Make a router out of a simple notebook with one NIC (buy a second NIC)

loopx · 2010-12-12 16:37:04

Hello all,

Before starting, I think I must say hello to you because I'm new here : this is my first post . So, in fact, I'm working with Linux since 5 years. I'm running Gentoo on my workstation and my old server, Ubuntu on my notebook and for family, and finaly, I'm running Red Hat at work place for workstation and servers. I'm a Linux and JBoss administrator .

I've decided to run/try Arch because it seams to growth with rock-solid ideas and it's a binary distribution. I now prefer a binary distribution for my server, because it's taking too much time to let old computer or notebook compile the whole world (alone or not ...). I prefer now looking around and learn another Linux distribution. This is why I started to install my first Arch Linux : I will try to run a server on a simple notebook. In fact, it's a working machine, but without any graphics capabilities (memory has burned...), and so, perfect for a little server low consumption. I want it to replace my current server/router running Gentoo on an old Pentium 3.

For now, I've encountered these little problem :
- LID problem when screen is close : reboot never work (power off just after the BIOS, when the LID state is "screen closed"...) => disable LID connection (unplugged from motherboard)
- ssh problem => must now use "/etc/hosts.allow" to let remote machine to be connected
- try routing packet with one NIC => for now, doesn't work ...
- try to get X11 Forwarding => doesn't work too, but it will works quickly

My infrastructure is just a server/router splitting in two part for the LAN at home :
- one part is LAN with all workstations
- the other part is LAN_router which is another network with only the ADSL router to access internet

So, its looking like this : <machine1> => <switch> => <[eth1]server/router[eth0]> => <switch> => <router_ADSL> => INTERNET

All is fine ... with the old machine ... for the new one, it has only one network interface ... The question is : how to do routing with only one NIC ???

In theory, I "should" work ... but .. some component can have some little hard time to do the right things .. and for me, is not working right now.

The first try is to use one interface with one IP aliasing, like this :

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:1d:e4:a3:d5:1a brd ff:ff:ff:ff:ff:ff
    inet 10.2.1.8/26 brd 10.2.1.63 scope global eth0
    inet 10.2.1.66/26 brd 10.2.1.127 scope global eth0:0
    inet6 fc80::21a:e2ff:fea3:d56a/64 scope link 
       valid_lft forever preferred_lft forever

Two sub network are used :
- 10.2.1.0/26
- 10.2.1.64/26

I must have 2 ip on one NIC, so aliasing can be used (when testing, the new server/router is able to ping a workstation and the ADSL router ; it can also use internet). I've heart there is some problem with "iptables" to set forwarding rules when using IP Aliasing ... but I prefer try myself . It doesn't work for now, probably because of this. But, is there a way to use a "workaround" ? For example, if "iptables" is not able to play with aliasing, and so, interface such as "eth0:0", may be there is a way to tell it, like this :

[root@serveurn ~]# iptables-save 
# Generated by iptables-save v1.4.10 on Sun Dec 12 17:30:01 2010
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING ! -d 10.2.1.0/26 -o eth0 -j SNAT --to-source 10.2.1.66 
COMMIT
# Completed on Sun Dec 12 17:30:01 2010
# Generated by iptables-save v1.4.10 on Sun Dec 12 17:30:01 2010
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9:932]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -s 10.2.1.0/26 -p tcp -m tcp --dport 22 -j ACCEPT 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
COMMIT
# Completed on Sun Dec 12 17:30:01 2010

... use the interface "eth0" (for the whole throughput) and do SNAT for all excepted for the LAN network ? But it seams to not work ...

I got a second idea : if it wan't work with aliasing ... may be can I use virtual interface and bridge ... create a bridge with "eth0" and "tap0" so I can add more than one ip in the machine .. and may be, will be able to route packet from these two interface ???

But for now, I have to understand why X11 Forwarding don't work ...

EDIT: xorg problem solved : xorg-auth was requested ...

Last edited by loopx (2011-01-09 18:08:28)

pyther · 2010-12-13 04:18:14

How do you think one nic would work? You can't plug two cables into one NIC, can you?

fukawi2 · 2010-12-13 04:55:59

It should work the way you have described (with aliases, or more technically described as Multiple Layer 3's on a Common Layer 2), but it is dirty and nasty and shouldn't be done unless you're stuck on a deserted island and your only hope of rescue is building a router out of 2 coconuts, a sea shell and a single NIC that was washed up on the beach in the last storm.

Split the Layer 2 up by either:
1) Adding another NIC (Wireless, USB, PCMCIA whatever)
2) Use 802.11q Tagged VLANs

pyther · 2010-12-13 12:08:08

Sure, but that is assuming the switch supports vlans.

Google · 2010-12-13 16:58:41

Am I the only one who thinks this topic is badass?

jasonwryan · 2010-12-13 17:10:29

Google: https://wiki.archlinux.org/index.php/Fo … mpty_Posts

fukawi2 · 2010-12-13 22:26:01

pyther wrote:

Sure, but that is assuming the switch supports vlans.

Of course. A second NIC is almost certainly the cheaper option if the switch doesn't already support VLANs.

loopx · 2011-01-09 18:07:55

Hi,

Problem solved .. since à just buy a new USB ethernet device ... and now, got 2 NICs ...

Daniel_F · 2011-01-10 00:18:06

fukawi2 wrote:

" ...it is dirty and nasty and shouldn't be done unless you're stuck on a deserted island and your only hope of rescue is building a router out of 2 coconuts, a sea shell and a single NIC that was washed up on the beach in the last storm. "

PRICELESS !!

@loopx: Honestly: return the USB NIC you just got, buy a compatible device(maybe an asus rt-n16) and install dd-wrt. You'll be a lot happier....

Last edited by Daniel_F (2011-01-10 00:34:08)

Arch Linux

#1 2010-12-12 16:37:04

Make a router out of a simple notebook with one NIC (buy a second NIC)

#2 2010-12-13 04:18:14

Re: Make a router out of a simple notebook with one NIC (buy a second NIC)

#3 2010-12-13 04:55:59

Re: Make a router out of a simple notebook with one NIC (buy a second NIC)

#4 2010-12-13 12:08:08

Re: Make a router out of a simple notebook with one NIC (buy a second NIC)

#5 2010-12-13 16:58:41

Re: Make a router out of a simple notebook with one NIC (buy a second NIC)

#6 2010-12-13 17:10:29

Re: Make a router out of a simple notebook with one NIC (buy a second NIC)

#7 2010-12-13 22:26:01

Re: Make a router out of a simple notebook with one NIC (buy a second NIC)

#8 2011-01-09 18:07:55

Re: Make a router out of a simple notebook with one NIC (buy a second NIC)

#9 2011-01-10 00:18:06

Re: Make a router out of a simple notebook with one NIC (buy a second NIC)

Board footer