I have a Windows computer (192.168.0.1) using internet connection sharing which gives an internet connection to my linux pc (ubuntu, 192.168.0.2).



i have added a second network card to my linux pc and wish to attach a windows pc to it and use my linux pc as a gateway (so the second windows pc can get an internet connection from me)



it is not possible to connect the second windows computer into a hub along with the linux box so that they both connect via the hub to the windows gateway because the hub is currently full with the rest of the computers on my network

how do i do this? please help

im a linux n00b, if that helps you not confuse me with technical words

You have to enable forwarding in the linux box... and masquerade traffic comming out from the linux box.

how do i do that?

Enable forwarding:
Masquerading:
The iptables rule is too simplistic in this case... you might need a more fine-tuned rule... but for matters of testing.... that will do the trick.

There are other things to consider.... what is the FORWARD policy of the linux box? You can see the forward policy and rules with:

ok i did that

what ip address should i use for the second nic and what settings (ip gateway) should i use on the windows pc?

say another private network segment... for example:

linux: 192.168.1.1
windows: 192.168.1.2, gateway: 192.168.1.1 ()

Having set that, you should be able to ping to the lan on the router side of the linux box... and you should be able to get internet access... or at least, the same you have on the router side of your lan.

done that

i can ping 192.168.1.1 but i cant get the net

How about the computers in the 192.168.0.x segment? Can you ping them?

nope

i try to ping 192.168.0.2 and i get:

Reply from 192.168.1.1: Destination host unreachable


i tried 192.168.0.1 (my router) and it just kept timing out

Forwarding is not working.... because it's not letting you ping the interface on the other side of the linux pc.

Copy here the output of these commands:

Take a look at this thread... here's the main points. Perhaps I'm not being clear enough:
http://www.linuxquestions.org/questi...hreadid=274625

hitetsu@WhiteNinj4:~ $ sudo iptables -t nat -L -v
Password:
Chain PREROUTING (policy ACCEPT 29 packets, 3940 bytes)
pkts bytes target prot opt in out source destination
29 3940 gforward all -- any any anywhere anywhere

Chain POSTROUTING (policy ACCEPT 582 packets, 34920 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- any any anywhere anywhere MARK match 0x1
1062 63754 fromprivate all -- any any 192.168.0.0/16 anywhere
0 0 fromprivate all -- any any 172.16.0.0/12 anywhere
0 0 fromprivate all -- any any 10.0.0.0/8 anywhere

Chain OUTPUT (policy ACCEPT 1642 packets, 98554 bytes)
pkts bytes target prot opt in out source destination
1642 98554 gforward all -- any any anywhere anywhere

Chain fromprivate (3 references)
pkts bytes target prot opt in out source destination
6 360 ACCEPT all -- any any anywhere 192.168.0.0/ 16
0 0 ACCEPT all -- any any anywhere 172.16.0.0/1 2
0 0 ACCEPT all -- any any anywhere 10.0.0.0/8
1056 63394 MASQUERADE all -- any any anywhere anywhere

Chain ftolocal (2 references)
pkts bytes target prot opt in out source destination

Chain gforward (2 references)
pkts bytes target prot opt in out source destination
0 0 ftolocal all -- any any anywhere 192.168.0.4
582 34920 ftolocal all -- any any anywhere localhost.lo caldomain





hitetsu@WhiteNinj4:~ $ sudo iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
178K 23M ACCEPT all -- lo any anywhere anywhere
0 0 LOG all -- !lo any 127.0.0.0/8 anywhere LOG level warning
0 0 DROP all -- !lo any 127.0.0.0/8 anywhere
12 3960 ACCEPT all -- eth0 any anywhere 255.255.255.255
288 32183 ACCEPT all -- eth0 any 192.168.1.0/24 anywhere
0 0 ACCEPT !tcp -- eth0 any anywhere BASE-ADDRESS.MCAST.NET/4
0 0 LOG all -- eth1 any 192.168.1.0/24 anywhere LOG level warning
0 0 DROP all -- eth1 any 192.168.1.0/24 anywhere
4 1312 ACCEPT all -- eth1 any anywhere 255.255.255.255
24603 25M ACCEPT all -- eth1 any anywhere 192.168.0.4
50 8949 ACCEPT all -- eth1 any anywhere 192.168.0.255
0 0 LOG all -- any any anywhere anywhere LOG level warning
0 0 DROP all -- any any anywhere anywhere

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
43 2660 ACCEPT all -- eth0 eth1 192.168.1.0/24 anywhere
0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 LOG all -- any eth1 anywhere 192.168.1.0/24 LOG level warning
0 0 DROP all -- any eth1 anywhere 192.168.1.0/24
0 0 LOG all -- any any anywhere anywhere LOG level warning
0 0 DROP all -- any any anywhere anywhere

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
178K 23M ACCEPT all -- any lo anywhere anywhere
0 0 ACCEPT all -- any eth0 anywhere 255.255.255.255
55 4472 ACCEPT all -- any eth0 anywhere 192.168.1.0/24
0 0 ACCEPT !tcp -- any eth0 anywhere BASE-ADDRESS.MCAST.NET/4
0 0 LOG all -- any eth1 anywhere 192.168.1.0/24 LOG level warning
0 0 DROP all -- any eth1 anywhere 192.168.1.0/24
0 0 ACCEPT all -- any eth1 anywhere 255.255.255.255
23308 2666K ACCEPT all -- any eth1 192.168.0.4 anywhere
0 0 ACCEPT all -- any eth1 192.168.0.255 anywhere
0 0 LOG all -- any any anywhere anywhere LOG level warning
0 0 DROP all -- any any anywhere anywhere



hitetsu@WhiteNinj4:~ $ sudo cat /proc/sys/net/ipv4/ip_forward
1




i did it, and thats what i got

Give this a shot: Change the forward policy. Make it ACCEPT.

iptables -P FORWARD ACCEPT

and read the thread I gave you the URL of.

i had a look at that url, but it doesnt solve my problem =/

i can ping 192.168.1.1 still, but still cant ping 192.168.0.2 =/

i get the same error