• Skip to Content

• Solutions

+ Not Sure? Try our solution finder

Data Center

o Enterprise Linux Servers

o Virtualization & Workload Management
o Business Service Management

Identity & Security

o Compliance Management
o Identity & Access Management
o Security Management

End-User Computing

o Collaboration
o Endpoint Management

Novell OEM Solutions

o SUSE Appliance Program

o Pre-loaded Linux Desktop
o Cloud Security

Markets

o Cloud Computing
o Intelligent Workload Management
• Products
Products By Category

A-Z

Data Center

o Business Experience Manager

o Business Service Level Manager
o Business Service Manager
 o CMDB360
o myCMDB
o myMO Dashboards
o PlateSpin Forge
o PlateSpin Migrate
o PlateSpin Orchestrate
o PlateSpin Protect
o PlateSpin Recon
o SUSE Linux Enterprise High Availability Extension
o SUSE Linux Enterprise Mono Extension
o SUSE Linux Enterprise Point of Service
o SUSE Linux Enterprise Real Time
o SUSE Linux Enterprise Server
o SUSE Linux Enterprise Server for System z
o SUSE Linux Enterprise Server Priority Support for SAP Applications
o SUSE Linux Enterprise Server with Expanded Support
o ZENworks Linux Management

End-User Computing

o Conferencing
o GroupWise
o File Management Suite
o File Reporter
o Open Enterprise Server
o OpenOffice.org Novell Edition
o Open Workgroup Suite
o Open Workgroup Suite Small Business Edition
o Pulse
o Storage Manager
o Teaming
o ZENworks Application Virtualization
o ZENworks Asset Management
o ZENworks Configuration Management
o ZENworks Endpoint Security Management
o ZENworks Linux Management
o ZENworks Network Access Control
o ZENworks Patch Management

Identity & Security

o Access Governance Suite

o Access Manager
o Cloud Security Service
o Compliance Management Platform
o Identity Manager
 o Privileged User Manager
o SecureLogin
o Sentinel
o Sentinel Log Manager
o Sentinel Rapid Deployment

Novell OEM Products

o SUSE Appliance Toolkit

o SUSE Linux Enterprise Desktop
o SUSE Linux Enterprise JeOS
o SUSE Linux Enterprise Thin Client
o SUSE Moblin
o SUSE Studio
• Services & Support

+ Novell Services Overview

Self Support

o Knowledgebase
o Novell Support Advisor
o Discussion Forums
o Documentation
o Support by Product
o Activate My Product
o Technical Subscriptions

Support Programs

o Support from Partner

o Entitlement & Access
o Open Service Request
o Novell Support Programs
o Product Support Lifecycle
o Chat with Us (Non-technical Questions)

Technical Training

o Look Up & Locate Training

o Certification and Testing
o Advanced Technical Training
o Custom On-site Training
o Free Training
o On-demand Training
o Online Training
 o Technical Skills Assessments
o Training Partners

Contribute

o Participate in Beta
o Report Bug
o Share a Tip, Trick, etc.
o Request Enhancement
o Report Software Vulnerability

Download

o Patches
o Products
o Drivers
o Beta
o Cool Tools

Customer Center

o My Profile
o My Products
o My Support
o My Training
o Open Service Request

IT Consulting

o Why Consulting
o Consulting Offerings
o Delivery Excellence Reviews

Fast Tracks

o NetWare to Open Enterprise Server

o Novell Teaming
o ZENworks Migration Assurance
o PlateSpin Forge
• Partners & Communities

+ Novell Partners & Communities Overview

Partner With Novell

o Solution Provider & System Integrator

 o Hardware Vendor
o Software Vendor
o Training Provider

PartnerNet

o PartnerNet Login
o PartnerNet Community
o Enablement Central

Find a Partner

o Partner Locator
o SUSE Linux Enterprise ISV Catalog
o Certified Partner Products
o Alliance Partners

User Communities

o Cool Solutions
o Novell Users International (NUI)
o Novell Forums

Developers

o Developer Library
o YES Certified Program
o Project Hosting
o Developer Community
• About Novell

+ About Novell

General Novell

o Contact Us
o Our Customers
o Job Search
o Latest Job Postings
o Connection Magazine
o Events
o Media Gallery
o Corporate Blogs
o Industry Analysts

Press
 o Press Releases
o Media Resources
o News Blog
o Subscribe

Investor Relations

o Annual Meeting
o Corporate Governance
o Corporate Information
o Financial Results
o Investor Presentations & Events
o SEC Filings
o Stock Price
• How to Buy

