I have an XP box with a wireless card sharing an internet connection to a NIC connected to my router's internet port.

I also have a Slack 11 box running BIND, dhcpd, and Media Center running under VMWare.

I want to have my slack box take over sharing the wireless internet to my router (one less PC by my TV) but in the past I've only been able to successfully share internet with FireStarter which doesn't run on Slack 11 (Gnome isn't included in this distro).

I'm a programmer and a solid problem-solver but when it comes to IP tables I'm completely lost. Is there an easy to use tool that can handle the sharing for me? I can readily get the wireless card working with WPA and my Slack box already has an extra NIC in it. I would just like to get it all going in under a few hours and not have my setup "down" for too long.

I didn't totally comprehend your setup and I don't know of any tool for this. But with your background you shouldn't have any trouble doing this manually. Basically, to share an Internet connection you need to do 4 things beyond getting the box that is doing the sharing on the Internet:

• Enable ip forwarding. There are probably several ways you can do this, but one is adding the line net.ipv4.ip_forward = 1 to /etc/sysctl.conf.
• Either MASQUERADE or SNAT the outgoing Internet connections from the rest of the network. You use SNAT if you have a static IP address; otherwise you use MASQUERADE. In either case, the rule goes in the POSTROUTING chain of the nat tables (using iptables).
• Make sure no firewall rule blocks what you are trying to do.
• Make sure DCHP serves up the correct addresses for your gateway (your Internet sharing box) and the DNS server(s).

If you have trouble, I can help you with the first 3 items. You probably know more about the 4th item than I do.

thanks for your reply.

later today i'll have time to get started on this.

i'll also try to clarify how my setup will ideally be:

wireless NIC in my slack box gets internet from my roomie's wireless network. slack box is wired to my router and will serve dns, dhcp, internet, and shared files to the other machines on my router. it will also stream video from a vmware media center installation to my xbox 360.

would it be easier to secure if i have a dedicated NIC to serve internet and another NIC for file sharing?

and i just noticed i don't have a sysctl.conf file but i did find a man page for it that i'll read.

thanks again

I must have been tired the first time I read your first post. I just reread it and I understood it fine! Thanks for the clarification anyway.

I should qualify what I am about to say by stating I am not a security expert. I also have no experience with SAMBA, if that is what you using for file sharing. (Actually, I don't have experience with NFS either, but I have used scp for copying files. ) That said, I don't see a security issue with Internet sharing and file serving on the same connection. I would guess that some of your client computers want both file sharing and an Internet connection, in which case it would be much easier to make it the same wire and hub. I am also guessing that there is not much of a security issue for you within your local network, but only you can make that call. So I would think it all being one connection would be fine.

In that case that might not be the way to go for you. If you decide to create such a file, make sure that there is a startup script that actually reads and uses the content of the file. Another way of enabling ip forwarding is to execute, as root:

Perhaps you would want to put it in your rc.local file.

issue following commands as root
where eth0 is your internet connection interface

you can add them to one of your boot scripts ie /etc/init.d/boot.local or similar

this simple 1 line iptables setup does not secure from any attacks an the like it just enables masquerading
if you want more security you would have to create more advanced setup

so i FINALLY got around to putting that wireless card in my slack box.

worked like a charm. only thing that needed to be done afterwards was updating dhcpd.conf to point my machines to the slack box instead of the router.

thanks for your help(s).

i have a 400 user network

i have configured eth0 as my internet ip

and eth1 as my lan ip

installed squid

and its working well

2 subnets are able to connect to my squid server

but 1 subnet is unable to even ping if i use 2 nic cards

when i checked with netstat ,, it gives errors like sync ,, from webcache ,, etc etc


if i disable eth0 then all network are able to ping ,, connect to my box

i suspect sync attack on my eth1 ,, is there any help u guys can do i am stuck with this

my email id is hafeez_blue@yahoo.com

plz help me quick

You might want to start your own thread on the security forum about this. You should also note that LQ's policies call for people to respond to questions with public responses on the forums rather than a private reply via e-mail. This way everybody can share in the information -- even those who are googling for an answer a year from now.