----------------------------------------
Eiger Ethernet to Ethernet Firewall with dhclient support
----------------------------------------
Written by: Charles Steinkuehler
Last Revised: 6/27/00
Disclaimer:
This procedure works for me on my test systems. Your results may vary.
Please note that I have made absolutely no changes to the default
IPCHAINS firewall script. You should examine the firewall setup to
determine if it is appropriate and safe in your environment.
----------------------------------------
Useful LRP related links:
http://lrp.steinkuehler.net/
http://lrp.c0wz.com/
http://www.linuxrouter.org/
http://www.linuxrouter.sourceforge.net/
http://lrp.ramhb.co.nz/main.htm
http://beta-linuxrouter.razorsedge.com/
http://lrp.plain.co.nz/
http://wpkgate.kc.com.my.cpwright.com/lrp/
----------------------------------------
You might also want to read up on basic linux networking, including IP
masquerading and IPCHAINS.  There are many FAQs and HOWTOs available
online.  Remember, LRP is 'real' linux, so most mainstream linux
documentation applies directly to your LRP box.  Note that Eiger runs
kernel 2.2.13, and uses the newer commands (ipchains and ip instead of
ipfwdadm and ifconfig) when you are looking up documentation.
----------------------------------------
Things to add:
PPPoE disk image - I do not have access to a PPPoE server, so I can't do
much to help out here...try to get a static IP or normal DHCP connection
from your ISP if possible...you'll be happier in the long run :-)
----------------------------------------


BEFORE YOU GET STARTED:

You will need a few things, so try to track them all down before getting
started.

1) A machine to run LRP.  You need a 486 DX or better (or an FPU), two
network cards, a 3 1/2" floppy drive, and 12 Meg RAM (16 Meg RAM
recommended).

2) Knowledge about which linux kernel modules your ethernet cards
require.  The best place to learn about this is section 5 of the Linux
Ethernet HOWTO: 
http://www.linuxdoc.org/HOWTO/Ethernet-HOWTO-5.html

3) A copy of the disk image (available where you found this file)

4) A copy of rawrite for DOS users (linux users can use dd)

5) A blank 1.44 Meg floppy disk

SETUP INSTRUCTIONS:

1) Run rawrite to create the disk image.  You will be prompted for the
disk image name and the floppy drive to use.  Rawrite doesn't understand
long file names, so either use the short filename (dir /x if not
displayed automatically) or rename the disk image with an 8.3 filename.

2) Boot the disk on your LRP machine

3) Log in as root (no password is necessary)

4) You should see a configuration screen.  If not, type lrcfg

5) Select menu item 3, then 2, then 1, to edit /etc/modules

6) Uncomment the module(s) needed for your ethernet card(s). All modules
listed in the file are already on your LRP disk. If you are using ne.o,
ne2k-pci.o, or e2100.o, you will also need to uncomment 8390.o

NOTE: If the modules you need are not listed, you will have to add
them to your LRP disk.  See below.

7) Save the file <alt>-w and exit <alt>-q

8) Return to the main lrcfg menu

9) IMPORTANT: BACKUP YOUR CHANGES OR THEY WILL BE LOST!

10) Select LRP menu item b, then 5 to backup changes to modules  
  
11) Reboot

12) Configure your client machines:
  IP=192.168.1.xxx (don't use 0, 254, or 255!)
  Subnet Mask=255.255.255.0
  Default Gateway=192.168.1.254
  Primary DNS=your.primary.dns.server
  Secondary DNS=your.secondary.dns.server

13) You should have a fully functional masquerading firewall


ETHERNET CONNECTIONS:

eth0 = External - Connect to cable-modem, DSL modem, etc.
eth1 = Internal - Connect to hub/switch for internal network

OK, but which network card is eth0 and which is eth1?

Well, it kind of depends.  If you have two different types of network
cards, eth0 is the card who's driver gets loaded first.  If you have two
of the same network card (or cards that use the same kernel module),
which one is which depends on the device driver.  PCI cards are usually
ordered by slot ID (which slot is first is motherboard specific).  ISA
cards have been reported to use all sorts of wacky schemes, including
base address, MAC address, command line specification order, and others.

I usually don't try to figure out which card is which.  Just hook up
both cards and boot your LRP system.  Log in as root, and exit from the
lrcfg menu to a command prompt by pressing 'q'.  Now ping an address on
the internal network (there doesn't actually have to be a computer with
the IP address you are using):

ping 192.168.1.1

Leave the ping command running and go around to the back of the
computer.  You should see the activity light on one of the network cards
flashing once a second.  The interface with the once-a-second blink is
your internal interface (you may have to watch for a while if you are
on a cable modem or there is traffic on your internal network). If you
guessed right (you had a 50-50 chance), congratulations...otherwise just
swap the cables.

Hit <ctrl>-c to stop the ping command.


OPTIONAL:

Set Root Password:
You might want to set your root password (type passwd at a command
prompt).  Remember to backup /etc to your disk or there will be no
password the next time you boot.

Set dhclient hostname or identifier:
Some ISP's require you to send a specific hostname or client identifier
before they will give you an IP address.  If you need to set this up,
edit the file /etc/dhclient.conf (lrcfg menu 3-3-1).  There are examples
of both hostname and client identifier settings.  Uncomment the
appropriate line, and change the setting to the value you need to send.
Backup dhclient (lrcfg menu b-6) and reboot.

Use two floppies for more space:
You can hook a second 3 1/2" floppy drive up for more storage.  Edit
syslinux.cfg on your boot disk and add the second floppy drive to the
PKGPATH variable (ie PKGPATH=/dev/fd0u1440,/dev/fd1u1440).  Put your new
packages on the second floppy, and add the package names to the LRP
variable in syslinux.cfg (ie LRP=etc,log,local,modules,newpkg) to load
them automatically.


NOTES:

To 'uncomment' a line, remove the '#' at the beginning of the line.

If you get tons of 'martian errors' and your internet connection does
not work, you probably have the ethernet connections swapped.

If you get occasional 'martian errors' and your internet connection is
working, you are probably on a 'party line' network with a lot of other
users (like a cable modem network), and someone else on the same segment
has a mis-configured machine.  See the LRP links above for more
information about how you can make these messages go away.


ADDING MODULES TO YOUR LRP DISK

1) Get the Eiger LRP kernel tarball (2.2.16-1.tar.gz)

2) Extract the module(s) you need using winzip.  IMPORTANT: Check the
modules.dep file to see if there are any dependencies for the module you
want.  You will need to add these modules as well.

Alternative: 
  You can download individual kernel modules from my website:
  http://lrp.steinkuehler.net/kernel/Eiger/ 
  
3) Copy the module(s) to a dos floppy

4) Insert the dos floppy into your LRP machine

5) Get to a command prompt on the LRP machine (login as root, if
necessary, and quit from the lrcfg main menu)

6) Mount the dos floppy
  mount -t msdos /dev/fd0 /mnt

7) Copy the module(s) to /lib/modules
  cp /mnt/<filename>.o /lib/modules

8) Unmount the dos floppy
  umount /mnt

9) Modify /etc/modules to load your module.  You can use ae from the
command line, or lrcfg (menu 3-2-1)

10) ADVANCED: You might want to delete some of the unused network
modules to save disk space.  Any of the modules commented out in
/etc/modules are safe to delete.

11) IMPORTANT: BACKUP YOUR CHANGES OR THEY WILL BE LOST!

12) Select LRP menu item b, then 5 to backup changes to modules

