Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have an XP box with a wireless card sharing an internet connection to a NIC connected to my router's internet port.
I also have a Slack 11 box running BIND, dhcpd, and Media Center running under VMWare.
I want to have my slack box take over sharing the wireless internet to my router (one less PC by my TV) but in the past I've only been able to successfully share internet with FireStarter which doesn't run on Slack 11 (Gnome isn't included in this distro).
I'm a programmer and a solid problem-solver but when it comes to IP tables I'm completely lost. Is there an easy to use tool that can handle the sharing for me? I can readily get the wireless card working with WPA and my Slack box already has an extra NIC in it. I would just like to get it all going in under a few hours and not have my setup "down" for too long.
I didn't totally comprehend your setup and I don't know of any tool for this. But with your background you shouldn't have any trouble doing this manually. Basically, to share an Internet connection you need to do 4 things beyond getting the box that is doing the sharing on the Internet:
Enable ip forwarding. There are probably several ways you can do this, but one is adding the line net.ipv4.ip_forward = 1 to /etc/sysctl.conf.
Either MASQUERADE or SNAT the outgoing Internet connections from the rest of the network. You use SNAT if you have a static IP address; otherwise you use MASQUERADE. In either case, the rule goes in the POSTROUTING chain of the nat tables (using iptables).
Make sure no firewall rule blocks what you are trying to do.
Make sure DCHP serves up the correct addresses for your gateway (your Internet sharing box) and the DNS server(s).
If you have trouble, I can help you with the first 3 items. You probably know more about the 4th item than I do.
later today i'll have time to get started on this.
i'll also try to clarify how my setup will ideally be:
wireless NIC in my slack box gets internet from my roomie's wireless network. slack box is wired to my router and will serve dns, dhcp, internet, and shared files to the other machines on my router. it will also stream video from a vmware media center installation to my xbox 360.
would it be easier to secure if i have a dedicated NIC to serve internet and another NIC for file sharing?
and i just noticed i don't have a sysctl.conf file but i did find a man page for it that i'll read.
i'll also try to clarify how my setup will ideally be:
I must have been tired the first time I read your first post. I just reread it and I understood it fine! Thanks for the clarification anyway.
Quote:
would it be easier to secure if i have a dedicated NIC to serve internet and another NIC for file sharing?
I should qualify what I am about to say by stating I am not a security expert. I also have no experience with SAMBA, if that is what you using for file sharing. (Actually, I don't have experience with NFS either, but I have used scp for copying files. ) That said, I don't see a security issue with Internet sharing and file serving on the same connection. I would guess that some of your client computers want both file sharing and an Internet connection, in which case it would be much easier to make it the same wire and hub. I am also guessing that there is not much of a security issue for you within your local network, but only you can make that call. So I would think it all being one connection would be fine.
Quote:
and i just noticed i don't have a sysctl.conf file but i did find a man page for it that i'll read.
In that case that might not be the way to go for you. If you decide to create such a file, make sure that there is a startup script that actually reads and uses the content of the file. Another way of enabling ip forwarding is to execute, as root:
Code:
sysctl -w net.ipv4.ip_forward.com=1
Perhaps you would want to put it in your rc.local file.
Last edited by blackhole54; 02-04-2007 at 07:15 AM.
you can add them to one of your boot scripts ie /etc/init.d/boot.local or similar
this simple 1 line iptables setup does not secure from any attacks an the like it just enables masquerading
if you want more security you would have to create more advanced setup
You might want to start your own thread on the security forum about this. You should also note that LQ's policies call for people to respond to questions with public responses on the forums rather than a private reply via e-mail. This way everybody can share in the information -- even those who are googling for an answer a year from now.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.