Sharing internet connection

[abieleck]

Hi,

have anybody managed set up internet connection sharing in Fedora Core system without using program called firestarter? If so, could you help me?

I have two computers running FC6:
First has two network cards:

eth0:

connected to the Internet
automatically sets address, name and DNS address from DHCP

eth1:

connected directly by crossover cable to the other computer. The connection works fine, I can ssh between the computers
Its IP address is set to 192.168.0.1
mask is set to 255.255.255.0
Gateway is not set

The second computer has only one network card:

eth0:

connected to the first computer
Its IP address set to 192.168.0.2
network mask 255.255.255.0
Gateway set to 192.168.0.1

As a root on the computer connected to the internet I typed:

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE

and I tried opening some web pages in firefox on the computer not conneted directly to the internet. It did not work. I suppose it is not a problem with resolving host names, because even when I typed the IP address directly in address bar of the browser, it did not work.

Is there something I done wrong or did not do... Is firestarter the only hope?

I look forward to your help

Artur

[timdsmith]

You need this too...

Code:

/sbin/iptables -A INPUT -i $EXTIF -s 0.0.0.0/0 -d $EXTIP -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT

[Zotter]

Yea, like timdsmith infered - you don't need anything other than what comes with Fedora Core to do it, but it does take a bit of configuring. Using 3rd party scripts and script generators is an easy way to get it all configured.

Netfilter configured by iptables to setup NAT and masquerade and a change kernel settings in the /proc directory to enable IP forwarding:
echo "1" > /proc/sys/net/ipv4/ip_forward

An easy way to get the configs is to use the Easy Firewall Generator at:
http://easyfwgen.morizot.net/gen/

Fill it out online, copy the script and run it - done. You can download the source and set it up on your own httpd server if you'd like. If nothing else, just run it and then read the script. You'll see how it works.

To make for a fully functional setup, read up on how to setup DHCP and a caching DNS server on your IP forwarding box.

[tony85poon]

Come on, is there an Graphic User Interface to do this? I can share internet easily in Windows and Mac.

[giulix]

If you don't like firestarter:

GUI/X firewall applications:

Graphical and interactive firewall configuration:

fwbuilder - GUI for configuring firewalls
Using GNOME lokkit for firewall configuration
fireflier
Guarddog
Guidedog
gShieldConf
Knetfilter
LutelWall
...

[Zotter]

Quote:

Originally Posted by tony85poon

Come on, is there an Graphic User Interface to do this? I can share internet easily in Windows and Mac.

I think you're missing part of what FOSS is about. Choice and freedom. If you don't like what's available, create it.

Like so much of the FOSS world, the way I do it is just the way I do it. It's not the only way, the right way or even likely the best way. It's what works for me. Nothing anywhere promises that it'll work for you. Conversely, there's nothing says you have to use my way either.

Easy Firewall Generator works great for me. I've a local copy setup on one of my development boxen. I build router/firewall boxen for many of my clients. This allows me to have total control over what - exactly - is being done and how. Good, bad or indifferent. I can see it, edit it and customize beyond the limits of most any GUI only tool. I don't have to accept the GUI creators assumptions of what's being done or how. Or even trust he knows what he's doing (vast majority do).

If you're looking for a spoon fed GUI setup where you don't have to do, learn or understand "too much" - cool. They're available to you as well. That's your choice - go for it. That's the beauty of it all. It *is* your choice. It also means you have to choose it.

[ryptyde]

I have adsl pots modem with 4 port ethernet switch and 4 workstations that are connected with a unicom micro-switch/5 which is a 5 port 10/100base-tx switch. I can access the internet from all four (2 FC6 boxes and 2 XP's).

No mumbo-jumbo or jiggery-pokery just connect and it works. I guess it may depend on your set up.

Sorry that I couldn't come up with any witty condescending quips to get you going, just what works for me.

Good Luck.

