internet connection sharing

internet connection sharing - iptables

odysseus

2003-12-23, 01:48 AM PST

i have 2 linux boxes, and want both online while one should be the gateway for the other.

this is what i have done ON THE GATEWAY (192.168.0.1):

#enable ip-forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

#masquerade - ppp0 is the device name of my internet connection
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

this is what ive done ON THE CLIENT (192.168.0.1)(basically i think all i have to do is set the default rounte):

# file: /etc/sysconfig/network
NETWORK=yes
..
..
GATEWAYDEV=eth0

# file: /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
IPADDR=192.168.0.2
..
..
GATEWAY=192.168.0.1

after doing so, i still get "destination unreachable" when i try to ping 192.168.0.1 from 192.168.0.2

i also tried
/sbin/route add -net default gw 192.168.0.1 netmask 0.0.0.0 metric 1 eth0,
but still "destination unreachable"

someone can help me ?

odysseus

2003-12-23, 02:03 AM PST

this is what i forgot:

service network restart

now at least the boxes can ping each other, and the client can also ping to the internet by ip, like ping 217.72.195.42.

but pinging the hostnames, like ping www.web.de fails, because "unknown host www.web.de"

sumthing must be wrong with the dns, here is my /etc/resolv.conf on the Client

localdomain client
nameserver 145.253.2.11
nameserver 145.253.2.75

here is my /etc/resolv.conf on the Sever

localdomain server
nameserver 145.253.2.11
nameserver 145.253.2.75

why the client cannot resolve names ?

odysseus

2003-12-23, 03:03 AM PST

if there occur any problems, try to deactivate your firewall to see if its the firewall rules blocking you...

add trusted devices on the servers firewall (eth0, eth1)

im out, it works :)

Avatraxiom

2004-01-09, 09:36 PM PST

Be aware that when you make a device trusted, you're eliminating all security on that device.

So, don't make your Internet interface trusted. :-)

-M

steltek

2004-01-10, 10:15 AM PST

For your home or other small LAN, here's a URL

http//www.linuxforum.com/linux_tutorials/5/1.php

Great stuff. Had me set up in about 30 seconds.

pejcao

2004-01-10, 10:56 AM PST

if want to avoid scripts and have NAT running at boot

to allow IP forwarding edit /etc/sysctl.conf change

net.ipv4.ip_forward = 0
to
net.ipv4.ip_forward = 1

To do the NAT stuff run

iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
(change eth0 to the device that connects to internet like ppp0)

then save that rule

service iptables save

BTW If u want to serve DNS also but hate named (BIND), might want to take a look at dnsmasq (http//www.thekelleys.org.uk/dnsmasq/ ). Packaged for FC1 by dag (http//dag.wieers.com/packages/dnsmasq/)