ive got a linux box connected to the internet via network card and cable modem. can i put a second network card in and have a LAN hanging off it with the computers on the LAN able to access the internet? if so, are there any good HOW-TO's on the subject?

Yep - there are two basic ways of doing this. The first is to set up your Linux machine as a gateway, the second is to set it up as a proxy.

The first method is the more general solution, but the harder (probably) to set up. You need to get your ISP to assign you an IP address for each of the other machines on the network. Then you set up your machine to route the packets for you. Take a look at:

http://www.linuxdoc.org/HOWTO/HOWTO-INDEX/networking.html#NETROUTING

and

http://www.linuxrouter.org/

I suggest you take a look at the Crab Book (TCP/IP Network Administration - O'Reilly) if you don't already have a decent understanding of IP networking.

The second easier, but less general solution is to simply run proxies on the Linux machine. Your ISP doesn't need to have any involvment this way. Instead of having your other machines actually talking to the Internet directly, they talk to proxy servers on your Linux box, which then talk to the Internet for them. Most often, people use some software by the name of 'Squid' to proxy Web and FTP services. Then you can use other tools to run email, news or other services too. As I said, this isn't a general solution. Any access to the Internet has to go via a proxy, so you have to set up a proxy server for any service you want to use.

Again, the Crab Book is a good read if you're not sure on any of this.

Oh - a third solution would be to use NATS, but there's all sorts of reasons why I don't recommend it.

HTH

AEF

Go on about your dislike of a NAT(if NAT and NATS are the same thing ;)) based solution please.

I'm using Winroute as a NAT router on my network at the momemt, but once I get cable then I shall be switching to liunx for the routing, and I thought NAT would be the ideal solution.

Andy

Yep - sorry - I keep sticking an extra 'S' on that one...

I think that NAT should be avoided where possible - there are some situations where it's the only feasible solutions.

There are several reasons why I dislike it:

* It's a kludge to fix a particular problem - a lack of IP addresses. So it's ugly to start with.

* It messes around with the headers of the IP packets (to change to originating IP address, etc.) Yet, IP addresses are known about by things (services) at higher levels, so it has to mess around inside of packets as well.

* This can cause problems. The NAT system has to change all the packets correctly. If you have some service that your NAT system can't handle, or can't handle correctly, then there's a good chance of screwage. If you have an end-to-end secure protocol that is reliant on IP addresses, then you will also have problems.

If NAT is the only available solution, then go for it. It /can/ have advantages of ease of configuration over proxies, but there are some things which are likely to break if you try to push them through a NAT (IRC servers which rely on Auth spring to mind). Certainly, if you just want Web access, then a proxy should be fairly trivial to set up.

AEF

i think the proxy solution is what i need. thanks for your help.