How to share my internet

[Negatifo]

hi i am trying to share my internet connection, i have 3 computers 1 with Suse 10.2 and the other 2 with xp.
i can ping all of them but i can get internet on xp ones.
my dsl connection in up and runnig on Suse 10.2.
Please help.
Thanks in Advance for any help.

[weknowtheworld]

I thionk you will have to do something called ip masquerading
start by enabling forwarding and masquerading
open the /etc/sysconfig/network file as root in any text editor and add the line GATEWAYDEV=ppp0
turn on IP packet forwarding by opening /etc/sysctl.conf file as root and edit the line to say net.ipv4.ip_forward = 1
now i assume that you already have static IP addresses on your lan so with that in mind
if you are using iptables type the following as root
#iptables -t nat -A POSTROUTING -o ppp0 -j masquerade
#iptables -A FORWARD -s (laptop adderss here) -j ACCEPT
#iptables -A FORWARD -d (laptop adderss here) -j ACCEPT
#iptables -A FORWARD -s !(laptop adderss here) -j DROP

now backup your iptables
#cp /etc/sysconfig/iptables /etc/sysconfig/iptables.old
#iptables-save > /etc/sysconfig/iptables

restart your network
#/etc/init.d/network restart
and restart iptables
#/etc/init.d/iptables restart

now set your windows boxes gateway to your linix boxes ip address and enter the DNS addresses you use and you are good to go

[baldur2630]

Download Firestarter it's quicker and easier.

[JHB]

With SuSE it is fairly easy - you can use yast.
Select Security and users, and the firewall.
On the left choose interfaces, and ensure your dsl connection is on the external zone, and your XP computers on the internal zone.
Do not select protect from internal zone

Select Masquerading, and tick the Masquerade networks.

If you want to protect from internal zone, or you want the XP computers on the DMZ, you will need to open the relevant ports on the firewall.

To see which ports require opening, type (as root)
# cat -f /var/log/firewall

Now try to connect and you should see something like this:
Jan 17 15:55:41 hostname kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:0d:9d:91:95:ab:00:04:38:78:ba:02:08:00 SRC=xxx.xxx.xxx.xxx DST=xxx.xxx.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=742 DF PROTO=TCP SPT=3856 DPT=135 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)

Note the PROTO value (TCP or UDP)
and the DPT (destination port)

In Yast under the firewall, select "Allowed Services"
Select advanced, and enter the ports in the relevant boxes with spaces between them.

I am unsure if it is necessary to also select the "enable IP forwarding" option under network devices -> network cards.
You will find it under "routing" for the network card.