LinuxQuestions.org - sharing internet

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - sharing internet (https://www.linuxquestions.org/questions/linux-newbie-8/sharing-internet-286556/)

sharing internet

Hi, have have two machines, both with fedora core 3 on...
the network i want to set up looks as following...

internet --- ethernet based router ---- LINUX BOX1 ----- HUB ---- any other computer

the linux box 1 has two ethernet cards, one to connect to the internet which i can do no probs, and another to the hub.

the computers connected to the hub our fine they can see the linux box 1 fine, but they cant seem to share the internet with them. the ip config is shown below but i havnt a clue how ti make linuxbox1 share please help

linuxbox1 card 1 to router ..
ip 192.168.1.4
sub : 255.255.255.0
gateway 192.168.1.1
dns : 192.168.1.1
linuxbox1 card 2 to hub
ip 192.168.0.1
sub 255.255.255.0
gateway 192.168.1.4
dns 192.168.1.4

a computer to connecect to hub...
ip 192.168.0.32
sub 255.255.255.0
gateway 192.168.0.1
dns 192.168.0.1

top summersize, how do i share an internet connection on linux box 1

I have a similar setup, except my main linux box is the firewall and 'router' for the other pc's on the hub/switch.

http://projectfiles.com/firewall/

Its easy to use and edit.

this isnt helpful it is just a fire wall???? i dont want one as yet i wanna beable to share my internet connect!

Hi.

I was in that world of pain too until someone asked me if i had NAT on the external eth. card.
Do you have NAT enabled on your external eth card?

ok i can answer you with this question...

whats NAT

hehe so thats a no what is it how do i enable it?

and thank you thank you thank you for respomding to my plee hehe

do something like that:

Code:

echo 1> /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.4 -s 192.168.0.32

iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

where eth0 is linuxbox to router, eth1 - linuxbox to hub

ok, il give it a try the first line works fine

but it complins about the command iptables
any clues?

You need to have ip-masquerading in place and iptables and then have a command to forward to the boxes behind or use a nat routing script to bring it up with the network. An example is MonMotha's script ;
http://monmotha.mplug.org/firewall/firewall/2.3/

install iptables package

:)

I guess after nazirs tip you'll be fine, anyways, if you'd like to understand it a little bit more there are some pdf files about nat (masquerading).

if you'd like to basicaly secure your connection either you could use this pdf:

http://www.ibiblio.org/pub/Linux/doc...mple-HOWTO.pdf

i hope it'll help you as it helped me to get started with internet sharing.

go through the pdf i gave you, you'll know what to do.

well my machine apprently says its installed, i use yum it says nothing to do, i can even read the manual.

but no it hates me

try to find iptables, it should be somewhere in /usr/local/sbin or /usr/sbin, use it with path, and of course you must be root.. as root try this:

Code:

whereis iptables

in my os it shows:

Code:

iptables: /sbin/iptables /lib/iptables /usr/share/man/man8/iptables.8.bz2

it is in /sbin

then use it AS ROOT with path
fo example

Code:

echo 1> /proc/sys/net/ipv4/ip_forward

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.4 -s 192.168.0.32

/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

well hte cmmands are working fine now!!1

but unfortantly no hope of sharing the interenet as yet

more suggestions :-(?

maybe try to ping something from machine behind the nat

no affraid not (thats how i check to see if was working)

is there anyway to check a config file or something that everything is set up correctly and then i will know the issue is with ip addressing

or dns stuff

If your new to iptables,use firestarter,here is the part on NAT;
http://firestarter.sourceforge.net/manual/nat.php

havnt a clue where im going wrong now....

so this is what i have typed in .. as instructed

[root@localhost server]# echo 1> /proc/sys/net/ipv4/ip_forward
[root@localhost server]# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.0.1 -s 192.168.0.2
[root@localhost server]# iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
[root@localhost server]# iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
[root@localhost server]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
[root@localhost server]#

my set ups is as follows....

internet,, ------ eth0 ----- server
........................................... |____ eth1-------- HUB -------------(client_eth0)

where eth0 is ip = 192.168.1.4 255.255.255.0 default gateway 192.168.1.1 DNS = 192.168.1.1
and eth1 is ip = 192.168.0.1 255.255.255.0 default gateway 192.168.1.4

and client_eth0 is 192.168.0.2 255.255.255.0 and its default gateway points to 192.168.0.1 DNS 192.168.0.1

i can ping the server from the client, the server can access the interenet and ping the client..
but the client cannot ping or get any internet access

please help this is driving me insane

iptables -I FORWARD -i eth0 -d 192.168.0.0/255.255.0.0 -j DROP
iptables -A FORWARD -i eth0 -s 192.168.0.0/255.255.0.0 -j ACCEPT
iptables -A FORWARD -i eth1 -d 192.168.0.0/255.255.0.0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Try adding this on the server,you may need to reverse the eth0 and eth1 as that is for
WAN eth1 box eth0 intranet

ok well i get this now...

but still doesnt allow the client to actually access the net

[root@localhost tmp]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- 0.0.0.0/0 192.168.0.0/16
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.0.0/16

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

On the server did you link eth0 and eth1 for gentoo its
ln -s net.eth0 /etc/init.d/net.eth1
here is the guide I used,may help with iptables
http://www.gentoo.org/doc/en/home-router-howto.xml