LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   internet connection sharing (http://www.linuxquestions.org/questions/linux-software-2/internet-connection-sharing-316234/)

meinzorn 04-22-2005 09:19 PM

internet connection sharing
 
Hello.. I just got a new old box and I installed slackware linux 10 on it... I have a hardware modem and can connect to the internet and everything alright, but I want to be able to share that connection with a windows box that I have sitting next to it... can anyone help me do this?

I tried using google to search, and didn't find much, and what I did find kinda confused me.. any help is appreciated, thank you in advance for it.

win32sux 04-22-2005 09:51 PM

hardware: you'll need an ethernet card on each box, and either a crossover cable or two regular cables and a switch/hub...

software: basically it's just a matter of setting an iptables script in your /etc/rc.d/rc.firewall file... of course you'd need to have iptables installed before that... if you did a full install you already have it... you can check with:
Code:

ls /var/log/packages | grep iptables
the general overview of what you will be doing in order to share the connection is:

you will be configuring your internet-connected box as a NAT router... the dial-up modem will be it's external interface and the ethernet card will be the internal interface...

the windows machine will have one ethernet card and it will be connected with ethernet cabling to the internal ethernet card of the NAT box...

the windows machine will use an internal IP such as 192.168.0.2, for example...

the internal network card of the NAT box will also use an internal IP, such as 192.168.0.1, for example... the external interface (dial-up) will use whatever IP it gets from your ISP, as it normally does...

the windows machine will be configured to use 192.168.0.1 (or whatever the NAT box's internal IP is) as it's gateway...

the windows machine can use the same DNS servers that your NAT box uses (provided by your ISP) if you want...


win32sux 04-22-2005 10:14 PM

i wrote a very simple /etc/rc.d/rc.firewall iptables script for you that should do the trick once you have your network cards setup... all you'd have to do is save it as /etc/rc.d/rc.firewall and make it executable with a:
Code:

chmod 755 /etc/rc.d/rc.firewall
it'll then be automatically run everytime your computer starts...

Code:

#!/bin/sh

IPT="/usr/sbin/iptables"

LAN_IFACE="eth0"
INET_IFACE="ppp0"

echo "0" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "0" > /proc/sys/net/ipv4/tcp_timestamps
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
echo "1" > /proc/sys/net/ipv4/conf/all/secure_redirects
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians

$IPT -F
$IPT -F -t nat
$IPT -F -t mangle

$IPT -X
$IPT -X -t nat
$IPT -X -t mangle

$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT

$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -i lo -m state --state NEW -j ACCEPT
$IPT -A INPUT -p ICMP -i $LAN_IFACE --icmp-type 8 \
-m state --state NEW -j ACCEPT
$IPT -A INPUT -j LOG --log-prefix "INPUT DROP: "

$IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $LAN_IFACE -o $INET_IFACE \
-m state --state NEW -j ACCEPT
$IPT -A FORWARD -j LOG --log-prefix "FORWARD DROP: "

$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE

/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp

/sbin/modprobe ip_conntrack_irc
/sbin/modprobe ip_nat_irc

echo "1" > /proc/sys/net/ipv4/ip_forward

echo "So let it be written. So let it be done."

EDIT: added rule allowing PINGs (--icmp-type 8) on the internal interface (eth0) to make it easier to test LAN connectivity...


meinzorn 04-22-2005 10:32 PM

ok.. I've gotten as far as setting up the network right.. but how do I use that script?

(I've never had experience with scripts before)

win32sux 04-22-2005 10:36 PM

just copy the script and save it as text file /etc/rc.d/rc.firewall and then make the file executable by doing a:
Code:

chmod 755 /etc/rc.d/rc.firewall
it'll get executed by the system automatically upon reboot...

after copying/chmod-ing it you can also execute it manually by issuing the command:
Code:

/etc/rc.d/rc.firewall

meinzorn 04-22-2005 10:59 PM

ok... when I dot hat it says..

"iptables: Table does not exist (do ou need to insmod?)
iptables: Table does not exist (do ou need to insmod?)"

win32sux 04-22-2005 11:03 PM

post the output of these commands (after executing the script):
Code:

iptables -L
Code:

iptables -t nat -L
Code:

lsmod
Code:

ifconfig

meinzorn 04-22-2005 11:06 PM

heh, nevermind that last post, I figured out why it was doing that...


type-o on my part.

win32sux 04-22-2005 11:08 PM

so everything is working fine now?? you can surf the web (etc.) from the windows box??


meinzorn 04-22-2005 11:28 PM

hmm, no... it still isn't working..

I'm not getting any error or anything, I just can't connect to the internet from the windows box. I've tried to sign onto AIM on my windows box and that isn't working, and I've tried pinging a website and that isn't working.

win32sux 04-22-2005 11:35 PM

are you able to ping the linux box from the windows box (and vice-versa)??

make sure you are using the latest script form post #3, as i added the PING thing after...

please post the output of the commands in post #7, as well as the IP configuration you've given the windows box...


meinzorn 04-23-2005 12:10 AM

hmm, this is difficult.. I'm doing this from the linux machine so I'm using links and I can't figure out how to copy and paste the results of those commands into this. I can ping the windows machine from here and I can ping this machine from the windows one. though.

win32sux 04-23-2005 12:26 AM

can you ping 64.233.187.99 or 64.233.187.104 from the windows machine??


win32sux 04-23-2005 12:30 AM

your IP configuration should look like this:

linux box:
ppp0 = whatever your ISP gives you
eth0 = 192.168.0.1 (netmask 255.255.255.0)

windows box:
IP = 192.168.0.2
netmask = 255.255.255.0
gateway = 192.168.0.1

meinzorn 04-23-2005 12:39 AM

hmm.. I definately just restarted the windows machine and it's working fine now. I probably should have tried that a while ago.

cool, I'm glad I have this working.. thank you for the help


All times are GMT -5. The time now is 08:44 AM.