The Router-Connect IPMasq d Network | Multitool Linux: Practical Uses for Open Source Software

The Router-Connect IPMasq'd Network

The first thing to bear in mind is that no matter how many times you hear people (including myself ) refer to cable modems and DSL modems, there is no such thing as a cable modem or a DSL modem. Modems are pretty much used only on phone lines ( modem is short for modulator /demodulator, and this modulation is required to convert digital data to analog data ”since normal phone lines can only handle analog data). So-called cable modems and DSL modems are actually routers ”they merely route packets from your internal network (or PC) to the external world. Now, that said, for pretty much all intents and purposes, you can get away with calling a cable router a cable modem. This is rather similar to the definition of pistol . Technically, a revolver is not a pistol. A pistol is a handgun whose chamber is integral with the barrel (check it out at http://www.m-w.com/ ), while a revolver has multiple chambers (usually six). For all intents and purposes, a revolver is a pistol ”it's a handgun (and that's usually what people think of when they say pistol ). For virtually everyone, a modem is a gadget that gets plugged into your home somewhere that lets you access the Internet or another computer. I think that's enough hair-splitting, don't you?

For consistency and simplicity, I will not cover IP Masquerading under kernel 2.0.x ”it's time to upgrade to a newer version of the kernel, my friend. Kernel 2.0.x is quite old now. Since (as of this writing) no updates have been done to it since January 9, 2001, it seems safe to say that not much more development work is going into it. If it helps convince you at all, I noticed small speed increases when I upgraded from kernel 2.0.36 to kernel 2.2.x. That explains why I'm not using the old 2.0 series of kernel. But why wouldn't I use the new 2.4 kernel? I've always followed a rather simple saying: The early bird may get the worm, but the second mouse gets the cheese. For this reason, I tend to stay one kernel revision behind on my servers. The only time I violate that rule is when the new kernel has some feature that I desperately need.

If that line of argument hasn't convinced you to go with kernel 2.2, then that's okay. Kernel 2.2's ipchain rules can be read natively by kernel 2.4's netfilter tool. Doing so is beyond the scope of this chapter, however.

Okay, so you've got yourself a machine with a kernel 2.2 distribution (or, conceivably, a 2.4 distribution). You've got yourself a working DSL or cable connection. Now you need to get ipchains up and running.