+ How to Buy Overview

o Request a Sales Call

o Find a Partner
o shopNovell
o Shop for Training
o Volume Licensing & Buying Programs
o Novell Merchandise

Change United States, English

Login

> cool solutions home

HOW-TO: Set Up a SUSE 10 Machine As

a Router
Novell Cool Solutions: Feature
By Scott M. Morris
Rate This Page

Reader Rating from 44 ratings

• Printer Friendly
• tell a friend

Digg This - Slashdot This

Posted: 21 Dec 2005

Applies to:

• SUSE Linux 10

Introduction

Quite some time ago, I wrote an article about how to set up a machine running SUSE
Linux Professional 9.2 as a router. This allowed users to share an Internet connection
with several other computers on an internal network. It can also save you having to go
out and buy a router that does essentially the same thing as what we'll produce here. As
there have been many changes since SUSE 9.2, I've written another guide to setting up a
router on a SUSE 10 machine, with much of the text shamelessly stolen from my
previous article. For each step, there is a QUICK SUMMARY for advanced users, and a
DETAILED EXPLANATION for novice users.

Necessary Hardware

First off, let's look at some of the hardware you will need for this article:

• 1 or more computers with 1 Ethernet card in each. These will be referred to as

"client" machines in this document.
• 1 computer with 2 Ethernet cards in it. This will be referred to as the "router"
machine in this document.
• Some (at least 4) Ethernet cables.
• 1 small hub or switch. A Zonet 8-Port 10/100Mbps Switch was used here.
• Internet connection.
• Printed Router Setup Sheet. This file is in PDF Format.

Preliminary Router Setup

Quick Explanation

Set up the two Ethernet cards as DHCP clients. Plug the Internet connection into one of
the cards. Restart the network to obtain an IP address for that card.
Detailed Steps

The first thing that we'll do is get the networking set up on the router machine. On the
router box, plug the Internet connection into one of the Ethernet cards. It does not matter
which one. Then, open up YAST. On the left, click NETWORK DEVICES. Then select
NETWORK CARD from the options on the right:

Another window comes up. It is called "Network Card Configuration Overview." We are
going to set up the Ethernet cards from this window. Here's what mine looks like:
Over at the right, you will see that the IP Address column says "Not configured" for both
of the cards. Yours may be different. At this point, that doesn't matter a bit. We will
configure the cards, now. Select one, and then click on EDIT.

The "Network Address Setup" screen appears. In the SETUP METHOD box, select the
"Automatic Address Setup (via DHCP)" option:
Then, click NEXT in the lower-right corner. You will be taken back to the list of Ethernet
cards. You will see that the card you just configured has DHCP in the IP Address
column.

Now, we just repeat these steps for the other card. Select it and click EDIT. When the
screen comes up, select the "Automatic Address Setup (via DHCP)" option, and click
NEXT. This card should now also say DHCP in the IP Address column.

Both of the Ethernet cards should now say DHCP in the IP Address column:
If this is the case, click NEXT. YAST does some saving of the configuration, and then
the window closes.

Now, we just need to get the IP address from our ISP. This is quite painless. Open up a
terminal window. As root, restart the network by typing '/etc/init.d/network restart'. This
step is shown below:

linux:/> su
Password:
root:/> /etc/init.d/network restart

After you hit ENTER, it will show you a bunch of output that we don't really care about
here.

Next, let's make sure we got an IP address from the ISP. To do this, run '/sbin/ifconfig',
like this:
linux:/> /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:02:B3:49:2D:5E
inet addr:137.65.68.15 Bcast:137.65.71.255
Mask:255.255.252.0
inet6 addr: fe80::202:b3ff:fe49:2d5e/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:58949 errors:0 dropped:0 overruns:0 frame:0
TX packets:5367 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:16434036 (15.6 Mb) TX bytes:997627 (974.2 Kb)

eth1 Link encap:Ethernet HWaddr 00:08:54:D4:6F:20

inet6 addr: fe80::208:54ff:fed4:6f20/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1893 errors:0 dropped:0 overruns:0 frame:0
TX packets:2680 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:227116 (221.7 Kb) TX bytes:2861917 (2.7 Mb)
Interrupt:10 Base address:0xa000

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:81 errors:0 dropped:0 overruns:0 frame:0
TX packets:81 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5290 (5.1 Kb) TX bytes:5290 (5.1 Kb)

linux:/>

You will see that this command produces some information for each of your adapters.
The first adapter is called eth0 and the second one is called eth1. Disregard the lo
adapter. We will not use any of its output here.

We need to determine which adapter is the external adapter. When I say external adapter,
I mean that it is the one that the Internet plugs into. So, how do we find the external
adapter? Well, it's the one with the IP address.

