ynef wrote:*   

> Since Telia are so kind and give us a public IP address and not just an internal one, you can always use the port scanners at scan.sygate.com to check your system's firewall.

 

Ok, lets try it then...

 *scan.sygate.com wrote:*   

> Trying to gather information from your web browser...
> 
> Operating System = Linux i686
> 
> Browser = Firefox 0.8
> ...

 

I'd say that looks pretty good!  :Wink:   :Very Happy: 

Thanks!

----------

