You are not logged in.

#1 2008-05-18 17:00:27

cschep
Member
Registered: 2006-12-02
Posts: 124
Website

Very Simple Internet Sharing

Hello everyone. Here is my conundrum.

I have a friend who lives across the way and we share an internet connection. The wireless router is in his place and he lets me enjoy the internet for a small free every month. Networking my computers together by connecting them all to that wireless router is slow and some of my boxes don't have wireless...

Here is what I would like to accomplish. I have an old laptop that has a wireless card that I've configured correctly, that can connect to the internet through the wireless connection. I'd like to network the rest of my machines on my router, and just plug the ethernet port of this laptop into the WAN connection of my router, and so I can network all my machines and have some hard wired and some not.

I suppose it doesn't even matter if the laptop will do dhcp, it doesn't matter about firewalling off certain things. I've stepped through some IPTABLES HOWTO's but they just seem 10x overkill for what I really need, and I don't understand the basics of it well enough to know.

So the question is, are there simple iptables rules to just forward everything from one network interface to another? (Wireless to wired) (eth1 to eth0) (something like that...)

Or should I be looking at another way? I'm just sure this would be a 2 second setup for someone that had more linux experience.

Thanks in advance, I appreciate any and all replies.

-chris

Offline

#2 2008-05-18 17:05:42

arunvragh
Member
Registered: 2007-04-17
Posts: 111

Re: Very Simple Internet Sharing

I think you need to enable ipv4 packet forwarding.

As far as I know you need two separate cards.. Your wireless to connect to the router and another card to connect to your network.

Simplest way would be to install firestarter. It is a graphical frontend to ip tables and you can allow others in your network to access specific protocols like pop3 http etc. I don't know if firestarter is available in Arch (maybe in AUR) but no difficult to compile from source

Offline

#3 2008-05-18 17:19:58

cschep
Member
Registered: 2006-12-02
Posts: 124
Website

Re: Very Simple Internet Sharing

Hey Thanks, I'll looking into the ipv4 packet forwarding. I've got 2 seperate cards, that shoudln't be an issue.

Firestarter looks cool, but this machine doesn't run any sort of GUI. It's old and beastly.

Thanks for the quick reply!

Offline

#4 2008-05-18 22:42:20

elide
Member
From: Russia
Registered: 2007-12-02
Posts: 40

Re: Very Simple Internet Sharing

Offline

#5 2008-05-18 23:30:35

LTSmash
Member
From: Aguascalientes - Mexico
Registered: 2008-01-02
Posts: 348
Website

Re: Very Simple Internet Sharing

This is when ufw comes useful.


Proud Ex-Arch user.
Still an ArchLinux lover though.

Currently on Kubuntu 9.10

Offline

#6 2008-05-18 23:58:01

Aaron
Member
From: PA, USA
Registered: 2007-12-19
Posts: 108
Website

Re: Very Simple Internet Sharing

LTSmash wrote:

This is when ufw comes useful.

Except ufw isn't ported yet.

Look into FireHOL

Offline

#7 2008-05-19 05:55:40

pelle.k
Member
From: Åre, Sweden (EU)
Registered: 2006-04-30
Posts: 667

Re: Very Simple Internet Sharing

I used something like this back in the day. Add it to rc.local or something. You may have to adjust it a bit. Just take a look on what each command does, and you'll understand how it works. (man iptables)
Maybe the syntax has changed by now? i dont know.
FireHOL is also very good at things like these.

IFOUT="eth0"
IFIN="wlan0"

echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

iptables -F
iptables -t nat -F

iptables --table nat --append POSTROUTING --out-interface $IFOUT -j MASQUERADE
iptables --append FORWARD --in-interface $IFIN -j ACCEPT

"Your beliefs can be like fences that surround you.
You must first see them or you will not even realize that you are not free, simply because you will not see beyond the fences.
They will represent the boundaries of your experience."

SETH / Jane Roberts

Offline

#8 2008-05-19 07:22:11

kishd
Member
Registered: 2006-06-14
Posts: 401

Re: Very Simple Internet Sharing

Another method might be to install ipcop on the laptop and use it as a firewall as well. ipcop can be configured through a web interface and has very low spec requirements.


---for there is nothing either good or bad, but only thinking makes it so....
Hamlet, W Shakespeare

Offline

#9 2008-05-20 17:56:01

cschep
Member
Registered: 2006-12-02
Posts: 124
Website

Re: Very Simple Internet Sharing

Hey guys, thanks for the replies. I got it working pretty well. I mostly referenced this wiki entry:

http://wiki.archlinux.org/index.php/Internet_Share

It looks the commands I used were almost indentical to the script pelle.k posted. Basically everything except:

iptables --append FORWARD --in-interface $IFIN -j ACCEPT

So I guess I'm forwarding everything, instead of only the "in" interface, but since that's the only other interface it shouldn't be a problem right?

Thanks again guys, great quick responses and I'm up and running. Long live Arch.

Offline

#10 2008-05-28 16:49:41

Redroar
Member
Registered: 2008-03-17
Posts: 200

Re: Very Simple Internet Sharing

If you want to firewall that connection too, try this script I use sometimes. Just run it with root privileges and then sudo /etc/rc.d/iptables save. So long as iptables is in the daemon line in rc.conf. Also, I used a lot of shorthand and variables in my script to make it quicker to write and easier to modify, but I think it's pretty self-explanatory. I'll add comments.

#!/bin/sh
# IPTables configuration script. Don't forget to "iptables-save > /etc/iptables/iptables.rules" afterwards.

# Set variables/shorthand
ipf="/usr/sbin/iptables -t filter" # Set a shorthand for the filter table
ipn="/usr/sbin/iptables -t nat" # Set a shorthand for the nat table
lan="eth0" # Change to your internal (network-facing) interface
int="eth1" # Change to your external (internet-facing) interface
sre="-m state --state RELATED,ESTABLISHED" # Set shorthand for stateful rules

# Clean out old settings
$ipf --flush
$ipn --flush

# Set policies
$ipf -P INPUT DROP
$ipf -P OUTPUT DROP
$ipf -P FORWARD DROP

# Set Firewall
# Set loopback interface. Do not comment or delete!
$ipf -A INPUT -i lo -j ACCEPT # DO NOT COMMENT OR DELETE THIS LINE!!! Required for loopback interface to function
$ipf -A OUTPUT -o lo -j ACCEPT # DO NOT COMMENT OR DELETE THIS LINE!!! Required for loopback interface to function
# Input Settings
$ipf -A INPUT -i $lan -j ACCEPT # Accept all data from the local network
$ipf -A INPUT -i $int $sre -j ACCEPT # Accept only related packets from the internet
# Forwarding Settings
$ipf -A FORWARD -i $lan -j ACCEPT # Forward all packets from the LAN to the internet
$ipf -A FORWARD -i $int $sre -j ACCEPT # Forward only related packets from the internet
# Output Settings
$ipf -A OUTPUT -o $lan -j ACCEPT # Allow all output from this computer to the LAN
$ipf -A OUTPUT -o $int -j ACCEPT # Allow all output from this computer to the internet

# Set NAT
$ipn -A POSTROUTING -o $int -j MASQUERADE # Set Network Address Translation

Stop looking at my signature. It betrays your nature.

Offline

Board footer

Powered by FluxBB