internet connection sharing, sort of
im using mandrake 9.2
i set up my internet connection withe the mandrake config program and set it to start at boot etc and the internet connection sharing worked peachy. but my ISP only lets me connect for 4 hours then i have to reconnect, which sucks but theres nothing i can do about that, but mandrake doesnt notify when ive been disconected and its a pain the ass to get it to reconnect, so i set up KPPP to connect to the internet, but now i cant get it to share the connection, im sharing with mac on OSX by th way is there anyway i can get KPPP to share the connection because its far easier then messin about with the config program, some kind of script maybe?? |
KPPP doesnt share internet. iptables does this. i think mandy wizard also use iptables to share internet. there is a script generator to share internet at www.iptables-script.dk
|
cheers but...
well i generated a script, but it looks like the script i got assumes im on a fixed IP when i connect to the net...which im not and i dont know how to change this
and i know you can get KPPP to run a script when it connect to shatre a connection but im not sure how... |
replace
WAN_IP='216.18.124.164' with WAN_IP=`/sbin/ifconfig | grep -A 4 $WAN_NIC| awk '/inet/ { print $2 } ' | sed -e s/addr://` make sure WAN_NIC comes before WAN_IP in the script |
ok its still not working, but im not sure ive got it all right, under WAN_NIC i have ippp0 (im useing an ISDN modem) but im not sure how to check my internal network IP, aside from that i think it should be alright, i set KPPP to execute the script on connection
|
ok as my WAN_NIC should i use /dev/ttyI0 as apparently this is the device that KPPP uses to connect...
|
now im getting tired of this. the mac im trying to get to connect to the net thru my mandrake box is picking up all the necasary infor automatically, like the router address and its own IP using DHCP which is ace but it still cant connect to any servers. so im guessing i stil lhave no idea what im talking about though, that datas not being passed from from the net through to the other computer, but thats a total guess, the script im using is as follows.
#!/bin/sh # iptables script generator: V0.1-2002 # Comes with no warranty! # e-mail: michael@1go.dk # Diable forwarding echo 0 > /proc/sys/net/ipv4/ip_forward LAN_NIC='eth0' LAN_IP_NET='192.168.1.1' WAN_NIC='ttyI0' WAN_IP=`/sbin/ifconfig | grep -A 4 $WAN_NIC| awk '/inet/ { print $2 } ' | sed -e s/addr://` # load some modules (if needed) # Flush iptables -t nat -F POSTROUTING iptables -t nat -F PREROUTING iptables -t nat -F OUTPUT iptables -F iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # enable Masquerade and forwarding iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # STATE RELATED for router iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Enable forwarding echo 1 > /proc/sys/net/ipv4/ip_forward |
in this script i couldnt see any line used the wan ip. am i miss something?
try the following pls. i think it will work. echo 0 > /proc/sys/net/ipv4/ip_forward LAN_NIC='eth0' LAN_IP_NET='192.168.1.0/24' WAN_NIC='ttyI0' # not necessary - WAN_IP=`/sbin/ifconfig | grep -A 4 $WAN_NIC| awk '/inet/ { print $2 } ' | sed -e s/addr://` # load some modules (if needed) # Flush iptables -t nat -F POSTROUTING iptables -t nat -F PREROUTING iptables -t nat -F OUTPUT iptables -F iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # enable Masquerade and forwarding iptables -t nat -A POSTROUTING -s $LAN_IP_NET -o $WAN_NIC -j MASQUERADE iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # STATE RELATED for router iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Enable forwarding echo 1 > /proc/sys/net/ipv4/ip_forward PS: when u connect internet, what does ifconfig show about wan interface? if it is different than ttyI0, change it to correct device name. |
no dice, i figured out my IP is 192.168.1.1 so i changed LAN_IP_NET='192.168.1.0/24' accordingly, please tell me if i shouldnt of, also using ifconfig i found out that its ppp0 connected to the net. i just dont understand why it wont work
|
try the following lines please:
echo 0 > /proc/sys/net/ipv4/ip_forward iptables -t nat -F POSTROUTING iptables -t nat -F PREROUTING iptables -t nat -F OUTPUT iptables -F iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j MASQUERADE iptables -A FORWARD -j ACCEPT -i eth0 -s 192.168.1.0/24 iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward |
if my ip is 192.168.1.1 on my local network, does that mean i have to change the following lines
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j MASQUERADE iptables -A FORWARD -j ACCEPT -i eth0 -s 192.168.1.0/24 or is that just me guessing again |
how frustrating is this, it still doesnt work. it will work with the regular mandrake control center connection but not with KPPP, is there some kind of script i cant ake from there to use or something
|
if your ip is 192.168.1.1 on local. u are generally in 192.168.1.0/255.255.255.0 network, and 192.168.1.0/24 means 192.168.1.0/255.255.255.0 network.
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j MASQUERADE means if packets come from 192.168.1.0 network (192.168.1.1 ..... 192.168.1.254), use ppp0 as out interface and do MASQUERADE rule. (NAT). iptables -A FORWARD -j ACCEPT -i eth0 -s 192.168.1.0/24 means that accept to foward packets if they come from 192.168.1.0/24 and comes to eth0 interface. (to inrease security) if u wanna learn about iptables visit www.netfilter.org and read the docs. let me know if it works pls. |
nah didnt work...
|
i think the key line is
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j MASQUERADE and key word is ppp0. i dont know which interface name kppp uses. this line worked with kppp here when i had a dial up connection on redhat 8.0 i cant help u more about that. |
All times are GMT -5. The time now is 09:11 AM. |