With the growing affordability of broadband Internet connections and computer hardware, it is becoming very common for a household to have an Internet connection with a reasonable speed and multiple computers wanting simultaneous access to the connection. This need can be met by creating a home network with one openSUSE system acting as the server or gateway that shares the Internet connection with other systems.
To configure this home network, you need appropriate hardware:
An Internet connection that allows connection of a home network. Although only the server is visible to the outside world, consider any contractual restrictions placed by your Internet service provider (ISP).
The hardware required to access your Internet connection. These directions assume this hardware is a DSL modem or other device to which you connect the computer with an ethernet connection.
A system to act as server with two separate ethernet cards. Although other setups can work, this is an easy way to get a quick and relatively safe setup. This system should have a recent version of openSUSE installed with all available updates.
Other systems using any operating system with the necessary network hardware, such as an ethernet card.
The network infrastructure to connect all these systems. A simple and relatively inexpensive infrastructure uses ethernet devices in all systems. One or more switches or hubs are used to allow all systems to connect with straight ethernet cables. Alternatively, the server can connect to a wireless base station that then distributes the connection to wireless network cards in all other systems.
There are several simple steps to follow:
Configure the two network cards in the server, one for accessing the Internet and one for traffic coming from the internal network. Find detailed directions in the section called “Configuring the Server's Network Cards”.
Configure the server's firewall to block external attacks and allow the internal machines to communicate with the Internet. To learn how to set this up, refer to the section called “Configuring the Server's Firewall”.
Configure a forwarding DNS server to provide your internal network with name resolution. Find specifics in the section called “Configuring the DNS Server”.
Configure the other computers in the internal network with static private IP addresses. Additionally set them up to use your server for name resolution.
Connect all the home systems to the network and the server to the Internet.
Perform regular updates on your server to maintain the security of your internal network.
One network card connects to the external network. In most cases, this card should obtain its IP address and name servers with DHCP. In rarer cases, these should be configured statically using the information provided by your ISP.
Start YaST as root
. From the control center, select -> .
The overview should list two network devices. Select the one to use for accessing the Internet then click
.![]() | Tip |
---|---|
If you do not know which network device is which, pick one then experiment with only the external cable after it is configured until you can access the network through it. |
Select the option for DHCP unless your provider requires static information for connection. Otherwise enter the IP address assigned by your ISP.
Select
. Enter the desired name for your computer and make up a domain name for your local network. Disable modification of these settings with DHCP.Unless otherwise instructed by your ISP, do not enter any name server addresses or search domains. Select for these to be modified for DHCP. Click
.Click
to finish configuring that card. Click again so the changes are saved.This one network card is now configured to access your Internet connection. You may want to leave the cable disconnected until the firewall is configured for security reasons.
The second network card needs to be configured as part of the internal network. For the IP addresses of your internal network, select a range from one of the private address ranges, such as 10.10.10.x. Each system in the network must be assigned a different IP address from this range.
When you have selected the range, configure the internal network card:
From a root
YaST control center, select -> .
Select the network card to use to connect with the internal network. Click
.Configure a static IP address from your selected range. Make a note of the address, because it must be entered as the gateway on all other systems in the network.
Because only a small range of addresses are needed for
the typical home network, enter
255.255.255.0
as the subnet mask. This
means that the first three numbers of the IP address
should be the same for all systems. Only the last number
can vary.
Click
to complete the configuration of this card. Click again to save the settings.Both network cards for the server are now configured. Do not connect the external card until the firewall is configured to protect your network.
The firewall on your server has two vital purposes. It protects your entire internal network from attack. It additionally enables the other systems in the network to communicate properly with the outside world by disguising their IP addresses. Fortunately, an effective firewall can be configured easily with YaST.
In YaST as root
, select
-> .