Find the line in the output above that starts with 'inet addr:'. We can see that the
second line of the eth0 section has this information. The IP address follows. In this
case, the IP is 137.65.68.15. Because the eth0 adapter has the IP address, we know that
it is the external adapter.

For best results, eth0 should be the external adapter. If the 'inet addr:' information
(IP address) appears in the eth1 section of your output on your screen, plug the Internet
connection into the other card. Then, open a terminal. As the root (or 'su') user, restart
your network by issuing the '/etc/init.d/network restart' command as shown above. When
you are certain that the eth0 adapter is your external adapter (i.e., it has the IP address),
continue with the next step.
Now that we know that the eth0 adapter is our external adapter, we need to locate its
hardware address. In the sample output above, on the line above the IP address, in the
middle of the line, it says "HWaddr" and has some numbers and colons after it. This is
the hardware address for my eth0 adapter.

Let's take a look at your output, again. Find the adapter on your screen that has the IP
address (the eth0 adapter should be the one with the IP address). Find the hardware
address for this adapter (on the line above the IP address, after "HWaddr"). Write the
hardware address for this adapter on the "External Card" line on the Router Config sheet.

Now we need to find your internal card. That's easy. It's the one that's not the external
card. It has no IP address. It should be the eth1 adapter. Find the hardware address of
your internal card. Write it on the "Internal Card" line on the Router Config sheet.

In my output, the hardware address for my external card is highlighted in green. My

internal card's hardware address is highlighted in red.

If you were unable to get an IP address from the ISP, try restarting your cablemodem or
whatever device you use to connect to the Internet. When it comes back up, run these
commands (shown above) again to restart your network and display your IP.

Write Down Name Servers and Gateway

Quick Explanation

Find and write your Name Servers and Gateway on the Router Config sheet.

Detailed Steps

We need to find out what your Name Servers and Gateway are. This is very easy to do in
SUSE. First, fire up YAST. On the left, click NETWORK SERVICES. Then select DNS
AND HOSTNAME from the options on the right:
If a small window appears, click on the MODIFY button.

A window comes up that's called "Host Name and Name Server Configuration":
We're not going to change anything here. We're just looking for Name Servers. If the
Name Servers are greyed out and hard to read, uncheck the "Update Name Servers and
Search List via DHCP" checkbox:
Write down the Name Servers on the Router Config sheet in the NAME SERVER 1 and
NAME SERVER 2 spots. Disregard the 3rd Name Server. Then, just click BACK or
ABORT to close the window (do not click FINISH). Also, close YAST.

Now, we need to find out what your ISP's Gateway is. Again, this is incredibly simple.
Open up a terminal and type '/sbin/route -n' and hit ENTER, as follows:

linux:/> /sbin/route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
137.65.68.0 0.0.0.0 255.255.252.0 U 0 0 0
eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0
lo
0.0.0.0 137.65.71.254 0.0.0.0 UG 0 0 0
eth0
linux:/>
Again, we don't care about most of this output. Just look at the very last line in the
'Gateway' column. It will have an IP address. That's your Gateway. Mine is
137.65.71.254 (highlighted green) in this example. Write your Gateway on the Router
Config sheet on the line next to "Gateway". You can now close the terminal window.

Internal Ethernet Card Setup

Quick Explanation

Set up your internal adapter to have a static IP of 192.168.0.1.

Detailed Steps

Now, we have to go back into YAST. On the left, select NETWORK DEVICES. On the
right, select NETWORK CARD:

The "Network Card Configuration Overview" window appears. We need to find the
internal card in this list. Click on an adapter. Now, look in the pane below. "Device
Name" is another name for "hardware address." You're looking for the adapter in the list
whose Device Name shows up on your Router Config sheet as the Internal Card. When
you've determined which adapter is the internal one, select it and click EDIT:
The "Network Address Setup" screen appears. In this window, select the "Static Address
Setup" radio button. Type 192.168.0.1 into the IP Address box:
Then, click NEXT to go back to the main screen. Click NEXT there, also. YAST then
saves the network configuration and the window closes.

Routing Setup

Quick Explanation

In YAST, set up routing. The gateway will be the one from your ISP. Also, tick "Enable
IP Forwarding."

Detailed Steps

Head back into YAST. On the left, click NETWORK SERVICES. Then select
ROUTING from the options on the right:
A window comes up called "Routing Configuration". This is where we need the Router
Config sheet. In the DEFAULT GATEWAY box in this window, put in the GATEWAY
from the Router Config sheet. Then, tick the "Enable IP Forwarding" box. It should look
something like this:
When you have done this, click FINISH. You are taken back to the YAST window.

