# Linux -> Windows connection sharing

## Beju

Hello, my question is completely reflected by the topic  :Smile:  My 'main' PC box is connected to the internet via wireless connection. How to share this connection with laptop (with Windows XP on it)? I've found few articles about it, but everywhere I could read: 'Use iptables'. Well, do I REALLY have to use iptables for just one box? In the Windows world, it seems to be less complicated.

----------

## Zepp

 *Beju wrote:*   

> Hello, my question is completely reflected by the topic  My 'main' PC box is connected to the internet via wireless connection. How to share this connection with laptop (with Windows XP on it)? I've found few articles about it, but everywhere I could read: 'Use iptables'. Well, do I REALLY have to use iptables for just one box? In the Windows world, it seems to be less complicated.

 

Shorewall maybe? Why can this laptop not also use wireless though? Anyway I would just use iptables myself and use the gentoo home router guide to get you started.

----------

## MrEntropy

I had my XP laptop connected to the internet and used the Internet Connection Sharing option.  Then I changed my /etc/conf.d/net file to have:

```
routes_eth0=("192.168.0.1") #or whatever the IP address of the XP box is
```

Then, the tricky bit, was adding the DNS server to the resolv.conf file so the whole shebang would work.

----------

## Beju

The laptop can't use wireless, because it needs an directional antenna  :Smile:  Yah, so my 'You can't escape from iptables' bad dream has become true   :Sad: 

@MrEntropy:

Yeah, this way is a lot easier, but for some technical purposes I can't bind my laptop to a wire and run around with my PC box  :Smile: 

----------

## Zepp

 *Beju wrote:*   

> The laptop can't use wireless, because it needs an directional antenna  Yah, so my 'You can't escape from iptables' bad dream has become true  
> 
> @MrEntropy:
> 
> Yeah, this way is a lot easier, but for some technical purposes I can't bind my laptop to a wire and run around with my PC box 

 

If all you want to do is setup a basic NAT its not hard at all. Go have a look at the gentoo home router guide, you will be able to enter the commands pretty much as is.

----------

## hackerError

```
su

emerge firestarter

firestarter&

```

<3

----------

## Beju

Yuck, I'd set up pf or iptables rather than this Ubuntu-like firewall   :Very Happy: 

----------

## Zepp

 *Beju wrote:*   

> Yuck, I'd set up pf or iptables rather than this Ubuntu-like firewall  

 

Umm you comment on iptables being much harder and then you denounce someone for offering an easier/quicker solution? Ok...  :Confused: 

----------

## Beju

Hmm, maybe I didn't make myself clean earlier, but I was wondering if there is a way not involving iptables (or any other filter) at all. Isn't Firestarter just some kind of 'GUI' for it?

----------

## Zepp

 *Beju wrote:*   

> Hmm, maybe I didn't make myself clean earlier, but I was wondering if there is a way not involving iptables (or any other filter) at all. Isn't Firestarter just some kind of 'GUI' for it?

 

Yes. But iptables is technically just a user space application to control netfilter  :Razz: . They all use netfilter one way or another, there is no escaping that.

----------

## Beju

I see. Tell me one more thing: do I have to have both dhcpcd and dhcpd or maybe the dhcpd alone is enough?

----------

## Hu

 *Beju wrote:*   

> I see. Tell me one more thing: do I have to have both dhcpcd and dhcpd or maybe the dhcpd alone is enough?

 

That depends on your network configuration.  dhcpcd is a client daemon, which is responsible for configuring an interface by using DHCP.  dhcpd is a server daemon, which is responsible for issuing addresses to people running DHCP clients.  You can use dhcpd alone if you have some way of configuring your interface without using a DHCP client.  You also have the option of using a DHCP client other than dhcpcd.

----------

## Zepp

 *Beju wrote:*   

> I see. Tell me one more thing: do I have to have both dhcpcd and dhcpd or maybe the dhcpd alone is enough?

 

Just use dnsmasq, dhcp server + dns server  :Razz: . It's basic but you don't need anything complicated just to share your connection with your laptop.

----------

## Beju

Hmm, ok, I have decided to use dhcpd + dnsmasq. But I knew at the beginning that something will go wrong   :Sad:  I followed the gentoo home router guide, enabled all kernel options, set the iptables (I've made some changes there, e.g. network from 192.168.0.0 to 25.0.0.0), but still I can't get it to work. From my laptop only the ICMP protocol is active. But I've found strange thing:

```
netstat -M

netstat: no support for `ip_masquerade' on this system.
```

What the ...?!? Can someone tell me how to turn it on??? I am totally confused now. Please help!

----------

## Zepp

 *Beju wrote:*   

> Hmm, ok, I have decided to use dhcpd + dnsmasq. But I knew at the beginning that something will go wrong   I followed the gentoo home router guide, enabled all kernel options, set the iptables (I've made some changes there, e.g. network from 192.168.0.0 to 25.0.0.0), but still I can't get it to work. From my laptop only the ICMP protocol is active. But I've found strange thing:
> 
> ```
> netstat -M
> 
> ...

 

Um 25.0.0.0/8 is owned by the UK ministry of defense apparently  :Laughing: . Why are you not using a private network ip block? Not sure about your masquerade problem though.

----------

## Beju

 *Zepp wrote:*   

> Um 25.0.0.0/8 is owned by the UK ministry of defense apparently . Why are you not using a private network ip block?

 

Hmm, I think there is no difference. I've tried also 10.0.0.0/24 but still nothing. My iptables script is now:

```
#!/bin/bash

iptables -F

iptables -t nat -F

iptables -P INPUT ACCEPT

iptables -P OUTPUT ACCEPT

iptables -P FORWARD ACCEPT

iptables -t nat -A POSTROUTING  -s 10.0.0.0/24 -o ra0 -j MASQUERADE

echo 1 > /proc/sys/net/ipv4/ip_forward

for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f; done

/etc/init.d/iptables restart
```

----------

## krisse

 *Beju wrote:*   

> 
> 
> ```
> netstat -M
> 
> ...

 

Could it be that the kernel module (IP_NF_TARGET_MASQUERADE) hasn't been built? 

```
Linux kernel configuration:

    Networking

        Networking options

            Network packet filtering framework (Netfilter)

                IP: Netfilter Configuration

                    MASQUERADE target support
```

----------

## AKreal

The same problem. "MASQUERADE target support" is enabled...

----------

