Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 13
Hi Im posting after reading through a lot of articles explaining the same thing on how to share an internet connection from a computer with two NICs. I have the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2010
    Posts
    2

    Internet Connection Sharing screwed up


    Hi

    Im posting after reading through a lot of articles explaining the same thing
    on how to share an internet connection from a computer with two NICs.

    I have the following simple setup

    Internet <-DHCP-> eth0 Ubuntu eth1 <--192.168.0.0--> LAN

    When I first followed this guide
    ubuntugeek.com/sharing-internet-connection-in-ubuntu.html

    I was able to ping between the GW and a client on the LAN but couldn't access the internet from it. So I started to configure different things to get it to work which failed.

    Now I can't ping between GW and the LAN. I tried to follow the same guide over again and even flushing the tables but still...

    These are my current settings (without any chains).

    GW eth0 as usual DHCP
    GW eth1 192.168.0.1

    Client on LAN
    ifconfig eth0 192.168.0.10
    route add default gw 192.168.0.1

    (this client also has a wireless connection displayed in 'ifconfig')


    Please help!

  2. #2
    Linux Guru coopstah13's Avatar
    Join Date
    Nov 2007
    Location
    NH, USA
    Posts
    3,149
    i suggest you restart and follow that exact guide, it should be right based on my quick glances on it

    when you did the iptables part, you replaced ethX with your actual device eth1 correct?

    after editing sysctl.conf file i recommend running sudo sysctl -p command

  3. #3
    Just Joined!
    Join Date
    Feb 2010
    Posts
    2
    it says "where ethX is the network card that the Internet is coming from"
    which is eth0 in my case. But I tried with eth1 just to be sure but still the same.

    A second guide:

    help.ubuntu.com/community/Internet/ConnectionSharing

    which didn't help either

  4. #4
    Just Joined! fragos's Avatar
    Join Date
    Sep 2004
    Location
    Fresno CA
    Posts
    16

    A fool proof approach to a local LAN

    Clearly what you want to do is achievable but I took a different path that required virtually no configuration. I bought a TRENDnet wireless access point (mine was $20). Just plugged my cable modem into the uplink port and my PC into the 1st port of the access point's built in 4 port hub. My ISP, Comcast, blocks all but the MAC address of the Ethernet port originally connected to the cable modem. That issue is solved in the router by cloning the MAC address of the PC (router has a function to do this for you). Set all connected devices, wired or WiFi, to DCHP (the default). All devices on the LAN can address each other as "{hostname}.local" instead of the IP address which avoids the issue of DCHP assigning a different NAT IP when any node starts.

  5. #5
    Linux Enthusiast Mudgen's Avatar
    Join Date
    Feb 2007
    Location
    Virginia
    Posts
    664
    The "firestarter" package can help you set this up easily without having to know all the command line and config file stuff. Not that it hurts to know that.

  6. #6
    Just Joined!
    Join Date
    Jun 2008
    Posts
    2

    Hi For Two NIC Internet Connections

    Hi Deeflex

    I am late here but replying you cuase like linux...

    you can configure your linux box with two nic and their is only one IPtables commnad you have to fire for to enable internet in linux system.

    Accept all connections

    iptables -A INPUT -i Internet Interface(eth0) -j ACCEPT
    iptables -A OUTPUT -o Internet Interface(eth0) -j ACCEPT

    Internet Distribute

    iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

    I hope this information is usefull to you here is i show you basic steps to start INTERNET
    if you need any otherhelp feelfree mail me or chat.


    Regards
    Nimit Gajjar
    e-Mail : nimit28ced@gmail.com
    nimit07@yahoo.com

    Power of the World : Share the Knowledge Get the Knowledge.



    Quote Originally Posted by deeflex View Post
    Hi

    Im posting after reading through a lot of articles explaining the same thing
    on how to share an internet connection from a computer with two NICs.

    I have the following simple setup

    Internet <-DHCP-> eth0 Ubuntu eth1 <--192.168.0.0--> LAN

    When I first followed this guide
    ubuntugeek.com/sharing-internet-connection-in-ubuntu.html

    I was able to ping between the GW and a client on the LAN but couldn't access the internet from it. So I started to configure different things to get it to work which failed.

    Now I can't ping between GW and the LAN. I tried to follow the same guide over again and even flushing the tables but still...

    These are my current settings (without any chains).

    GW eth0 as usual DHCP
    GW eth1 192.168.0.1

    Client on LAN
    ifconfig eth0 192.168.0.10
    route add default gw 192.168.0.1

    (this client also has a wireless connection displayed in 'ifconfig')

    Please help!

