# Internet sharing...

## mrhodes

Hello,

   I have my gentoo box set up now with two NIC cards in it.  The cards are both installed properly, and working fine.

I have another windows computer connected to the gentoo box, and I have DHCPd setup and working on the gentoo computer.

What I want to do is have the internet working on my windows computer.  Only problem is that I'm not sure what to do to get that to work.

Like I said, when I do "ipconfig /renew" on the windows machine, I get an IP address, and everything there is set up fine....

I just want to get the internet working now...

Can anyone help me out ?

Thanks, 

Mike

----------

## simulacrum

You'll have to set up IP Masquerading via iptables (or ipchains) and you should be good to go. Be sure to remember to set your windows gateway to the Gentoo machine. If you need help with Masquerading, check out this link. Good luck.

----------

## splooge

http://projectfiles.com/firewall

----------

## kerframil

You don't say where the access point to your Internet connection actually resides, but I'll assume that one NIC is connected to your LAN/Windows machine and the other is connected to some kind of Internet device such as an ADSL/cable modem. Let's say eth0 is LAN connected, and eth1 connects to the Internet. I'll assume that the address of your eth0 device is 10.0.0.1 for arguments sake and that you Windows client resides somewhere on the same subnet (e.g. 10.0.0.5).

Firstly, make sure your DHCP daemon is only set to listen and respond on eth0. Make sure you can access the Internet from your Linux box (I assume you can, I'd imagine you're using a DHCP client to initialise eth1).

You need to tell Linux to do routing (so that it will forward packets between both interfaces, LAN <-> Internet). To enable routing:

```
echo "1" > /proc/sys/net/ipv4/ip_forward
```

. For more information on that, have a look at the help for "IP: advanced router" in the kernel config options. Note that you don't actually need to enable "IP: advanced router" for IP forwarding to work. But that option gives you access to advanced routing features and is recommended if your Linux box acts pretty much as a dedicated router. I doubt you need it though.

You'll need to configure your Windows box to point to your Linux box as the default router/gateway. To do that, add a line to your dhcpd.conf:

```
option routers 10.0.0.1;
```

That way, DHCP will tell the Windows box where to send packets which aren't destined for your local subnet.

That's not the end of it though. You'll be wanting your Linux box to perform NAT (Network Address Translation), also known to some Linux types as masquerading. This allows any number of clients to share your single Internet connection, more specifically, it will translate requests routed from your LAN in eth0 out through your IP address (which is a real Internet IP address) on eth1. Internet hosts see that the request came from your Linux box. When your Linux box gets the answer back, it remembers which client it originally serviced and sends the request back to the correct client. There's a good explanation of the mechanics of this in the OpenBSD guide.

In fact, I use OpenBSD to service my needs in this department so I'm not an expert on doing it in Linux but I trust the following will be enough to get you going in the right direction:

In your kernel, enable "Network packet filtering (replaces ipchains)" option. Scroll down, and select "IP: Netfilter Configuration". In the new menu that appears, select "Connection tracking (required for masq/NAT) (NEW)". There are serveral sub-options available. You'll almost certainly want "FTP Protocol support (NEW)" and "IRC protocol support (NEW)" if you want to use IRC from your Windows box. These protocols have tricky requirements where your router/firewall is expected to temporarily open up ports for incoming connections for these protocols to work properly. These "proxies" enable you to safely use them without opening gaping holes in your firewall/router. You'll need to enable "IP tables support" too - that's actually required and will enable you to set up the necessary NAT rules as well as create a suitable firewall to protect your gateway.

Let's assume your eth1 interface (the Internet connected one) has an address of 1.1.1.1. I believe you'll need to enter something like:

```
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -o eth1 -j SNAT -to 1.1.1.1
```

Assuming you've enabled IP forwarding as already mentioned, that should give your Windows box access to the net. It allows anything out from the whole internal subnet to the Internet, rewriting the source address as 1.1.1.1 when it goes out, meaning that the packet will come back to the correct place, at which point your Linux box should send it back to the right internal host. The "/8" bit means a subnet mask of 255.0.0.0. If you're using 192.168.0.x addresses then it would be "/24" which means 255.255.255.0 so make sure you get that right. Don't take my word for it though because I'm inexperienced using Linux for this task.

