Backwards Internet connection sharing

RodWC · 02-18-2006, 12:53 PM

I know, usually people want to know how to share an internet connection on a Windows XP computer with Linux machines, but I want to do the opposite. I want to share my dial-up connection on my Debian computer with other computers, both Windows and Linux (though if I could figure out how to share it with one I think I could do the other as well).

Could anyone tell me how to do this? I can't find much information through Google for this sort of setup.

Brian1 · 02-18-2006, 01:58 PM

This is what you are after with dail-up connection and a ethernet card eth0 for other machines to connect to. What you are after is IP Masquerade. The first one is the basic script that after a connection is made on ppp0 to allow connections on eth0 to pass through to ppp0. The others add additional firewall rules. The second mentions dail on demand feature which if the second computer needs to see a site on the internet then it automatically causes the dail-up program to make the connection with one having to make the connection manual.

http://newbiedoc.sourceforge.net/tut...ttings.html.en
http://www.faqs.org/docs/linux_netwo...iguration.html
http://www-jerry.oit.duke.edu/linux/...h_ppp_v62.html

RodWC · 02-20-2006, 08:35 AM

Well, this didn't work right off the bat (I know it's my own fault), so I got frustrated and installed ipmasq, which didn't help a bit. I had to run it just to be able to connect to the internet at all, so I figured phooey on that, and uninstalled it again.

These docs you provided look promising, but I can't tell whether I'm using ipchains or iptables or either one! I'm also not sure if they are giving directions for sharing with address 192.168.0.1 on the host computer.

I think Linux is made for high-speed or DSL. It's so incredibly easy to use with that! Unfortunately, there is no possible way at this time for me to get high speed here at home, unless I got satellite, and that's too expensive.

ethics · 02-20-2006, 08:58 AM

ipchains was kernel 2.2 - 2.4 i believe, iptables is 2.4 + you could try iptables -L that should list any iptables rules, indicating that it's what you are using (onle one or the other can be used)

Wells · 02-20-2006, 09:20 AM

I would recommend reading the iptables FAQ and howto (http://www.netfilter.org/documentati...ilter-faq.html) as this is most likely what you are looking for. You are indicating a 2.6.15 kernel, so iptables is the way to go.

RodWC · 02-20-2006, 03:59 PM

I haven't had time to read that whole faq yet, but I made a gateway.rules file in /etc and put this in it:

Code:

/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -t mangle -F #ignore if you get an error here
/sbin/iptables -X #deletes every non-builtin chain in the table

/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
# only if both of the above rules succeed, use
/sbin/iptables -P INPUT DROP

/sbin/iptables -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT

/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

/sbin/iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT

It still doesn't work, though of course I can ping 192.168.0.1 from all the other computers. I can't ping 209.244.0.3 though, which would be my DNS.

Also (this is not really related) I have a problem with gnome-ppp. I can only run it as root or with sudo. Here's the log when trying to run it as a regular user:
--> Ignoring malformed input line: ";Do NOT edit this file by hand!"
--> WvDial: Internet dialer version 1.55
--> Initializing modem.
--> Sending: ATZ
ATZ
OK
--> Sending: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
OK
--> Modem initialized.
--> Sending: ATM0L0DT862-6000
--> Waiting for carrier.
ATM0L0DT862-6000
CONNECT 28800/ARQ/V34/LAPM/V42BIS
--> Carrier detected. Starting PPP immediately.
--> Starting pppd at Mon Feb 20 16:51:00 2006
--> Pid of pppd: 7682
--> Disconnecting at Mon Feb 20 16:51:01 2006
--> The PPP daemon has died: pppd options error (exit code = 2)
--> man pppd explains pppd error codes in more detail.
--> I guess that's it for now, exiting
--> The PPP daemon has died. (exit code = 2)

I looked at man pppd, but the error code was rather obscure and vague.

"2 An error was detected in processing the options given, such as two mutually exclusive options being used."

When I try to run pppd as a regular user, I get an error message about it not being able to find the file /etc/ppp/options (if I run as root it just makes a bunch of funny symbols).

If it's perfectly fine to just use "sudo gnome-ppp", then this is not a problem. I just don't want to compromise security is all.

Brian1 · 02-20-2006, 04:11 PM

Might go here to generate an iptables script if using iptables.
http://easyfwgen.morizot.net/gen/

Just change first interface from eth0 to ppp0 and select gateway option.
Then hit next and it will ask how to set the gateway. change eth1 to eth0 and entered desired ip's.
cut and paste the script into a file and run it.

Brian1

RodWC · 02-20-2006, 05:05 PM

Thank you, that worked! I'm keeping that page bookmarked.

Brian1 · 02-21-2006, 03:21 PM

Glad to see you have it going.
Brian1