  7. #7
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    Quote Originally Posted by deeflex View Post
    I have the following simple setup

    Internet <-DHCP-> eth0 Ubuntu eth1 <--192.168.0.0--> LAN
    This is simple enough.

    First ensure forwarding is turned on.
    Edit your sysctl.conf and add the following:

    Code:
     net.ipv4.ip_forward = 1
    The above will ensure forwarding is turned on at every reboot. Mind you forwarding still hasn't been turned on as we want to setup the firewall before giving access.

    Now we should setup the iptables rules. these are quick and dirty and allow everything from the LAN to get out and only what was requested by the LAN to come back in.

    Code:
    # flush, erase and zero all the rules in the filter and nat tables.
    iptables -F
    iptables -X
    iptables -Z
    iptables -t nat -F
    iptables -t nat -X
    iptables -t nat -Z
    iptables -t mangle -F
    iptables -t mangle -X
    iptables -t mangle -Z
    
    # Setup Firewall Policies
    iptables -P INPUT DROP
    iptables -p OUTPUT DROP
    iptables -P FORWARD DROP
    
    #Set IP ADDRESS to outside interface so connection know how to get back
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    
    #Set FORWARDing tables
    iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD - eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -j DROP
    Now the above only allows the LAN out to the Internet and doesn't allow the LAN to connect to the Ubuntu box. If you want the LAN to be able to connect to the Ubuntu box then you need to add the following:

    Code:
    iptables -A INPUT -i eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -j DROP
    iptables -A OUTPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A OUTPUT -j DROP
    If you want the Ubuntu box to be able to get out and still want the LAN to access it then skip the above and use this:

    Code:
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -i eth1 -m state --state NEW -j ACCEPT
    iptables -A INPUT -j DROP
    iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    iptables -A OUTPUT -j DROP
    If you don't want the LAN to be able to access the Ubuntu box but the Ubuntu box should still be able to get out then simple remove the second line from above. This will allow the Ubuntu box to get out but nothing will be able to connect to it directly.

    You will get different opinions on the DROP at the end of all rules. Some people will say you don't need the extra DROP rules. I don't leave it to chance for then policy to drop everything that gets that far.

    Now run the following to save your firewall rules:

    Code:
    iptables-save
    Only thing left is to setup your system to start iptables on boot.
    Sorry, I don't know this command.

    Now that you have your firewall setup you can turn on forwarding as follows:

    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    The above will share the internet connection with your LAN and will also ensure that everything is in place should you ever have to reboot.

    I may have missed something as I am going off memory only. You can check everything in this IPTABLES Tutorial. In fact I would highly encourage you to check anything someone is telling you before you do it just to ensure they are not leading you down the wrong path.




    Quote Originally Posted by nimit07 View Post
    Hi Deeflex

    I am late here but replying you cuase like linux...
    While I find it great that you like linux, you should really consider not giving out any advice on topics you really don't understand. Case in point below....

    you can configure your linux box with two nic and their is only one IPtables commnad you have to fire for to enable Internet in linux system.

    Accept all connections

    iptables -A INPUT -i Internet Interface(eth0) -j ACCEPT
    iptables -A OUTPUT -o Internet Interface(eth0) -j ACCEPT

    Internet Distribute

    iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
    The above does noting to share the Internet with the LAN and only opens your system up to the Internet. What you did above is the same as not running a firewall at all.

    I hope this information is usefull to you here is i show you basic steps to start INTERNET
    if you need any otherhelp feelfree mail me or chat.
    I would highly recommend not doing this. You have a lot to learn. Have a look at the link I have added above for the Tutorial.

    Power of the World : Share the Knowledge Get the Knowledge.
    You have this sdrawkcab. First get the knowledge and then share it.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  8. #8
    Linux Enthusiast Mudgen's Avatar
    Join Date
    Feb 2007
    Location
    Virginia
    Posts
    664
    Lazydog, that looks pretty good to be done from memory. But the iptables-save command just dumps the current tables to stdout. Not sure what your purpose was there. The iptables commands should be persistent without doing that.

  9. #9
    Just Joined!
    Join Date
    Jun 2008
    Posts
    2
    Quote Originally Posted by greyhairweenie View Post
    Lazydog, that looks pretty good to be done from memory. But the iptables-save command just dumps the current tables to stdout. Not sure what your purpose was there. The iptables commands should be persistent without doing that.
    you can put that file on startup
    in / etc /rc.local
    and fire that file on booting time
    "sh XYZ.sh"
    regards
    nimit

  10. #10
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    iptables-save should have written to a file that gets read when you start the firewall. Maybe in Ubuntu there is something else that you must do to save your rules. Or maybe you have to run a script to get the rules loaded. I don't know Ubuntu.

    As to memory, those rules are simple. I have configured enough firewalls to do this by memory.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •