Now that your Linux server is online you will want to share its connection over your LAN so you can get all your other machines online. Once again this is easily done by simply typing in the following four commands that modify your Firewall rules in the Linux Kernel:

echo '1' > /proc/sys/net/ipv4/ip_forward

This tells Linux to allow IP forwarding so that if your client machines request information from the Internet Linux can forward the information from the Internet back to the appropriate machine that requested it. (it basically enables IP forwarding by setting the ip_forward file to have contents 1, i.e. a 0 means don't allow IP forwarding)

/sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 -p udp

This tells Linux to append a rule that accepts all input packets on the eth0 interface coming from a source (-s) mask and port then passing to a destination (-d) mask and port using protocol (-p). If you want to learn exactly what it all means then I recommend typing man ipchains and reading it all.

/sbin/ipchains -P forward DENY

This tells Linux to set the policy forward to DENY as a default, this is how Linux likes to work, firstly it denies everyone and then it checks its rules (next command) to see which it should allow, don't worry it does this all in one go so the correct clients will be allowed straight away.

/sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ

This tells Linux to append another rule for forwarding that will forward packets to the allowed IP address of client machines. On our example above we have given room for upto 256 computers to be on our network, this is shown by 192.168.0.0/24 which will cover the range of IP address starting at 192.168.0.0 and ending at 192.168.0.255, you can adjust this as you want. The 24 section relates to the 'bits' in the 'network' portion of the subnet mask. A 24 bit subnet mask is 255.255.255.0. This is indicating an entire "C class" network. If you wish to setup a network only having 16 allowable IP address's then you should use 192.168.0.0/28 which actually means 16 IP's and NOT 28. The subnet mask for this block would be 255.255.255.240. It is recommended that unless you want to make a secure network at home that you just stick with the good old 24 bit configuration. But if you wish to allow a specific number of computers on your network, it is recommended you do a search and find/use a IP Address and Subnet Calculator to make sure you setup exactly the right number of allowable address's.

Now that your broadband Internet Connection Sharing is setup we recommend that you combine all of the above commands into a script file so that it can be added to the Linux initialization commands and be loaded automatically every time your system boots up. To do this simply go to the directory that contains some of the boot up commands, this is done by cd /etc/rc.d/, in this directory you want to create a file say called rc.firewall, we prefer the pico text editor as it is easier to use than vi, so type pico rc.firewall and enter the following into the file:

#!/bin/sh
# DHCP Internet and Connection Sharing Script
# Coded by Mayhem (C)2000

#DHCP
<insert either PUMP or DHCP 2.0 code here as above>

# Net Sharing
echo '1' > /proc/sys/net/ipv4/ip_forward
/sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 -p udp
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ

To exit pico you need to hit CTRL+X and press ENTER to save the file, once you have exited pico you will need to make the file executable by typing chmod u+x rc.firewall. To make the system run this when it boots up simply edit (using pico or any text editor) the file rc.local and add a line at the very bottom that runs your script, i.e. add the line ./rc.firewall and your done, the system should now load your Internet connection and share it whenever it is rebooted.

To get your other machines to use the Internet across the LAN through the Linux box you will have to follow the steps for the appropriate Operating System:

- Windows 95/98/Me

1. On your Desktop right click on "Network Neighborhood" and then left click "Properties", this will open the "Network" window.

2. In the "Network" window you want to highlight "TCP/IP" by left clicking it once, then you need to click on the "Properties" button.

3. When the "TCP/IP Properties" window appears you want to click the "IP Address" tab, which should already be the default selected. You will need to left click the "Specify an IP Address" radio button which will enable the two boxes underneath it. Now you need to enter and IP Address for this client machine (making sure not to use one already in use by another machine) and the appropriate subnet mask. For example:

4. Next you want to click the "Gateway" tab. In the "New gateway" box type in the LAN IP Address of the Linux box and then click the "Add" button. You should end up with something like this example:

5. Now you need to click the "DNS Configuration" tab. Firstly you need to click the "Enable DNS" radio button, then you must enter a Host (a home LAN doesn't use a domain unless you have one registered), the host name should be the client machine's name, i.e. if the computer name is "Familybox" then the host should be "Familybox". Next you want to add the DNS Address of the Optus@Home servers, this is done by typing them one at a time into the box just under "DNS Server Search Order" and clicking "Add" after entering each address. You should end up with a windows similar to this example:

Once you have entered all the details in just click on "OK" and then "OK" again and your done.

- Windows 2000/NT

1. On your Desktop right click on "My Network Places" and then left click "Properties", this will open "Network and Dial-up Connections" folder.

2. In this you want to right click on your "Local Area Network" and then left click "Properties", this will bring up all the details on your LAN interface card.

3. Highlight "Internet Protocol (TCP/IP)" by left clicking it once, then once again you want to left click the "Properties" button which will bring up a new window.

4. The new window titled "Internet Protocol (TCP/IP) Properties" will appear and this is where you want to entire your settings, similar to the snapshot below, with your IP address for your client machine (making sure not to use one already in use by another machine) and the appropriate subnet mask, the gateway as the IP address of Linux box and the DNS servers as the Optus@Home IP address of your node (this make it slightly faster by putting all DNS requests straight to them and bypassing your own DNS server on the Linux server). If you know what your doing and want to make some more changes (they aren't required) you can click on "Advanced" and the more detailed options will appear in a new window.

Once you have entered all the details in just click on "OK" and your done.

- Macintosh

Setting up a Macintosh is basically the same as above.

1. Open the control panel from the Apple menu.

2. Open the "TCP/IP" control panel. It should look like this:

3. Select "Manually" under the configuration method and give the machine an IP address (making sure not to use one already in use by another machine) and also enter the subnet mask.

4. The router address is the same as the gateway address, so type in the LAN IP address you gave to your Linux box.

5. Now you want to add the DNS Address of the Optus@Home servers, this is done by typing them one at a time into the box "Name server addr.:"