[sheffrem]

PLs guys after running the script what are the settings to apply to my other pc like default gateway dns...etc

[marinaccio]

I have a related question, if anyone could point me in the right direction, it would be greatly appreciated

I am implementing a similar setup as the first post, here it is:

modem > FC6 eth0 set up for dhcp
eth1 static 192.168.1.1
internal machine eth0 192.168.1.101

I followed the "how to" at http://www.linuxsolved.com/forums/ftopic115.html

I have an executable script named rc.nat in /etc/rc.d/ and am calling that in /etc/rc.d/rc.local

When I reboot, I am expecting that the script will execute the following commands:
# Defines the location of iptables executables.
iptables=/sbin/iptables
#Clears if any old iptable rules/ policies are there.
iptables --flush -t nat
# Now we will do Masquerading ie. we are doing NAT.
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
# Enabling packet forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward

and in my /etc/rc.d/local is the following:
#added to enable inet sharing...
touch /etc/rc.d/rc.nat

note: I tried this with just:
/etc/rc.d/rc.nat

and then found a reference from google talking about adding "touch"

neither seem to work I believe that it is just a problem with either iptables, b/c if I disable the firewall the internal machine can access the internet, but that is not a sensible work around...

So any feedback would be appreciated, thanks for your time.

-Joe

[marinaccio]

One more thing... I tried the three commands mentioned above, but bash returns the following:
Warning: wierd character in interface `-s' (No aliases, :, ! or *).
Bad argument `0.0.0.0/0'
Try `iptables -h' or 'iptables --help' for more information.

If I am using wrong arguments, could someone point out what I need to take a closer look at. I have been searching for a solution since this weekend (besides disabling the fw), but no luck.

Thanks again.

[Enigma 2100]

Why don't you just buy a modem/router wired or wireless, whatever suits your needs. With any kind of ICS you always need to have one computer turned on, with a router/modem you just turn on whatever computer you want to go online and it will connect. It really is the best way. I used ICS for a couple of years until I needed a wireless connection then bought a router and it is so much better. They don't cost much these days. Mine was very cheap at about £35 UK.

[marinaccio]

I am aware that is a path to go down, b/c that was my previous setup, but this gives me a chance to learn some more about iptables. I try not to take the easy way out, and I know that ICS can't be that over complicated. If I can see what I am doing wrong with the way I am trying than that is one less question I'll have in the future. Since you have done this in the past, if you could point me in the direction in which I need to modify my script, it would be appreciated. Thanks for your time

[Enigma 2100]

Quote:

Originally Posted by marinaccio

I am aware that is a path to go down, b/c that was my previous setup, but this gives me a chance to learn some more about iptables. I try not to take the easy way out, and I know that ICS can't be that over complicated. If I can see what I am doing wrong with the way I am trying than that is one less question I'll have in the future. Since you have done this in the past, if you could point me in the direction in which I need to modify my script, it would be appreciated. Thanks for your time

Sorry I used ICS on Windows so it was pretty simple. ICS is basically a software router. I found some programs just didn't get on with it and eventually switched to a wireless router.

I understand trying to learn a system. I like to understand and learn about the systems I use. However, I came to realise unless you use the info regularly you forget it. I repair computers for a living but it is all Windows so I know Windows inside out. I started using Linux because everything with Windows is so easy and doesn't present a challenge any more.

[marinaccio]

Thanks for seeing where I'm coming from. I am set on that I am going to get this to work, and thank you for your feedback. If I find the solution to this, for my case, then I plan on posting it for others. Have a good day, and thanks for your reply.

[krafty1]

Firstly by what means does eth0 on computer1 connect to the internet? I find it best to have all static ip's if your having static ip's at all on your network, what i mean here is don't mix static ip's with dhcp on the same network. The gateway for your second machine should be the same as the gateway for eth0 on your first machine unless I'm mistaken. By far the best solution I've found is to have a network switch or hub with the ports connected:- (1) internet conection (2) computer1 (3)computer2 etc this allows all computers to connect to internet independant of other computers as long as the internet connection is live. I'm only speaking here from my own experience with internet connection sharing with Windows as well as Linux. Once I got a network switch life became so much easier regards the internet.