Linux Networking: Using Ipchains
Multiple Machines, A Single Connection
A D V E R T I S E M E N T
Linux can route network traffic from one network segment to another. Routing
is normally done on a PC with two or more network adapters. This article
presents a configuration using a pair of Ethernet adapters. More specifically,
the article examines how a Linux computer can link a local network to the
Internet through an Ethernet-attached device like a cable modem or a DSL modem.
The article examines the basic concepts pertaining to routing, network address
translation (NAT), firewalls, and a program called ipchains.
Individual sections address each concept. The last section combines the
basics into a sample configuration for linking a local network to the Internet.
Routing can be done using a number of network protocols but the IP protocol is
the one that is addressed in this article. IP is also the protocol used on the
Internet. The previous articles address configuration of the IP protocol for
network adapters on a Linux computer.
Linux can implement very complex routing using multiple network adapters, but
most configurations utilize a pair of network adapters. These can be any
combination from a pair of Ethernet adapters to an Ethernet adapter and a modem.
This article will concentrate on the former, while the next article will address
The routing software, or simply router, listens at a network adapter for
messages, also called packets, addressed to it in the same way as the Apache web
server, httpd, listens for Web-page requests. Many services can use a single
network adapter without a conflict. Other computers on the network direct
messages to the router. The other computers are setup to do this by setting the
IP address of the router in the computer's default router or gateway setting.
The router takes incoming messages and checks the destination IP address to
determine where to forward the message. It uses routing tables to make this
determination. The message may wind up being sent to another network segment or
it may be forwarded yet again to another computer acting as a router. This
router-to-router handoff is essentially how the Internet works. A
router-to-router handoff is called a hop. Messages going in the reverse
direction are handled in the same fashion.
The router assumes the network adapter handles the low level transmission of
messages. For modem links, like those covered in the next article, often utilize
the Point-to-Point Protocol (PPP). Some DSL and cable modems utilize PPP over
Ethernet (PPPoE). For this support, check in the next article. This article
assumes that DSL and cable modems are connected to an Ethernet adapter.
The Linux route program is used to configure and display the
routing tables. The routing support is built into Linux. The basic syntax and
semantics for the route program are covered later.