Firewall Setup

Quick Explanation

Set up the firewall. Assign cards to proper zones, enable desired services, and enable
masquerading.

Detailed Steps

In YAST, select SECURITY AND USERS on the left side. Select FIREWALL from the
options that appear at the right:
A window appears called "Firewall Configuration: Start-Up". In this window, in the
SERVICE START section, select the "When Booting" option:
When this is done, select the INTERFACES option from the pane on the left. The
INTERFACES screen appears. This lists your Ethernet cards. You need to tell it which is
the internal card and which is the external card. This is a snap using your Router Config
sheet. First, select the card whose INTERFACE OR STRING matches what you have
listed as your External Card on your sheet. Click CHANGE:
Another, small window appears. In this window, select the EXTERNAL ZONE from the
drop-down box. Then click OK:

You will see that your card is now configured in the External Zone:
Next, we need to configure the other card on the Internal Zone. Select the other card from
the list, and click CHANGE. In the small window that appears, select INTERNAL
ZONE, then click OK. Your second card is now configured in the Internal Zone:
Now choose ALLOWED SERVICES from the pane on the left. A new screen appears:
This is where we tell the firewall what to allow. At the top, there is a drop-down box
labeled "Allowed Services for Selected Zone". Select EXTERNAL ZONE from this box.
Next, we're going to add services to allow. The SSH service may be enabled by default. If
you do not use SSH, feel free to remove this. Also, if you have a web server on this
machine, you may wish to add the HTTP service.

At the bottom, make sure the "Protect Firewall from Internal Zone" checkbox is not
ticked. If you have a reason for ticking this box, you'll probably know how to allow
services for it, so I won't cover that here.

Your screen will now resemble this:

Let's move to the next step and enable Masquerading. Select MASQUERADING from
the pane on the left. A new screen appears called "Firewall Configuration: Network
Masquerading." All we need to do here is tick the checkbox labeled "Masquerade
Networks":
To continue, go back to START-UP in the pane on the left. To start up the firewall, click
the button labeled "Save Settings and Restart Firewall Now":

When it has started, click NEXT. You are taken to a SUMMARY screen. Verify that all
information is correct. When you are satisfied with what this screen says, click ACCEPT:
YAST saves the firewall configuration and the window closes.

Install and Configure DHCP Server

Quick Explanation

Install the 'dhcp-server' package. Go into the DHCP Server in YAST. Select the internal
adapter to run the DHCP Server on. Put in the Name Servers from the ISP, and
192.168.0.1 as the Gateway. Put in an IP range for your network. Start the DHCP server.
Detailed Steps

First, let's make sure you have the DHCP server installed. In YAST, select SOFTWARE
from the left, and SOFTWARE MANAGEMENT on the right:

When the window appears, search for the package called dhcp-server. When it
comes up in the right pane, tick the checkbox next to dhcp-server. Then, click
ACCEPT:
If another window about resolving dependencies appears, just click CONTINUE. YAST
will then prompt you for a CD, which you gladly supply. YAST then installs the
package(s), writes the system configuration, and asks if you wish to install more
packages. Just click FINISH.

The DHCP server is now installed. Next, let's configure it. In YAST, select NETWORK
SERVICES at the left. On the right, click DHCP SERVER:
The "DHCP Server Wizard (1 of 4): Card Selection" window appears. This screen lists
your Ethernet cards. You just need to pick and add your internal card. It will be the one
with the IP of 192.168.0.1. Select this card and click ADD:
A small "x" should appear in the ACTIVE column for that card. Also, tick the checkbox
labeled "Open Firewall for Selected Interfaces". Your window should now look
something like this:
Click NEXT to continue. The "DHCP Server Wizard (2 of 4): Global Settings" screen
appears. I usually just type in "my.box" for the DOMAIN NAME in this screen. Whip
out your trusty Router Config sheet. Type the NAME SERVERS from the sheet into the
PRIMARY NAME SERVER IP and SECONDARY NAME SERVER IP spots on this
screen. Type "time.nist.gov" for the TIME SERVER. Also, put in 192.168.0.1 into the
DEFAULT GATEWAY (ROUTER) field on this page. Leave everything else as it is.
Your screen should look like this:
Click NEXT to continue. The "DHCP Server Wizard (3 of 4): Dynamic DHCP" screen
appears. For the First IP Address, put 192.168.0.100. For the Last IP Address, put
192.168.0.250. Don't change anything else. It should look like this:
To continue, click the NEXT button. We go to the "DHCP Server Wizard (4 of 4): Start-
Up" screen. Select the "When Booting" option:
To finalize the DHCP setup, click the FINISH button.