For convenience, configure the firewall to start automatically in
.In
, configure the network card set up to connect to the external network as part of the external zone. Configure the internal statically-addressed card as part of the internal zone.For
, remove any allowed services for the . Unless you want users on the Internet to be able to access data on your system or log in remotely, no services are needed. Allowing services can place your system at risk, so only do this if you know what you are doing.For
, disable protection so all services are allowed. This means that anyone who gains access to your internal network has complete access to your server. This setting is normally best for a home network.The
is not used in this network setup, so those settings can be ignored.To make the firewall pass data between systems in your internal network and the Internet properly, activate
in . No other settings need to be made there.All other default settings work for this situation. Click
to complete the configuration. Click to save the settings.The DNS server decreases the maintenance of the other systems in your network. Instead of having to maintain and possibly modify name servers on each system, the server can be used as a name server for all the clients in the network. This configuration is for a simple name server that transmits all requests to your provider's name servers. It does not provide name resolution for systems inside your network.
The first step is to find out what name servers your ISP authorizes you to use. This information may be in the information provided by your ISP in your account details or on its Web site. You can also get this information from a system connected to the Internet with DHCP.
Connect the external network card to your DSL hardware and turn everything on. Give the network card time to make the DHCP connection.
Open a shell and log in as root
.
Run ifconfig and look for your external network card. It should list an IP address. If not, run rcnetwork restart and repeat ifconfig to check again.
Once your network has been assigned an IP address, it has also gotten
the name servers. To view them, run less
/etc/resolv.conf. In the output, look for lines starting
with nameserver
. Make a note of these IP
addresses. They are the name servers offered by your ISP.
From the YaST control center as root
, select
-> .
In
, configure the DNS server to start on boot for convenience. The firewall ports should only be open on the network card that accesses the internal network.has the most important settings for this situation. Select then add the IP addresses of the DNS servers to use.
The other default settings should be acceptable for this situation. Click
to complete the configuration.The DNS server starts automatically each time the system is booted. With an appropriate configuration, it enables clients in the network to contact Internet addresses by entering the name. It does not enable clients to connect to each other or the server by name.
Problems can occur using the network. How to debug and resolve the problem depends on the nature of the problem.
A client in the home network is unable to access the Internet. This could be an inability to fetch e-mail or a problem opening a Web site. Try the following steps to resolve the problem or at least locate its cause:
First make sure that the server system is up and running. It cannot share Internet access with the clients when it is turned off.
If the problem still exists with the client, try pinging the desired
address from the server. To do this, open a terminal or console on the
server and enter a command like ping
www.example.com
. If this works, it means the
server can resolve names. Also try to ping or access the exact address
desired by the client (if it does not work but others do, the problem is
with the desired site, not your network or system).
If the server is unable to resolve hosts by name, there is a problem outside your server. Try restarting your Internet hardware and checking your cable connections. If that does not resolve the problem, you need to find the cause of your Internet connection problems for the server. Check any information from your ISP or other resources for resolving this problem.
If the problem does not exist on the server, the problem might be in
the network connection. Try pinging the IP address of your server, for
example, ping 10.10.10.1
. If this
works, the problem is not physical. If it does not work, check the
cables, hub, and network card configuration on the client. Also check
whether the server is able to ping the client's IP address and the
configuration of the server's network card to the internal network.
If pinging by IP works, verify that the client is properly configured to use your server as its gateway and name server.
Once certain that the client is configured properly, verify that the DNS
server is configured properly and running on the
server. As root
, run rcnamed
status
. If this does not output
running
, the DNS server is not running. Resolve this
problem and try again. If it is running, compare the name servers in your
DNS server configuration with those in
/etc/resolv.conf
in case your ISP has changed name
servers. Also try pinging the servers directly to make sure that they
are up and running.
Also verify the configuration of the firewall. A misconfigured firewall (without the masquerading function enabled) can prevent clients from receiving data from the Internet but still allow the server to communicate freely.
Try accessing the Internet from another client, if available. If it works on one client but not another, the problem is specific to that client. Recheck the setup of the client until you find the problem. In desperation, rebooting sometimes helps. If it does not work on any client, the problem is in the server, the network hardware, or something outside the server, such as your Internet hardware or the connection availability. You can try resetting the Internet hardware, waiting an hour and trying again, rebooting the server just in case, or contacting your ISP's service department to check if there are any known problems with the Internet at the current time.
If none of this works, bribe or hire a Linux geek to help you.