Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Sharing your-internet-connection-on-linux

2,280 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Sharing your-internet-connection-on-linux

  1. 1. Sharing your Internet connection on Linux Edmund Ochieng’ April 7, 2010 Abstract With only one IP address from your Internet Service Provider(ISP)and multiple PCs, it may appear impossible to share Internet; a routermay become handy in mapping the public address to multiple internaladdresses to be used by the multiple PCs. Routers generrally aren’t cheapand are often purchased by big and have the financial muscle. However,this guide should help a home user or small businesses turn a Linux boxinto an affordable router. 1
  2. 2. 1 IntroductionThere exist several guides on the internet that guide users how to share internethowever, many of them make it look like rocket science even to everyday Linuxusers. This document will attempt to make this process as easy as it can be.If its still difficult to understand let me know. Perhaps, I will be able to dosomething about it. Hope you enjoy the guide.2 Planning your networkPlanning is crucial and is dependent on the number of computers you would wishto share the internet connection. It greatly determines the speeds accessible byeach client. For instance if an entire class C network such as 192.168.1.0 /255.255.255.0 is used, the internet speed will be divided by 254 -the number ofvalid hosts. Thus, if the number of IP addresses used is less than 254 then anoperation known as subnetting is necessary to optimize the internet speeds.3 Doing the jobThis section takes us step-by-step through the configuration process giving mul-tiple solutions where applicable.3.1 Choosing size of the networkThe size of the network should be equal or greater than the number of hosts tobe networked. A slightly larger subnet is preffered to allow for easy expansionwithout necessitating the need to change the network configurations. For thisguide we shall assume we have four PCs that we would wish to connect to theinternet excluding the connected Linux PC. This makes a total of five hosts. Each network should have two additional addresses for the network addressand broadcast address. Thus we shall add 2 to 5 to make 7 hosts. 7 ≤ 2y , where y is the number of host bits7 ≤ 23 ⇒ 7 ≤ 88 − 7 = 1 extra IP addressW e can instead take y = 4 to increase number of f ree slotsbut,x+y =8x=8−yx = 4 network bits This implies the netmask shall be, 255.255.255.240. Taking the first subnet,our network address shall be, 192.168.1.0 and netmask 255.255.255.240. Here is how we obtain 240 in our last octet And since, x = 4 the last octectof our netmask becomes 240. 2
  3. 3. bit 1 bit 2 bit 3 bit 4 bit 5 bit 6 bit 7 bit 8 128 192 224 240 248 252 invalid invalid Our new subnet will therefore be have the following properties:Network address: 192.168.1.0Netmask: 255.255.255.240Broadcast address: 192.168.1.15Valid hosts: 192.168.1.1 to 192.168.1.14Gateway: 192.168.1.1 (Our Linux bos IP address) The details of subnetting are beyond the scope of this document. However,for further reading you may visit the Subnetting tutorial [3] in the referencessection.3.2 Configuring DHCPTo reduce the task of assigning network configurations to individual hosts, wemay choose to set up a DHCP server. If anything in the config file is unclear,kindly refer to “Linux DHCP Server configuration“[4]. Our configuration shallbe as shown below:[stuart@desert ~]$ cat /etc/dhcpd.confddns-update-style interim;ignore client-updates;subnet 192.168.1.0 netmask 255.255.255.128 {# --- default gateway option routers 192.168.1.1; option subnet-mask 255.255.255.240; option nis-domain "sandstorm.org"; option domain-name "sandstorm.org"; option domain-name-servers 192.168.1.1, 212.49.70.xx; option time-offset 10800; # East African Time# option ntp-servers 192.168.1.1;# option netbios-name-servers 192.168.1.1;# --- Selects point-to-point node (default is hybrid). Don’t change this unless# -- you understand Netbios very well# option netbios-node-type 2; range dynamic-bootp 192.168.1.2 192.168.1.10; default-lease-time 21600; max-lease-time 43200; 3
  4. 4. # we want the nameserver to appear at a fixed address host ns { next-server desert.sandstorm.org; hardware ethernet 12:34:56:78:AB:CD; fixed-address 207.175.42.254; }} where, 212.49.70.xx is the DNS IP address provided by my ISP.3.3 Enabling ip forwardingThis can be done in either of the two ways below, 1. Adding a line in /etc/rc.local Open the file /etc/rc.loacal, as root and append the line below. echo "1" > /proc/sys/net/ipv4/ip_forward 2. Editing the file sysctl.conf Login as root and open the file /etc/sysctl.conf [root@desert ~]# vi /etc/sysctl.conf Go to the line shown below, and change the 0 to 1. # Controls IP packet forwarding net.ipv4.ip_forward = 0 Finally, restart the network service to activate the new configuration. Thisstep is applicable for both the solutions above.[stuart@desert ~]$ /sbin/service network restart3.4 Configuring the firewallIf at all you’ve attempted to access the internet, you must have noticed therequest times out. So to have it working we must masquerade. Which is donein the firewall. This is done as below: 1. Flush any default rules [root@desert ~]# iptables -F [root@desert ~]# iptables -t nat -F [root@desert ~]# iptables -t mangle -F 2. Delete any additional chains in our tables [root@desert ~]# iptables -X [root@desert ~]# iptables -t nat -X [root@desert ~]# iptables -t mangle -X 4
  5. 5. 3. Save configuration and restart the firewall [root@desert ~]# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE [root@desert ~]# service iptables save [root@desert ~]# service iptables restart4. Test configuration Finally, we can test the configuration to ascertain that out configuration works using the ping command on a client. Output as that shown below shows that we are connected to the internet. [root@desert ~]# ping google.com PING google.com (64.233.181.147) 56(84) bytes of data. 64 bytes from ni-in-f147.1e100.net (64.233.181.147): icmp_seq=1 ttl=49 time=379 ms 64 bytes from ni-in-f147.1e100.net (64.233.181.147): icmp_seq=2 ttl=49 time=379 ms 64 bytes from ni-in-f147.1e100.net (64.233.181.147): icmp_seq=3 ttl=49 time=368 ms --- google.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 368.635/376.084/379.839/5.267 ms [root@desert ~]#Alas! you learnt a new magic trick. It works! 5
  6. 6. References[1] Anonymous, 2ND February 2008, ”CentOS / RedHat Linux Internet Connection sharing.“ http://www.cyberciti.biz/faq/rhel-fedora-linux-internet-connection-sharing-howto/ Accessed Wednesday, April 07 2010 19:47:13 hours.[2] Phd, 16TH January 2008, ”How to Masquerade on Linux(Internet connec- tion sharing).” http://www.howtoforge.com/internet-connection-sharing-masquerading-on-linux Accessed Wednesday, April 07 2010 20:04:21 hours.[3] Becker, Ralph, 25TH January 2007, ”IP Subnetting Tutorial.“ http://www.ralphb.net/IPSubnet/ Accessed Wednesday, April 07 2010 21:25:45 hours.[4] Ochieng, Edmund, 3RD March 2010, ”Linux DHCP Server configuration.” http://www.scribd.com/full/27775817?access key=key-303haxdvitgb29x4ohs Accessed Wednesday, April 07 2010 21:49:54 hours. Figure 1: Makmende amerudi 6

×