Results 1 to 10 of 13
|
Enjoy an ad free experience by logging in. Not a member yet? Register.
|
|
-
02-17-2010 #1
- Join Date
- Feb 2010
- Posts
- 2
Internet Connection Sharing screwed up
Im posting after reading through a lot of articles explaining the same thing
on how to share an internet connection from a computer with two NICs.
I have the following simple setup
Internet <-DHCP-> eth0 Ubuntu eth1 <--192.168.0.0--> LAN
When I first followed this guide
ubuntugeek.com/sharing-internet-connection-in-ubuntu.html
I was able to ping between the GW and a client on the LAN but couldn't access the internet from it. So I started to configure different things to get it to work which failed.
Now I can't ping between GW and the LAN. I tried to follow the same guide over again and even flushing the tables but still...
These are my current settings (without any chains).
GW eth0 as usual DHCP
GW eth1 192.168.0.1
Client on LAN
ifconfig eth0 192.168.0.10
route add default gw 192.168.0.1
(this client also has a wireless connection displayed in 'ifconfig')
Please help!
-
02-17-2010 #2
i suggest you restart and follow that exact guide, it should be right based on my quick glances on it
when you did the iptables part, you replaced ethX with your actual device eth1 correct?
after editing sysctl.conf file i recommend running sudo sysctl -p command
-
02-17-2010 #3
- Join Date
- Feb 2010
- Posts
- 2
it says "where ethX is the network card that the Internet is coming from"
which is eth0 in my case. But I tried with eth1 just to be sure but still the same.
A second guide:
help.ubuntu.com/community/Internet/ConnectionSharing
which didn't help either
-
02-18-2010 #4
A fool proof approach to a local LAN
Clearly what you want to do is achievable but I took a different path that required virtually no configuration. I bought a TRENDnet wireless access point (mine was $20). Just plugged my cable modem into the uplink port and my PC into the 1st port of the access point's built in 4 port hub. My ISP, Comcast, blocks all but the MAC address of the Ethernet port originally connected to the cable modem. That issue is solved in the router by cloning the MAC address of the PC (router has a function to do this for you). Set all connected devices, wired or WiFi, to DCHP (the default). All devices on the LAN can address each other as "{hostname}.local" instead of the IP address which avoids the issue of DCHP assigning a different NAT IP when any node starts.
-
02-18-2010 #5
The "firestarter" package can help you set this up easily without having to know all the command line and config file stuff. Not that it hurts to know that.
-
02-18-2010 #6
- Join Date
- Jun 2008
- Posts
- 2
Hi For Two NIC Internet Connections
Hi Deeflex
I am late here but replying you cuase like linux...
you can configure your linux box with two nic and their is only one IPtables commnad you have to fire for to enable internet in linux system.
Accept all connections
iptables -A INPUT -i Internet Interface(eth0) -j ACCEPT
iptables -A OUTPUT -o Internet Interface(eth0) -j ACCEPT
Internet Distribute
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
I hope this information is usefull to you here is i show you basic steps to start INTERNET
if you need any otherhelp feelfree mail me or chat.
Regards
Nimit Gajjar
e-Mail : nimit28ced@gmail.com
nimit07@yahoo.com
Power of the World : Share the Knowledge Get the Knowledge.
-
02-19-2010 #7
This is simple enough.
First ensure forwarding is turned on.
Edit your sysctl.conf and add the following:
Code:net.ipv4.ip_forward = 1
Now we should setup the iptables rules. these are quick and dirty and allow everything from the LAN to get out and only what was requested by the LAN to come back in.
Code:# flush, erase and zero all the rules in the filter and nat tables. iptables -F iptables -X iptables -Z iptables -t nat -F iptables -t nat -X iptables -t nat -Z iptables -t mangle -F iptables -t mangle -X iptables -t mangle -Z # Setup Firewall Policies iptables -P INPUT DROP iptables -p OUTPUT DROP iptables -P FORWARD DROP #Set IP ADDRESS to outside interface so connection know how to get back iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE #Set FORWARDing tables iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD - eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -j DROP
Code:iptables -A INPUT -i eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -j DROP iptables -A OUTPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -j DROP
Code:iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i eth1 -m state --state NEW -j ACCEPT iptables -A INPUT -j DROP iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -j DROP
You will get different opinions on the DROP at the end of all rules. Some people will say you don't need the extra DROP rules. I don't leave it to chance for then policy to drop everything that gets that far.
Now run the following to save your firewall rules:
Code:iptables-save
Sorry, I don't know this command.
Now that you have your firewall setup you can turn on forwarding as follows:
Code:echo 1 > /proc/sys/net/ipv4/ip_forward
I may have missed something as I am going off memory only. You can check everything in this IPTABLES Tutorial. In fact I would highly encourage you to check anything someone is telling you before you do it just to ensure they are not leading you down the wrong path.
While I find it great that you like linux, you should really consider not giving out any advice on topics you really don't understand. Case in point below....
you can configure your linux box with two nic and their is only one IPtables commnad you have to fire for to enable Internet in linux system.
Accept all connections
iptables -A INPUT -i Internet Interface(eth0) -j ACCEPT
iptables -A OUTPUT -o Internet Interface(eth0) -j ACCEPT
Internet Distribute
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
I hope this information is usefull to you here is i show you basic steps to start INTERNET
if you need any otherhelp feelfree mail me or chat.
Power of the World : Share the Knowledge Get the Knowledge.
-
02-19-2010 #8
Lazydog, that looks pretty good to be done from memory. But the iptables-save command just dumps the current tables to stdout. Not sure what your purpose was there. The iptables commands should be persistent without doing that.
-
02-20-2010 #9
- Join Date
- Jun 2008
- Posts
- 2
-
02-20-2010 #10
iptables-save should have written to a file that gets read when you start the firewall. Maybe in Ubuntu there is something else that you must do to save your rules. Or maybe you have to run a script to get the rules loaded. I don't know Ubuntu.
As to memory, those rules are simple. I have configured enough firewalls to do this by memory.