Then you really need to get some good firewall rules going to make things secure and stateful. Have a look at Rusty's guides http://www.netfilter.org/documentation/index.html#HOWTO.

Also, please note that your Linux box should actually be using a default gateway residing at your ISP for all this to work, but if you've already got Internet access on your Linux box this should be the case anyway. Ah yes, and make sure you've configured your Windows box to use valid DNS servers (again belonging to your ISP). You can use the option domain-name-servers directive in your dhcpd.conf to achieve this. I prefer to set up a cacheing nameserver using BIND and point clients to that, but that's another story  :Smile: 

If you don't fancy doing all of that, then just setup a proxy server (i.e. squid) and configure your browser on Windows to point to that. But NAT will let you use virtually *any* protocol from all of your clients.

HTH.

----------

## mrhodes

Thank you very much for the detailed help!  After a bit of tweaking, and reading up on NAT, and iptables I was able to get the internet to work fine...

Only problem I have now is that it won't work after I reboot the server  :Sad:   I have to 

type "echo "1" > /proc/sys/net/ipv4/ip_forward"

and  "iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -o eth1 -j SNAT -to 1.1.1.1"

to get it to work again.  Can anyone tell me a way to make this happen automatically when the system boots up?  I know there must be a way....

Thanks everyone

Mike

----------

## #!

hrmm, well to get that to happen automatically I would just make a shell script and stick it in /etc/conf.d/local.start

An example would be:

```

#!/bin/sh

echo "1" > /proc/sys/net/ipv4/ip_forward" ;

iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -o eth1 -j SNAT -to 1.1.1.1 ;

```

save that as im_an_ip_fowarding_script, or whatever turns you on, and make it executable (chmod a+x file works nicely). Stick this whereever you want, like /bin is nice or /usr/bin

Now using your favourite text editor open up /etc/conf.d/local.start (you have to have write permissions) and add the line to it. For example if my script was called masq_stuff and was in /bin I would add

```

/bin/masq_stuff ;

```

This is now the cue for all the millions of people to tell you how you could've done this in a better way (: Sorry for treating you like a complete n00b in my explanation, just thought I'd cover everything, maybe it'll help some n00b one day if they stumble accross it.

[/code]

----------

## mrhodes

Thanks,  :Smile: 

Np about the noob thing  :Smile:   My background is basically just windows, so, most of this linux stuff is new to me.... I am coming along quickly though, and by using gentoo, I am learning a lot more then if I was just using some other distro  :Smile: 

Hmm, While I'm at it, I have one more question... (perhaps I should start a new thread? )

Are there any programs avail where I could log into my linux box from Windows?  Somewhat like terminal server or PC Anywhere type program?

Not too important, but would be nice  :Smile: 

THanks, 

Mike

----------

## splooge

To get the same results as 'echo 1 > /proc/sys/net/ipv4/ip_forward' on bootup, look at your /etc/sysctl.conf file.

To save your iptables setting to it comes back on reboot, try this (after you have entered the correct rules):

```
#/etc/init.d/iptables save

#rc-update add iptables default
```

----------

## splooge

 *Quote:*   

> Hmm, While I'm at it, I have one more question... (perhaps I should start a new thread? )
> 
> Are there any programs avail where I could log into my linux box from Windows?  Somewhat like terminal server or PC Anywhere type program?
> 
> Not too important, but would be nice 

 

http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe

Of course this would require that you have ssh installed:

```
#emerge openssh

#rc-update add sshd default
```

----------

## grudge

Hi There,

I've been trying to setup iptables and the following command

```

iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j SNAT -to 192.168.20.100

```

gives me a 

```

bad argument : 192.168.20.100

```

What am I doing wrong ?

----------

## splooge

You need two dashes in front of the --to

----------

## grudge

Thanks, got that working in the meanwhile. It's all working perfectly now. The only problem i still have is to connect two different subnets ??   :Sad: 

----------

## Cyris

 *Quote:*   

> Hmm, While I'm at it, I have one more question... (perhaps I should start a new thread? ) 
> 
> Are there any programs avail where I could log into my linux box from Windows? Somewhat like terminal server or PC Anywhere type program? 
> 
> Not too important, but would be nice  
> ...

 

VNC Server works very well.  It will give you a GUI whereas PUTTY (which was mentioned also and is very nice and quick) only offers you CLI.

----------

## gonEH

Thnks for information..

 :Surprised: 

----------

