I have a desktop PC running Ubuntu 9.10 and Windows 7, and a Eee PC 701 laptop running EasyPeasy Ubuntu 9.04. I'd like to connect the desktop to the laptop with a wired connection (eth0), then the laptop to my ADSL router using wireless (ath0).

I have a crossover ethernet cable (I bought on ebay). I have set up my laptop with a static IP address on my LAN and it uses OpenDNS.

I have added this to /etc/sysctl.conf on the laptop:

net.ipv4.ip_forward=1

Then I tried this on the laptop:

sudo iptables --table nat --append POSTROUTING --out-interface ath0 -j MASQUERADE
sudo iptables --append FORWARD --in-interface eth0 -j ACCEPT

This is a variation on what I found on other sites describing how to set up a router. I don't understand iptables very well, but I gather that the above two lines should set up forwarding so that traffic from my router to the laptop will be forwarded to the desktop, and vice versa.

But this doesn't work. The connection doesn't even establish between the laptop and the desktop.

Has anyone any suggestions to help me get this working?

Follow the steps:

1. Bind the different IP address of same subnet on laptop(eth0) and desktop.
2. set laptop's IP address as gateway in desktop machine.
3. Set DNS ip address in desktop machine which you get from ISP.
4. execute following commands on laptop from root user:

# iptables -F
# iptables -F -t nat
# iptables -F -t mangle
# iptables -I INPUT -s <desktop ip address> -j ACCEPT
# iptables -I FORWARD -s <desktop ip address> -j ACCEPT
# iptables -I POSTROUTING -t nat -s <desktop ip address> -o <isp outgoing interface> -j MASQUERADE
# service iptables save
# chkconfig iptables --level 345 on

your first 3 commands just flush the tables if there was anything in them prior to writing the new ACLs right?

why are you connecting the desktop and laptop with a crossover? Aren't they already on the same LAN?
I take it your modem is also a wireless router?

I think that to connect two machines directly (not going via a router) by ethernet cable you need a cross-over cable.

Yes, my connection to the internet is with an ADSL modem router.

It would help if you could make a little diagram of your network to better visualize what hyour're trying to do.

It may help if you provided more information about your router, and the IP addresses used for the interfaces. In particular, is your wireless router a NAT router, that allows you to share your internet IP address? If so, then you don't need to configure masquerading. The router can do it, and you only need to have the NICs on a different subnet then the wireless device and enable ip forwarding as you did.

I did the same thing with a wireless linksys router, when my desktop didn't have wireless. I found that I also needed to modprobe the nf_conntrack module (I wasn't expecting that) before forwarding would work. I subnetted the network with a netmask of 255.255.255.128, and had the wiress on a different subnet from the wired connection. I used the laptops NIC card as the gateway address for the desktop. The only difference was that I was using routing (ip_forward) alone.

If your wireless device has an internet IP address, you don't have to reveal that. Perhaps just the first number of the IP address so we can draw a mental image.

The attached diagram shows how I am trying to connect the boxes. My BT Voyager 2100 router does have the ability to do NAT.

Attached Thumbnails

 

I have had some success, but it still isn't working properly:

I followed the advice of luck.anshu and manually set my wireless (ath0) on the laptop to 192.168.1.101, set the wired (eth0) on the laptop to 192.168.1.102 and set the eth0 on the desktop to 192.168.1.103.

The desktop has the gateway set to 192.168.1.101 (i.e. the wireless connection on the laptop).

The eth0 (192.168.1.102) on the laptop also has the gateway set to 192.168.1.101 (the wireless connection on the laptop).

The ath0 (wireless 192.168.1.101) on the laptop has the gateway set to 192.168.1.1 which is the BT Voyager 2100 router that connects to the internet.

I ran the following commands:

sudo iptables -F
sudo iptables -F -t nat
sudo iptables -F -t mangle
sudo iptables -I INPUT -s 192.168.1.103 -j ACCEPT
sudo iptables -I FORWARD -s 192.168.1.103 -j ACCEPT
sudo iptables -I POSTROUTING -t nat -s 192.168.1.103 -o ath0 -j MASQUERADE

After this, the following is the output from listing the iptables:

----------------------------------------------
xxx@yyyy:~$ sudo iptables -L
[sudo] password for xxx:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- zzzzz.local anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- zzzzz.local anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
----------------------------------------------


----------------------------------------------
xxx@yyyy:~$ sudo iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- zzzzz.local anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
----------------------------------------------

Plugging the crossover cable in between the laptop and the desktop does connect them, and each one can ping the other. But trying to ping a www.google.com address fails from the desktop.

Also, given the laptop is named yyyy and the desktop is named zzzzz, a ping of yyyy.local from zzzzz resolves the address (as 192.168.1.102) but it takes about 20secs per ping to give a result line, although the time= value is less that 0.4ms.

When the laptop and desktop are connected then a ping of www.google.com from the laptop fails, but when I unplug the crossover cable the ping to www.google.com is successful.


What am I doing wrong here?

I wouldn't recommend having two interfaces on the same subnet. Look at the output of your route command. You probably have two routes to the 192.168.1.X network.

Also, disable IPv6 support. It can take forever trying to connect to a non-existent ipv6 name server.

I looked up your ADSL router on Google. It is a NAT wireless router. You don't need to mess with the firewall configuration to use NAT. The router can do that. You just need to to have the wireless & wired connections on different subnets, enable forwarding and check your route table. There may even be a GUI setting for enabling forwarding in the device configuration GUI.

You could change the netmask to 255.255.255.128 and use IP addresses above 128 for the wired NIC connections.
When you configure the wired NIC device with an address such as 192.168.1.129, this should add a route for you in the route table.

On the Desktop, use the laptop's wired IP address as the default gateway. The laptop, in turn will forward an Internet address to the interface selected for it's default gateway, which would be the modem (192.168.1.1).

You may need to modprobe the nf_conntrack (and maybe nf_conntrack_ip4) kernel modules if they aren't already loaded.

I told you to set the IP address of desktop (eth0) and laptop (eth0) on same subnet.
and set the laptop's eth0 IP address as a gateway in desktop machine.

Replace IP address from 192.168.1.102/24 to 192.168.2.102/24 and 192.168.1.103/24 to 192.168.2.103/24. Do not change the IP address of auth0

Now execute the following command in laptop:
#sudo route add default gw 192.168.1.1

Thanks! It now works perfectly. Both the laptop and the desktop have internet access.

if you want this to all work really easilly then you should have a look at how to set up a DHCP server in linux, however if you do this then you must remember to turn the DHCP off before you connect to another network via ethernet, otherwise you'll stuff up the LAN you're on :P