# problem sharing internet connection

## tgnb

I am having trouble sharing my internet connection on my shiny new gentoo box.

I previously had slackware installed on it and was able to share the internet connection without a problem.

my /etc/conf.d/net contains:

iface_eth0="dhcp"

iface_eth1="192.168.0.99 broadcast 192.168.0.255 netmask 255.255.255.0"

my /etc/conf.d/local.start contains:

#Clear all iptables rules at first

iptables -F

iptables -X

iptables -Z

# enable internet sharing

iptables -F; iptables -t nat -F; iptables -t mangle -F

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT

iptables -P INPUT DROP

# open ssh port

iptables -A INPUT --protocol tcp --dport 22 -j ACCEPT

This is the same setup i previously had when this box was running slackware. I'm kinda lost as to why this isn't working.

----------

## c_kuzmanic

Does Internet sharing work without use of ip-tables?

----------

## tgnb

I'm not sure what you mean?  iptables is what enables the internet sharing afaik. So how would it work without it?

----------

## bbibber

```

# enables ip forwarding

echo "1" > /proc/sys/net/ipv4/ip_forward

# enable next line for dynamic addresses (eg. dhcp)

echo "1" > /proc/sys/net/ipv4/ip_dynaddr

```

btw does anyone know why netstat -M doesn't show the masqueraded connections anymore?Last edited by bbibber on Fri Apr 19, 2002 2:24 pm; edited 1 time in total

----------

## Fragadelic

Can you ping the other computers on the network from the gentoo box?

It may be that the drivers for the nics are not installed(eg-either not compiled in the kernel or the modules have not been loaded).

Also, what does your output from 'ifconfig' look like?

----------

## tgnb

bbibber: now i feel stupid. i bet you hit the nail on the head. i think in slackware ip forwarding is enabled by default. ... i will check this as soon as i get home  :Smile:  this is why i am starting to love gentoo. it doesnt do things for me. i have to do them myself, therefore learning to understand my system better.

thanks gentoo

----------

## gilgames

 *tgnb wrote:*   

> i think in slackware ip forwarding is enabled by default. this is why i am starting to love gentoo. it doesnt do things for me. i have to do them myself, therefore learning to understand my system better.
> 
> thanks gentoo

 

IIRC ip forwarding is disabled by default in the kernel, you have to enable it explicitly. Which is by far safer than enabling it by default. A distro like that gives me the shivers.

----------

## gumbootcha

hi! i was reading your thread for the past few days and thanks to you, i was able to setup internet sharing in our home lan.

while i was going through the /etc/conf.d folder, i noticed that there was an iptables script there. i was wondering if anyone knew how to use this script. 

in my case, i just used /etc/conf.d/local.start to place the rules and stuff to get my sharing enabled.

thanks.

----------

## Mnemia

 *gumbootcha wrote:*   

> hi! i was reading your thread for the past few days and thanks to you, i was able to setup internet sharing in our home lan.
> 
> while i was going through the /etc/conf.d folder, i noticed that there was an iptables script there. i was wondering if anyone knew how to use this script. 
> 
> in my case, i just used /etc/conf.d/local.start to place the rules and stuff to get my sharing enabled.
> ...

 

What I did was manually configure my firewall rules using a standalone script. Then when I was sure it was working right I used the iptables-save command (part of the iptables package) to dump my rules to the location that the iptables boot script expects (/var/lib/iptables/rules-save).

Then the /etc/init.d/iptables script will work correctly by loading the rules saved to that file. You can then add that script to be loaded at boot.

----------

## gumbootcha

will that script automatically activate ip_forward and ip_dynaddr for me?

thanks.

----------

## Mnemia

I'm not actually using NAT/forwarding, so I haven't explicitly tested the proposition, but I think that any iptables command can be initiated through this script. So, yeah, I think that it should work for that purpose. Just set all the commands up by hand or with the help of a GUI tool and get the firewall/routing running, and then type:

```

iptables-save > var/lib/iptables/rules-save

```

Then: 

```

rc-update add iptables default

```

You should tweak the dependencies on the init script a bit to make sure that the firewall comes up immediately following the network interface, but other than that, that's it.

----------

