Internet Connection Sharing?

[electroconvulsi]

I have a box with FC5 on it and I want to share its internet connection with a box running Xubuntu 6.06 I have set the FC5 box's IP address as the default gateway for the Xubuntu box but when I try to connect it tells me that the default gateway is refusing connections. I cant find anywhere on this machine any settings that allow me to share the internet connectin and I have even tried suspending the firewall to see if that will work. No joy

Help will be greatly appreciated.

[xask]

There are two principle ways of sharing internet connections -

1. Proxy Server
2. NAT (Network Address Translation)

1. Proxy server -
Using this method you can configure the FC5 box as a proxy server, and to access the internet on you Xbuntu box
Edit- Preference - Connection Settings -> manual proxy configuration and then enter the IP address of FC5 box (LAN ip for eg 192.168.1.1, and in the port enter 3128).

Configuring FC5 box as a proxy server-
A proxy server has two IP addresses (an public IP,the internet connection IP) and the LAN IP (on your LAN), to make your Fedora box a proxy server you must start the "squid" service, squid is a very very popular proxy server,
You can start this service in the following ways -
a. Console -- type: service squid start ,(also service squid stop {to stop} and service squid restart {to restart})
b. Graphical -- Start - > Administrative -> Server -> Services
Scroll down to squid and start the service , dont forget to click "save" to make this permanent between reboots
But there's small problem, you still wont be able to acces the net, because for security reasons "squid" will not share the internet by default with anybody (if did with anybody we would call you computer an open proxy, which any one can use to anonymously access the internet or even hack other sites)
So to allow access to your LAN computers -
edit /etc/squid.conf
scroll down to line no 1817 , where it says about "Recommended configuration" and add the following -
acl LAN src 192.168.1.0/24
(this indicates you LAN has IP addesses of the form 192.168.1.x, if you have some other form change it here, 24 - is the netmask , same as 255.255.255.0 )
this will enable squid to share the internet with all your LAN boxes,
save the file, and dont you forget to restart the service as told above, all services need to be restarted after their configurations are modified)

2. NAT - well this is my favourite, but is quite tricky, so if you can get along with squi d, leave this alone.

Hey ! I think i wrote a pretty comrehensive tutorial ? eh?
ha ha ha !
you think i should start writing books or something ?its been on my mind
tell me any problems you face, im always out here to help.
cya
bye
xask wuz here

[xathrasmurphy]

I have an old laptop running FC5 doing Internet Connection Sharing for me. Just installed Firestarter and ran its Wizard. If you install the dhcp server it will set that up for you as well.

[xask]

Woow !
i never knew of firestarter, this seems to be a great software ... hmm uses NAT for sharing internet thats good.
GUI frontends like this would pave the way for Desktop Linux
thanks for the informing!
xask

[xathrasmurphy]

It does what I need, i.e. sharing and a bit of port forwarding for the odd game of UT. There are other firewall configuration utilities; Shorewall, Guarddog etc. You might some of them better for your needs. I tried Firestarter. It worked. I left it alone.

[Ingolf]

On a machine with 2 or more network cards, running ICS, what firewall would you recommend?

[xask]

i persoanally do not prefer GUI frontends myself, until time is a factor, i would rather edit a conf file ;-)
X server is'nt usually run on servers (he he he)
But these things must be developed, they are very good for desktop people.

