Main Workstation as a router

trelamenos · 08-04-2010, 10:40 AM

Hello everybody,

so i am running Fedora in my main workstation, which is always awake and doing most of my work in it.
This box has a wireless internet connection with my ADSL router, cause of the long distance from my room. But i need somehow to share this connection to other boxes with the ethernet connection. I ve got a 8port switch and i want to connect to the main box and connect other boxes to this switch so they 've got internet.
How should i do this? How should i configure my main box, to share the wireless connection to its ethernet subnetwork? Iptables? Routes?

Thank you in advance

eantoranz · 08-04-2010, 11:02 AM

Basically iptables... and set your boxes to use the internal IP of your linux box to use it as default gw.

Then, in the linux box, make sure that there's a rule or policy in FORWARD that will this packets coming from these boxes to go through and add this rule to your linux box:

Code:

iptables -t nat -A POSTROUTING -o internet-interface -j MASQUERADE

In internet-interface use the interface that's connected to internet (wlan0, eth0, eth1, whatever).

And make sure that /proc/sys/net/ipv4/ip_forward is set to 1:

Code:

cat /proc/sys/net/ipv4/ip_forward

That should do.

trelamenos · 08-04-2010, 02:48 PM

Allright, great thank you a lot eantoranz.

now please a few questions. My main box is acting as a router. First what these means?

Quote:

[kostas@bigbox ~]$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 wlan0
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0

second, the boxes from the subnet where are they getting DNS from? I should give them manually, right?

and in the system-config-firewall i had allready enable the MASQUERADE option for my internet interface but i had to pass it to iptables too to work. Why is that??

thanks again in advance

eantoranz · 08-04-2010, 03:03 PM

Code:

0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 wlan0
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0

That doesn't look right, man.

It should be

Code:

0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 wlan0

Cause you said you are connected to internet through the wireless, right? That is the only default gw you should set. The other routing lines look ok. By the way, I prefer the output of "ip route show", but that's just me.

About DNS... well, I guess!... If you have set up a dhcp service, you can tell them to use whatever DNS you like from there so you don't have to go through each box to configure it. If you are using static IPs, then you are busted and will have to do it by hand.

And about the firewall configuration: I have nooooo idea. In general I like to set up my netfilter (aka iptables) stuff by hand.

jefro · 08-04-2010, 03:10 PM

Could install a small VM that has all the firewall features you want too then run it as if it were a dedicated box. Might look at untangle.com's firewall, already made in a VM at vmware.

trelamenos · 08-04-2010, 05:47 PM

Quote:

[
kostas@bigbox ~]$ ip route show
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.254 metric 1
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.65 metric 2
default via 192.168.1.254 dev wlan0
default via 192.168.1.254 dev eth0 proto static

Thank you eantoranz and jefro
here's ip's output. the whole configuration is working normal. But i haven't restart my pc yet, i should do that too.

Thank you again

eantoranz · 08-04-2010, 05:51 PM

I would tell you to remove the last line as it doesn't work... as a matter of fact, it's kind of crazy given that you won't find that router (192.168.1.254) on dev eth0.