internet connection sharing problem.

Cata1yst · 09-12-2009, 06:34 PM

I can find out the simple commands to masquerade my internet connection but i cannot peice together what exactly needs to be done.... it just seems like what ive found on google is "here type in these commands and it will work..."

the interface i am trying to share it to is eth0 with an ip of 192.168.0.3 being assigned to my secondary device (xbox 360)
i get my internet connection from my wireless router with my computer ip of 192.168.10.5 on the interface ra0 with the router as 192.168.10.1

Quote:

echo "1" > /proc/sys/net/ipv4/ip_dynaddr
iptables -F
iptables -t nat -A POSTROUTING -o ra0 -j MASQUERADE
iptables -A INPUT -i ra0 --source my system ip? -j DROP
iptables -A INPUT -i ra0 --source 10.0.0.0/8 -j DROP
iptables -A INPUT -i ra0 --source 172.16.0.0/12 -j DROP
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m limit --limit 5/minute --limit-burst 5

im confused at what the lines i underlined do and the bolded and italicized should be my current host ip or should it be my router ip?

globaltree · 09-13-2009, 12:47 PM

well... i still use openbsd for firewall that protects my home slack net and shares internet amongst different interfaces... and though it uses it's own commands... some things are a constant:

you have to make sure packet forwarding is turned on in the kernel

you will have to decide whether you want to "bridge" the network (make it so eth0 is part of ra0, in which case your xbox could also get it's ip from the wireless router and be on the 192.168.10.255 subnet) or whether you want to use network address translation (nat), in which case you must also create rules in the firewall that forward packets of data between the internal and external ip addresses...

if you create a bridge, then the devices on eth0 get their ip's in the same way ra0 got it's ip, whether manually assigned or from dhcpd running on wifi router...

if you use nat, then you get to decide whether you want to run your own dhcpd server so that devices on eth0 use a dhcp client to obtain ip address, or whether you want to manually assign ip addresses to the devices on eth0.

then based on which setup you choose, you use the appropriate tools.

see

Code:

man brctrl

for how to setup a bridge configuration...

see

Code:

man iptables

for nat

Cata1yst · 09-13-2009, 01:22 PM

thanks much!

last time i used bridging was on windows and i had a horrible lagging problem when playing on live... i think ill give it a shot on the nix before i try nat... it seems simpler to set up...

thanks!

dragon_cb_cz · 09-13-2009, 02:42 PM

Quote:

Originally Posted by Cata1yst

I can find out the simple commands to masquerade my internet connection but i cannot peice together what exactly needs to be done.... it just seems like what ive found on google is "here type in these commands and it will work..."

the interface i am trying to share it to is eth0 with an ip of 192.168.0.3 being assigned to my secondary device (xbox 360)
i get my internet connection from my wireless router with my computer ip of 192.168.10.5 on the interface ra0 with the router as 192.168.10.1

im confused at what the lines i underlined do and the bolded and italicized should be my current host ip or should it be my router ip?

If your computer is connected to the internet via ra0 with IP 192.168.10.5 and you want to share this connection for your xbox that has IP 192.168.0.3 which is connected to your computer via eth0, all you need to do is:

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward    # enables IP packet forwarding in the kernel
iptables -F          # flushes the relevant Netfilter tables
iptables -F -t nat

# the most important part:
# "mask everything coming from 192.168.0.3 behind 192.168.10.5"
iptables -t nat -A POSTROUTING -s 192.168.0.3/32 -d 0.0.0.0 -j SNAT --to-source 192.168.10.5

In case you want to share the connection for the whole network connected to eth0, just change 192.168.0.3/32 to 192.168.0.0/24.

The bridging solution is also a good alternative (one that eliminates the probably completely unnecesary second NAT at your home network), basically all you need to do is something like:

Code:

ifconfig ra0 0.0.0.0
ifconfig eth0 0.0.0.0
brctl addbr br0
brctl addif br0 ra0
brctl addif br0 eth0
ifconfig br0 192.168.10.5

It has been some time since I used this so not 100% about the syntax - but it should be like this. The first two ifconfig statements are needed to set both interfaces to have no IP (because only the br0 bridge interface will have one), the rest creates the bridge interface, adds the ra0 and eth0 to it and sets the IP on it. Just a warning - don't do "ifconfig eth0 down" instead of "ifconfig eth0 0.0.0.0" - if you bring the interface down, it won't work in the bridge!