Building a home network at CMU

This document describes how one might set up a home network of PCs, running either Linux or Windows 95, with one machine dialed in to SCS using SLIP/CSLIP/PPP. It probably also applies to Windows NT, but I don't have any experience there.

The biggest issue here is that due to the SCS dialup server configuration, only the dialed-up machine can directly talk to the rest of the world. The other machines basically have to use the dialed-up machine as a proxy. If the dialed-up machine is running Windows, you have to use explicit proxy software, but if it is running Linux, the proxying can be made transparent through the use of "IP masquerading".

Choose network hardware

Each PC needs an ethernet card. Ethernet cards can be bought for $30-$40. You need to decide whether your network will be 10b2 (thin-net) or 10bT (using cabling and connectors similar to phone jacks). 10bT wiring is cheaper, but requires a hub. A hub is fairly low-priced (price? $50?). 10b2 (thin-net) doesn't require a hub, but cabling problems might be harder to debug.

I'm happy with my $30 Boca NE2000 compatible card from CDW ($3 shipping, 2 days delivery by UPS ground). For cabling, Darrell Kindred recommends Hosfelt (typically 1 day UPS delivery, or a scenic drive down the Ohio River): 

   prices for 10base2 (as of 4/97):
	part #60-217 RG58 black, $0.14/foot
        part #60-267 BNC male twist-on connector $1.50 ea.
	part #956    BNC "T" adapters (often come w/ ethernet card) $2.29 ea.
   888/264-6464 or 800/524-6464
Compusa-- will also have cabling complete with connectors for OK prices.

David Rochberg warns against getting super-cheapo cards that don't use DMA, as your performance might suffer greatly while the network is active.

There's also the issue of whether to buy an ISA or PCI card. PCI cards are more expensive, and do you really need to ftp at more than 700KB/sec throughput?

Virtually every modern ethernet card has a 10bT connector. You usually have to buy a "combo" card, for an extra $5-$10, to get the 10b2 connector.

I personally use thin-net, about 150 feet for 3 computers, with no problems.

Choose network addresses

RFC 1918 gives a set of IP addresses that are specifically set aside for local internets. In particular, you can use 172.[16-31].[1-254].[1-254]. I personally use 172.30.1.*, but you should probably try to pick a set of addresses that you think are unlikely to collide with anyone else's home network. (This will only matter if you plug your machine into their network.) By convention, assign the lowest-numbered IP address of your set to the dialed-up machine.

Choose your OS configuration

You need to decide whether the dialed-up machine (which I'll call the gateway) will run Windows 95 or Linux. And for every other machine on the network (which I'll call the clients), you need to decide whether it will run Windows 95 or Linux.

I think it works best if the gateway is running Linux. The client OS doesn't really matter.

Gateway running Linux, client running Linux

You've already chosen the IP address of the gateway. Assume it's 172.30.1.1. Linux probably identifies the ethernet card as "eth0". Use the following commands to configure the gateway: 
	ifconfig eth0 172.30.1.1 broadcast 172.30.255.255 netmask 255.255.0.0
	route add -net 172.30.0.0 netmask 255.255.0.0
In general, if you've chosen IP address aa.bb.cc.dd, use these commands: 
	ifconfig eth0 aa.bb.cc.dd broadcast aa.bb.255.255 netmask 255.255.0.0
	route add -net aa.bb.0.0 netmask 255.255.0.0
Compile the Linux kernel with "IP Masquerading" support. I don't know how old your kernel can be, but 2.0.29 works fine for me. You need to answer "yes" to "Prompt for development and/or incomplete code/drivers". Answer "yes" to "Network firewalls", "IP: forwarding/gatewaying", "IP: firewalling", "IP: masquerading", and "IP: always defragment". Also, if you want Linux to support the Windows file sharing, you should answer "yes" to "The IPX protocol".

After compiling the kernel, do a "make modules" and "make modules_install". This will enable the client machines to use certain programs like ftp, irc, realaudio.

At boot time, run the following commands to give the client machines access to your "firewall": 

    /sbin/ipfwadm -F -p deny
    /sbin/ipfwadm -F -a m -S 172.30.0.0/16 -D 0.0.0.0/0
Substitute the first two components of your IP address for the "172.30" part.

I recommend looking at http://www.indyramp.com/masq/ipmasq-HOWTO.html for more comprehensive information on IP masquerading. Also check out http://dijon.nais.com/~nevo/masq/.

One note: I've had problems with client connections sometimes hanging when using IP masquerading. This was solved by setting the dialup MTU to be the same as the ethernet MTU (i.e., 1500).

Another note: client telnet connections will time out after 15 idle minutes. You can increase the timeout by using the command: 

    ipfwadm -M -s <number-of-seconds> 0 0

If you're connected to CMU via some sort of ethernet interface (e.g., ADSL or MCN), you could buy a second ethernet card, or you can use the IP Aliasing that Linux provides. Configure the kernel answering "yes" to "Network aliasing" and "IP: aliasing support". According to Darrell Kindred, you can then use the following commands (in place of the similar commands given above) to configure the network: 

  /sbin/ifconfig eth0:0 172.30.1.1 broadcast 172.30.255.255 netmask 255.255.0.0
  /sbin/route add -host 172.30.1.1 dev eth0:0
  /sbin/route add -net 172.30.0.0 netmask 255.255.0.0 dev eth0:0

On the client machines: You don't need to include any special kernel options. Run the same ifconfig and route commands as on the gateway, except substitute the client's IP address. Set up the gateway machine as your gateway: 

    route add default gw <gateway-IP-address> eth0

If the gateway is running NTP to keep the clock synchronized, the client can use the gateway machine as an NTP server.

/etc/resolv.conf on the client should be the same as on the server. Mine reads: 

    nameserver 128.2.222.199
    nameserver 128.2.203.61
    search alias.cs.cmu.edu cs.cmu.edu ri.cmu.edu edrc.cmu.edu cmu.edu

Kerberos: kinit works, and "telnet -x" works from the client machine. krcp doesn't seem to work at all, and of course you won't be able to telnet directly to a client from the other side of the gateway. Zephyr doesn't seem to work at all.

Gateway running Linux, client running Windows 95

For the gateway machine, follow the same instructions as above (Gateway running Linux, client running Linux). In addition, it's very useful to use the Samba software to allow Linux to participate in file and printer sharing. That way, you can cross-mount the file systems between Linux and Windows 95. To allow Samba, compile the Linux kernel with IPX/SPX support, as well as support for the SMB file system. Install the samba and ksmbfs packages.

For the client machine, go to the Network control panel. Make sure the following network components are installed:

"Primary Network Logon" should be set to "Client for Microsoft Networks". With this setting, Windows will prompt you for a userid and password every time you boot. I'm sorry, there's no way around this. Just set yourself a null password, and accustom yourself to hitting return when you boot.

See the pictures below for the other properties of the Network control panel.

See http://www.starnet.com for a Windows X server. There's a demo version that works well, but shuts down after 2 hours. Contact me if you want hints on how to deal with this. You'll be able to directly run X clients from the gateway machine, but to run from other machines, you need to set up an X proxy. dxpc is a good one to look into.

Gateway running Windows 95, client running Linux

A Windows 95 networking proxy is required to run on the gateway machine. (Suggestions on a proxy to use?) You'll need to configure Netscape on the client machines to use the gateway as a proxy. (Other network services? ftp? telnet?)

Gateway running Windows 95, client running Windows 95

James M Stichnoth
Last modified: Wed Jul 9 12:15:27 EDT 1997