[PLUG] One NIC NAT!

Jeff Schwaber jschwaber at wesleyan.edu
Mon Aug 4 20:43:01 UTC 2003


Oh horror of horrors, I ordered MSN broadband (dsl). They gave me a
decent deal, and it was better than what I was using before that (free
AOL =). So I got the modem, and discovered that it acted as a DHCP
server/NAT router. I was delighted. I could just plug in a hub to the
thing and get multiple computers going instantly, no need to buy a
40-80$ router/NAT (I know, I could have, and will, make a cheap computer
into a router, but I didn't have any at the time). 

MSN Broadband, however, has built their modems to only allow one IP
address at a time. If you dhcp-request an ip, it gives it to you and
then blocks all other ip addresses. It was truly bizarre.

So since I had nothing but two laptops, a hub, and this cranky modem (it
also sometimes decides that if there are multiple people dhcping it, it
should shut off), I had to come up with a novel solution.

So here it is:

the One NIC NAT

with IP Aliasing, you can split your nic into two ip addresses, on two
different subnets, like this:

ifconfig eth0:0 192.168.1.2 netmask 255.255.255.0
ifconfig eth0:1 192.168.2.1 netmask 255.255.255.0
ifconfig eth0:0 up
ifconfig eth0:1 up
ifconfig eth0 up
route add default gw 192.168.1.1

and then with iptables put together a nat using the same nic for both
the input and the output ports.

#!/bin/sh
 
/sbin/iptables --flush
/sbin/iptables --table nat --flush
/sbin/iptables --delete-chain
/sbin/iptables --table nat --delete-chain
 
/sbin/iptables --table nat --append POSTROUTING --out-interface eth0 -j
MASQUERADE
/sbin/iptables --append FORWARD --in-interface eth0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

Then anyone else who wants to be on the network just gives themselves a
192.168.2.x (x>2) ip address and points at 192.168.2.1 as the gateway.

And no, I don't have a question. And if you put it in your interfaces
(/etc/network/interfaces on debian) it'll come up like that. I'm just
pointing this out for anyone who didn't know it. If everyone knew it and
wants to tell me to shut up, I shall do so. =)

And thanks to David Konsumer, if he's on this list, or anyone who knows
him is, for pointing out to me that Linux can do IP aliasing.

Jeff





More information about the PLUG mailing list