PhoneBoy Talks About: Network Address Translation and His Server
The past several geek reports, I have talked about networking your computers and sharing an Internet connection. This week, I'm going to tell you how I personally do all that and more with a 386!
Network Address Translation
Last week, we talked about using a proxy server to share your internet connection. The problem with proxy servers, however, is that your applications usually have to be aware of them. An alternate approach is to use something called network address translation (or NAT). NAT takes network traffice from any address and make it look like it is coming from or going to a different address. Effectively, it allows me to use "private" networks as defined by RFC-1918 and still talk to the Internet. All of this happens on the multi-homed machine that sits between the Internet and the LAN. Large corporate networks and/or sites with a limited number of legal Internet address will use NAT to allow their corporate users to access the Internet and provide services without have to give each system a legal Internet address.
NAT is completely transparent to most client software, though you will have to set up the TCP/IP on your LAN systems to have its "default route" set to the IP address of the machine on your LAN that does the NAT. Unfortunately, the only product I know of that does this on Windows 95 is rather pricy -- WinRoute. I have not tried this product myself, but it seems to be a full-featured packet-filter and NAT-based firewall.
The latest version of the Linux kernel can do NAT, though you may need to recompile your kernel to enable all the features. I started using this at home ever since the hard drive in my main PC crapped out. I now have a dedicated machine running in this configuration and it works fabulously.
Speaking of Linux
I have a dedicated machine at home that is:
- A dual-homed machine
- A Windows file & print server
- A FireWall with NAT capabilities
- A SOCKS proxy server
- A DHCP server
- A Web Server
I can do all of this on a 386 with only 8 megabytes of RAM. Of course, I run Linux on this machine (the free Unix-like Operating System), but I also have some additional software running on this machine to make it perform all these tasks and more.
A Dual-Homed Machine
My dual-homed machine is connected to the Internet and my local network. It is connected to my LAN with an NE2000-compatible card. It is connected to the Internet with a 33.6k modem from US Robotics running the distribution of PPP that comes with Slackware Linux. Using a program called diald, it is also set up to dial up the Internet on-demand.
A Windows File & Print Server
One of the most useful programs ever invented for Unix is called Samba. Samba allows you to share resources (files and printers) in a way that is compatible with Microsoft's Network Neighborhood. As such, it requires no additional software on Windows machines. After configuring Samba to work with the printing system on Linux, I was able to print as if the printer was attached to my local system. It's not perfect, but it works well most of the time.
A Firewall with NAT capabilities
The 2.0 version of the Linux kernel has capabilities that allow you to set up a basic firewall. It also allows you to perform a form of Network Address Translation called "Masquerading" so that machines on my local LAN will look as if they are coming from my server, which is connected to the Internet. Those who are interested in this should look at the Linux IP Masquerade Resource. There is also a program called IPFilter, which recently became Linux-compatible. IPFilter allows for more comprehensive firewall capabilities than is allowed by current versions of the Linux kernel, though I have not tried it.
A Socks Proxy Server
A few of my applications do not work as well with NAT as they do with a SOCKS proxy server. Using the freely available SOCKS5 server from NEC, I am able to do just about anything I want from any machine on my LAN.
DHCP stands for "Dynamic Host Configuration Protocol" and is used in large, corporate networks to manage network address space. The main reason for having a DHCP server on your LAN is if you have a work laptop that uses DHCP to obtain it's network address and you occasionally bring the laptop home. Though there are utilities to switch your IP address configuration around for you, I much prefer not having to use those utilities. It seemed much less painful in the long run to set up a DHCP server. I am using the Internet Software Consortium's DHCP Reference Implementation (version 1). Once I was able to set up the DHCP server, I bring my laptop home with me and use it without reconfiguration.
A Web Server
Though not entirely necessary, I set up the Apache Web Server on my Linux machine. Later, I developed a web-based way to allow my fiancee to control my Linux machine without her having to know Unix. Through the interface, she can check to see if it's connected to the Internet, redial if necessary, and shutdown the computer. Eventually, I'm going to write her a program that allows her to maintain a recipe database.