[electroconvulsi]

Thanks for your help but it didnt work. I tried the squid configuration you suggested and also the other solution involving Firestarter and DHCP.
Firstly about the squid method. The file to be edited is located at /etc/squid/squid.conf or etc/squid/squid.conf.defalt.
I didnt know which to add the line to so I edited both.
This error message was returned by the browser after configuring it and the network proxy to port 3128
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: http://www.google.com/search?
The following error was encountered:
* Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
Your cache administrator is root.
Generated Sun, 25 Jun 2006 17:09:38 GMT by techno-101.mshome (squid/2.5.STABLE12)
So for some reason it didnt connect after I restarted squid. Is there any other part to the configuration has been misssed here?
The Firestarter method:
I configured internet connection sharing in Firestarter and also created policies for inbound connections allowing all the services that I would usually use on the internet coming from the IP address of the machine and configured the outgoing to permissive. I tried DHCP enabled and disabled seeings my ubuntu machine has a fixed IP address on the network and set the proxy back to port 80 on the Ubuntu machine. That returned a message that said:
The proxy server is refusing connections
Firefox is configured to use a proxy server that is refusing connections.
*Check the proxy settings to make sure that they are correct.
*Contact your network administrator to make sure the proxy server is working.
Thanks for your help guys but for some reason neither method worked for me. Anything you would like to add or any further help will be as appreciated as the help so far.

[xathrasmurphy]

If you are going to use Internet Connection sharing as set up by Firestarter, you do not need to use a proxy. If you want to use squid it has to be configured correctly. I remember from past usage that there are a number of entries that have to be changed in the config file. Sounds like you have not set the right permissions

Howver I don't use a proxy. Don't need to. Keep it simple.


Regarding static IPs. If you are not using a dhcp server then you have to manually configure not just the IP and gateway address for each machine but also which DNS server they are to use.


Regarding policies. You don't need to change anything in Firestarter to access the Internet. I have no policies at the moment as I am not running my Unreal Tournament Server.

[xask]

Squid method:
sorry about the location of squid.conf-
you only need to edit squid.conf, and not squid.conf.defaut (it contains the default settings for squid as a backup)

Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

This is the exact thing i was trying to tell you, by default squid wont allow connections from any computer except your own computer (127.0.0.1), to allow other computers to access the proxy -
this line -
acl LAN src 192.168.1.0/24
will allow acces to all computers on your LAN ,only if this is the from of your network IP,

please tell me the IP addresses of both your machines.

but after seeing firestarter , as reported by xathrasmurphy i would suggest you to use firestarter instead of squid -
Reasons -
1. firestarter shares internet connection using NAT, which does NOT require any configuration on the Xbuntu computer,
Your computer will behave as if directly connected to the internet !, no setting in any programs required.
2. Proxy is a very popular method with large organisation, but frequently it is used in conjunction with the NAT,
that is all computer access the internet as if directly conected to the internet, however at the server end we have a NAT + proxy, the proxy helps to cache the content, for faster acces.

the disadvantage with NAT is that it does not implement caching, which a proxy does , there by decreasing time required to open a page

I would suggest you to avoid squid , and use firestarter, it will be much simpler and better

[electroconvulsi]

Thanks again to everyone. I got it happening by using firestarter. And this is how I ended up doing it so if anyone needs a quick guide if they are having trouble with it give this a try because it worked for me.

ON THE MACHINE THAT HAS THE CONNECTION TO THE INTERNET (GATEWAY)
1. install Firestarter: Get it via yum if you have the right repositories on your list (im not quite sure or can remember what repo it actually is on but a google search always helps. CMD= yum install firestarter -y (the -y switch when used with yum will install the app without asking for any further confirmation).
2. On your first run of firestarter (when the wizard runs) enable internet connection sharing.
ON THE MACHINE THAT WANTS CONNECTION THROUGH THE GATEWAY (CLIENT)
1. In your browser settings specify direct connection to the internet (no need for automatic discovery or manual configuration)
2. Open Network: [system>administration>network] then go to the DNS tab.Here specify the DNS server address that is provided by your ISP (this is sometimes a little tricky to sniff out I rung my ISP and asked them but if anyone knows a way to query an ISP for DNS server addresses in terminal please tell me).

Thats about it but if anyone has anything to add or feerls they need to correct me in any way please let me know.
Thanks to everyone who helped on this.

[xathrasmurphy]

Of course, now I have it sorted out I go and get myself a hardware firewall-router-modem.