YAST saves the settings, restarts the DHCP Server, and closes the window. You can also
close any remaining YAST windows.

Assemble the Network

Quick Explanation

Put the network together. Restart the network on the router machine.

Detailed Steps

Now, it's time to plug everything in the way it is supposed to be. Make sure the Internet
connection is plugged into the external card on the router box. Plug the internal card into
your hub (or switch). Plug any and all client machine(s) into your hub. Your network
should look like this, now:
When this is all plugged in, open a terminal window and restart the network on your
router machine:

linux:/> su
Password:
root:/> /etc/init.d/network restart

It will have a ton of output, but just let it all finish before you move on. When it does
finish, you can close this window.

Clients Setup

Quick Explanation

Renew IP addresses on the client machines and then ping google.com from each to make
sure everything is working properly.

Detailed Steps

You should now be able to release and renew IP addresses on each of your client
machines. Depending upon the operating system on each computer, this is done
differently.
Linux Client Machines:

Open up a terminal, and renew your IP address:

linux:/> su
Password:
root:/> /etc/init.d/network restart

When this command finishes, ping google.com to make sure you are able to access the
Internet through the router box:

linux:/> ping google.com

PING google.com (216.239.39.99) 56(84) bytes of data.
64 bytes from 216.239.39.99: icmp_seq=1 ttl=239 time=33.2 ms
64 bytes from 216.239.39.99: icmp_seq=2 ttl=239 time=32.2 ms
64 bytes from 216.239.39.99: icmp_seq=3 ttl=239 time=32.4 ms
64 bytes from 216.239.39.99: icmp_seq=4 ttl=239 time=32.9 ms

If it starts to scroll responses down the page, everything is working. Press CTRL+C to
stop the pinging.

You are finished with this machine and can move on to the next one.

Windows Client Machines:

Use the ipconfig command to release:

c:\>ipconfig /release

It will print out a bunch of stuff. Then use the same command to renew the IP address:

c:\>ipconfig /renew

And it will renew your IP address. Then, ping google to test:

c:\>ping google.com

It should ping three or four times and then quit.

You are now finished with this machine and can move on to the next one.

Conclusion
A router will allow you to share your Internet connection to an internal network of many
computers. This is great if you have 10 computers and only one connection. If you are
like me, you won't want to spend $100 on a new router. Hopefully, this guide will save
you some time in learning how to set one up on a machine running SUSE Linux 10.

UPDATE (2006-01-13): You can now use this article in conjunction with the Port
Forwarding on a Router Machine Running SUSE 10.0 article. The Port Forwarding
article is designed to be an extension of this current article (Router Setup). The Port
Forwarding article teaches how to forward incoming connections from the firewall
directly to a server internal to your network.

Reader Comments

• Great, simply , clear

• Well written and straight-forward.
• Fixation on "eth0' as the Internet facing NIC is wrong. Please correct this to use
valid names for the NIC.
• Thank you very much, it solved a problem i've been working with for a long time
trying out both Mandrake and Suse. However, it didn't work neither after having
followed your instructions. First after having defined the DNS adresses on the
clients (WinXP) it came to work. This detail should perhaps be mentioned in the
article. My regards, Erling Christiansen, Toulouse, France
• Very nice! But running VPN on router kills internet connection for both router
machine and clients. How to solve?
• very useful
• Beautifully written, thank you
• Why should I copy the default gateway into the "router settings" YAST panel?
The ISP can change the gateway at will, so it's a bad idea to have to update it
every time.
• very good. it solves a problem I had for 2 month! thank you very much
• WOW! Worked, like magic! Thank you! I've been trying to set up my linux box
as a gateway without DHCP, i.e. for one computer only.. but this is much better.
Thanks.
• thanks - a big help
• THANKS
• Thanks for the help. I got my router set up thanks to this article!

Like w hat you see?

Si gn up for our weekly newsletter.

Want to co ntribute?

It could earn you a nano! Learn more.

Like Wikis?

Joi n the Cool Solutions Wi ki.

Interes ted?

Request a sales call

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.
www.webwiseone.com

Advertising in Cool Solutions

Talk to Us
Submit Content
Subscribe
Cool Solutions Home (New)
Classic Cool Solutions Home
Authors
Cool Blogs
Cool Solutions Wiki
Cool Tools
Get Involved >
Open Audio (podcasts)

• 1.800.529.3400 local numbers

• Request Call

Novell® Making IT Work As One™

• Careers
• Contact Us
• Feedback
• Legal

© 2010 Novell

Expand
next previous
Close
Previous

0/0

Next