Originally Published: Wednesday, 22 December 1999 Author: Ed Matthews
Published to: corp_features/General Page: 1/1 - [Printable]

IP Masquerade Serves up the Web for Non-Profit

In part one, you learned about the Ada Jenkins Center, a non-profit in Davidson, N.C., needing a server for its computer lab. This segment narrates installation of the server to handle IP Masquerade through a cable modem to the 12 client PCs in the classroom. It includes our configuration of the Linux server and Windows clients.

   Page 1 of 1  


In part i, I introduced the mission: enabling some network functions at a local non-profit organization that has a computer lab. The center, called the Ada Jenkins Center, had obtained a cable modem, but it was connected to one PC, leaving the other 11 webless. Also, its printer was intermittently unavailable to the other clients in the Windows peer to peer network.

This installment will explain how we set up a Linux server to provide internet access to the twelve workstations in the lab from one cable modem connection to an Internet Service Provider. It will also cover our hardware constraints, Windows configuration, and what we ended up doing for print services.

Thanks for Supportive Emails

Before I begin, I want to thank those of you who have written in support of the effort, and also those of you offering suggestions. We began this endeavor with a desire to learn more, and you are helping. Also, if you are a network administrator by day, a lot of this will be old hat, I think. But again, maybe you can point out something we could do better.

To enable web access to multiple terminals from one dial up account, we would be enabling a function in Linux called IP Masquerade, and it in turn, would be running a web server for each of the Windows machines using the web.

Loading the Server--Hardware Specs

If you remember, the Center had obtained a grant for some nice workstations, but a machine designated to be a server had not been acquired. So, we looked at the jumbled lot of donated, semi-disassembled machines to see what we could find. We ended up with a Pentium 90, with 24 MB of RAM, a 600MB hard drive, S3 based VGA card and two old 16bit ISA NICs. A larger 1500MB hard disk was later donated, bringing our storage up to 2.1GB. Note that the server also has two network cards: one for the cable modem connection, and a second for the internal class c network for all of the Windows clients.


We would be loading Caldera's OpenLinux 2.3 from CD using a 48 speed drive that would be removed after loading. We used the larger drive for the root partition and the smaller drive for the home filesystem. If you are using a distribution with a graphical front end, they make this very easy, once you know what you are trying to do. We are familiar with Caldera and Red Hat, and have found they both enable easy configuration.


The first NIC was configured as eth0 during the install with a static IP address of The nameservers and domain name were entered during the install also. The cable provider configures its equipment to the MAC address of the NIC used at installation time, so we removed the cable modem and NIC from the original Windows internet station and installed them in the Caldera Linux server as eth1, using DHCP.

IP forwarding was enabled on the server with the command
echo "1" > /proc/sys/net/ipv4/ip_forward

IP Masq was enabled with the command
ipfwadm -F -a m -S -D

These two commands must be executed each time the server is started and should be placed in a startup script like /etc/rc.d/rc5.d/S99custom if the default runlevel is left at 5.

We have heard ipchains would be better but we are not yet familiar with its syntax. We will investigate the HowTos, and maybe someone will email me with their configuration notes for this feature?

This is all we used to enable the server to use the cable modem and serve the web to the client PCs.

Configuring the Windows Clients--Overview

Normally when setting up a network we would strive for sameness among the client OS installations. To achieve that, we would begin with hardware only, noting any differences in devices. We would load the OS, striving to have ports and interrupts for each device the same. We would probably set up an internet connection at this point, and use the web to locate all the patches available for the OS, and install them, again on every machine. Only after completing those steps would we install applications, or configure the rest of the network.

Since our primary objective in this case was to install the server, and since the client machines were already loaded, including dozens of educational applications, we decided to forego reloading the 12 clients and focus exclusively on setting up the network configurations. I mention what I'll call the "method of sameness" because we discovered that the ethernet cards in these systems were set to different interrupts, and that in several cases this was causing a conflict with COM2. Irq 11 was available in each system, so we set the NICs for this and solved some pre-existing stability problems.

Procedure for the Configuring the Windows Clients

  2. Delete all network protocols except the NIC and TCP/IP->NIC, then double-click on the TCP/IP->NIC entry and configure the following tabs:
      Assigned default gateway of
      Assigned nameservers provided by cable company,
      Assigned machine name for the client PC (class01, class02, etc)
      Assigned each machine an IP address starting with, 102, 103, ...
      Assigned a netmask of
  3. Reboot and surf.

Note: We had already connected the server and the clients to the hub...

Custom Home Page as Browser Default

Our time from beginning the client PC configuration to a working IP Masquerade network? About two and half hours. The last thing we did that night was create a very simple home page for the center, and point every browser's default home page to it. We put the home page on the server in /home/httpd/html/index.html.

Print Services

Originally, we planned to run printer services for the lab through the server also. However, upon closer examination of the HP Printer, we found that it is a WinPrinter. So, the printing is still peer to peer through Windows, but everyone has access and it is more stable than before, due to what I mentioned earlier about setting the interrupts correctly.

Next Steps

So, what's next? Probably, we'll look at these tasks:

  • Obtaining a domain name and a static IP address.
  • More memory for the training room server.
  • Wiring the building to allow a facility-wide network.
  • Possibly a second server for the administrative offices and other clients that will be in use.

Look for part three in this series later this winter, after we've worked on some of the items mentioned above.

Ed Matthews is a senior curriculum developer for Optum Inc., in Charlotte, NC. Pat Davis is a partner at Baucom-Davis & Associates, Linux and SCO system resellers, also in Charlotte.

Comments? Email the author of this piece.

   Page 1 of 1