If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
SDB:ISDN Gateway for Private Networks in SuSE Linux 8.0 or Higher
Your computer has an ISDN connection and you want to use it as an Internet gateway for your local network.
Issues of this complexity exceed the scope of our free-of-charge installation support. Therefore, these brief instructions should help you to set up such a gateway.
Please note that this article cannot impart the basics of firewalls and system security. You can find some reading material on these subjects e.g. at the URL of our publishing house, "SuSE Press" at http://www.susepress.de/
SuSE shall not be liable for any damages caused to your data or to your local network by the utilization of a gateway.
Below is a step-by-step guide including some configuration tests.
In the following lines, the computer that will act as a gateway is known as gateway and the computers on your LAN are called clients.
- The gateway requires a network cards and a ISDN card. Use YaST2 to configure these cards: YaST2 -> Network/Base -> ISDN configuration or YaST2 -> Network/Base -> Network card configuration. Configure the network card for the LAN first. Assign an static IP address to it.
IP address: 192.168.0.1 Subnetmask: 255.255.255.0
No changes are required in the host name or routing. Save the configuration.
If a local network is already available, select the IP address from it. We recommend you to use addresses from the space 192.168 for your local network. In this example, the IP addresses for the local network have been taken from the ranges 192.168.0.0 to 192.168.0.255.
Network card test for the LAN
Ping the newly configured network card with the command
ping -c 2 192.168.0.1. The output will be similar to:
PING 192.168.0.1 (192.168.0.1) from 192.168.0.1 : 56(84) bytes of data. 64 bytes from 192.168.0.1: icmp_seq=1 ttl=255 time=0.655 ms 64 bytes from 192.168.0.1: icmp_seq=2 ttl=255 time=0.329 ms --- 192.168.0.1 ping statistics --- 2 packets transmitted, 2 received, 0% loss, time 1008ms rtt min/avg/max/mdev = 0.329/0.492/0.655/0.163 ms
If your output is not similar to this, repeat the configuration process of the network card (something has gone wrong). You can abort the command
ping anytime by hitting CTRL + C.
Testing the connection to the LAN
If the network card test have been successful, proceed now to test if the clients can be reached from the gateway. Use the command
ping for this purpose. At least some clients shall react to the command
ping -c 3 -b 192.168.0.255. The output should be similar to:
WARNING: pinging broadcast address PING 192.168.0.255 (192.168.0.255) from 192.168.0.1 : 56(84) bytes of data. 64 bytes from 192.168.0.1: icmp_seq=1 ttl=255 time=0.774 ms 64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=1.19 ms (DUP!) 64 bytes from 192.168.0.3: icmp_seq=1 ttl=255 time=1.30 ms (DUP!) 64 bytes from 192.168.0.4: icmp_seq=1 ttl=64 time=1.57 ms (DUP!) --- 192.168.0.255 ping statistics --- 2 packets transmitted, 2 received, +3 duplicates, 0% loss, time 1010ms rtt min/avg/max/mdev = 0.325/1.033/1.573/0.438 ms
As you can see, the machines with the IP addresses 192.168.0.1 (gateway) and 192.168.0.2 to 192.168.0.4 (clients) have replied. If you know the IP address of a client, you can ping it directly to test the connection. It is essential that the clients can be reached from the gateway and vice versa. If this connection does not work, you have to solve the problem within the LAN before trying to connect the LAN to the Internet.
- Configure the ISDN access on the gateway as described in the Basics manual, page 85. Do not activate the firewall. Please note that if Dial on Demand is activated, the gateway will set up a connection to the Internet as soon as the gateway or a client send a request to the Internet. This is only advisable if you have a flat rate.
Testing the connection to the Internet
Test the Internet connection from the gateway. The command
cinternet enables you to manually start (
cinternet -start) or stop (
cinternet -stop) the connection. Set up the connection, wait 30 seconds, and test it again with the command ping. For example, you can ping our web server www.suse.de with
ping -c 4 www.suse.de. The output should be similar to:
ping -c 4 www.suse.de PING www.suse.de (126.96.36.199) from 188.8.131.52 : 56(84) bytes of data. 64 bytes from Turing.suse.de (184.108.40.206): icmp_seq=1 ttl=251 time=23.9 ms 64 bytes from Turing.suse.de (220.127.116.11): icmp_seq=2 ttl=251 time=23.7 ms 64 bytes from Turing.suse.de (18.104.22.168): icmp_seq=3 ttl=251 time=24.0 ms 64 bytes from Turing.suse.de (22.214.171.124): icmp_seq=4 ttl=251 time=24.0 ms --- www.suse.de ping statistics --- 4 packets transmitted, 4 received, 0% loss, time 3030ms rtt min/avg/max/mdev = 23.775/23.941/24.035/0.184 ms
As above, it is essential that this connection works. Otherwise, you have to solve the problem with the Internet connection before trying to connect the LAN to the Internet.
- Now prepare the gateway to forward requests from the LAN to the Internet. The easiest way is by using the SuSE b>personal-firewall, a simple iptables-based package filter that rejects all unauthorized packages from the Internet and is in charge of forwarding the requests from the LAN to the Internet. The configuration file of SuSE personal-firewall
contains a configuration variable
REJECT_ALL_INCOMING_CONNECTIONS. Edit this file as follows:
In addition, you must inform the kernel that you want to be able to forward packages. To do this, edit the file
by changing the variable
Finally, make sure that the SuSE personal-firewall is started when the gateway is booted. This can be done with the commands:
Execute the following commands to apply these settings without having to reboot first:
echo "1" > /proc/sys/net/ipv4/ip_forward rcpersonal-firewall start
Connection test to the Internet with the SuSE personal-firewall
Launch the connection to the Internet with the command
cinternet -start and test it with the command
ping as described above.
- The last step consists of informing the clients that, from now on, the gateway will provide the Internet connections. On a SuSE Linux 8.0 client, this can be done by entering the gateway's IP address as standard gateway in YaST2 -> Network/Advanced -> Routing. In this case:
In addition, the clients must know how to contact a name server in order to resolve domain names in IP addresses. For this purpose, read out the name servers from the file
on the gateway during an Internet connection. In our example, we have used a T-Online name server. Enter the name server on the clients. For example, on SuSE Linux 8.0 clients: YaST2 -> Network/Advanced -> Host name and DNS. Host name and domain name do not have to be changed.
Name server list: 126.96.36.199
Domain search list: .de
Connection test to the Internet from a client
After having set the standard gateway and name server on the clients, test the connection to the Internet with the command
ping as described above.
If all these tests have been successful, the clients are now ready to use the Internet connection provided by the gateway.