# Help needed enabling internet sharing

## Advocate

Can someone please tell me how to enable internet sharing with Gentoo

eth1 is connected to my cable modem and eth0 to my network, both are brought up fine on boot but I can't seem to get the other pc's on the network to see the internet.

Can someone please tell me what lines should be in my /etc/conf.d/net file and /etc/conf.d/local.start file?

TIA

----------

## pjp

Do you have iptables installed and configured?

----------

## Advocate

Although iptables is in sbin this is what I get

bash-2.05a# iptables -F

modprobe: Can't locate module ip_tables

iptables v1.2.6a: can't initialize iptables table `filter': iptables who? (do you need to insmod?)

Perhaps iptables or your kernel needs to be upgraded.

----------

## nitro322

First you'll need to enable IP forwarding.  

```
echo "1" >/proc/sys/net/ipv4/ip_forward
```

 will take care of that.  Next, you need to enable IP Masquerading on the box using iptables.  Check the tutorials at http://www.netfilter.org/documentation/index.html#tutorials for examples of how to do this.  After this you should be good to go.  Just be sure to have the internal machines point to the internal NIC on your gateway machine as their default gateway.  The Gentoo box should take care of the rest.

----------

## nitro322

 *Advocate wrote:*   

> Although iptables is in sbin this is what I get
> 
> bash-2.05a# iptables -F
> 
> modprobe: Can't locate module ip_tables
> ...

 

iptables support needs to be included in the kernel.  Reconfigure, and under the Network section you'll see an entry for IP Filtering (I think - this is from Memory).  Enable that, and then you'll be able to enter a submenu to enable various iptables components (and the older ipchains, if yo uso desire).

----------

## Advocate

OK I'm doing the make dep &&....etc thang right now....

I'm assuming that make menuconfig loaded my previous setup so just adding the iptables stuff won't break anything will it?

thx for the help btw it IS appreciated....havea frustrated Dad constantly asking me if he can access the net yet

GRRRRRRR!!! roll on Aug 16th when I move into my own place :s

----------

## nitro322

 *Advocate wrote:*   

> OK I'm doing the make dep &&....etc thang right now....
> 
> I'm assuming that make menuconfig loaded my previous setup so just adding the iptables stuff won't break anything will it?
> 
> 

 

Correct.  Assuming your .config file is still there since the last compile, your options will be the same.  If you happen to encounter any kernel compile problems, try 'make clean', then do all the make dep... stuff again.  This will delete all of the existing kernel objects and modules that are there from your last compile, leaving just the source (and your .config file) behind.

----------

## Advocate

I'm going wrong here somewhere....

My intention was to rename the old bzImage to bzImage.old and add an entry to menu.lst to allow booting from it should anything untoward happen with the new kernel.....but, there is nothing in /boot anymore.  I'm pretty sure that's where I put everything when I installed gentoo....there's no grub dir or anything...

Any tips?

----------

## pjp

as root 'mount /boot'.  /boot is unmounted by default to help minimize the chances for corruption.

----------

## Advocate

Excellent thanks!  :Smile: 

Once I have altered the menu.lst file do I need to do anything else to get grub to see the changes?

----------

## pjp

Shouldn't.

----------

## Advocate

OK have recompiled the kernel with all the IP filtering stuff enabled but am still getting the same error message when trying to use iptables....

Now officially going mad trying to suss this out... :s

----------

## Advocate

Here are the networking options in make menuconfig, if you could tell me which ones to enable I'd appreciate it

   <*> Packet socket 

    [ ]   Packet socket: mmapped IO                                                                                                

< > Netlink device emulation                                                                                            

[*] Network packet filtering (replaces ipchains)                                                                               

[ ]   Network packet filtering debugging                                                                                       

[*] Socket Filtering                                                                                                           

<*> Unix domain sockets                                                                                                        

[*] TCP/IP networking                                                                                                          

[*]   IP: multicasting                                                                                                         

[*]   IP: advanced router                                                                                                      

[*]     IP: policy routing                                                                                                     

[ ]       IP: use netfilter MARK value as routing key                                                                          

[*]       IP: fast network address translation                                                                                 

[*]     IP: equal cost multipath                                                                                               

[*]     IP: use TOS value as routing key                                                                                       

[*]     IP: verbose route monitoring                                                                                           

[*]     IP: large routing tables                                                                                               

[*]   IP: kernel level autoconfiguration                                                                                       

[*]     IP: DHCP support                                                                                                       

[*]     IP: BOOTP support                                                                                                      

[*]     IP: RARP support                                                                                                       

< >   IP: tunneling                                                                                                            

< >   IP: GRE tunnels over IP                                                                                                  

[*]   IP: multicast routing                                                                                                    

[ ]     IP: PIM-SM version 1 support                                                                                           

[ ]     IP: PIM-SM version 2 support        

                                  [ ]   IP: ARP daemon support (EXPERIMENTAL)                                                                                    

[ ]   IP: TCP Explicit Congestion Notification support                                                                         

[ ]   IP: TCP syncookie support (disabled per default)                                                                           

IP: Netfilter Configuration  --->                                                                                            

< >   The IPv6 protocol (EXPERIMENTAL)                                                                                         

< >   Kernel httpd acceleration (EXPERIMENTAL)                                                                                 

[ ] Asynchronous Transfer Mode (ATM) (EXPERIMENTAL)                                                                            

< > 802.1Q VLAN Support                                                                                                        

---                                                                                                                            

< > The IPX protocol                                                                                                           

< > Appletalk protocol support                                                                                                 

Appletalk devices  --->                                                                                                        

< > DECnet Support                                                                                                             

< > 802.1d Ethernet Bridging                                                                                                   

< > CCITT X.25 Packet Layer (EXPERIMENTAL)                                                                                     

< > LAPB Data Link Driver (EXPERIMENTAL)                                                                                       

< > ANSI/IEEE 802.2 Data link layer protocol                                                                                   

[ ] Frame Diverter (EXPERIMENTAL)                                                                                              

< > Acorn Econet/AUN protocols (EXPERIMENTAL)                                                                                  

< > WAN router                                                                                                                 

[ ] Fast switching (read help!)                                                                                                

[ ] Forwarding between high speed interfaces                                                                                   

QoS and/or fair queueing  --->                                                                                                 

Network testing  --->                                               

...and the options for IP: Netfilter Configuration ---> are as follows

     <*> Connection tracking (required for masq/NAT)                                                                                

<*>   FTP protocol support                                                                                                     

<*>   IRC protocol support                                                                                                     

< > Userspace queueing via NETLINK (EXPERIMENTAL)                                                                              

<*> IP tables support (required for filtering/masq/NAT)                                                                        

< >   limit match support                                                                                                      

< >   MAC address match support                                                                                                

<*>   netfilter MARK match support                                                                                             

<*>   Multiple port match support                                                                                              

< >   TOS match support                                                                                                        

< >   AH/ESP match support                                                                                                     

< >   LENGTH match support                                                                                                     

< >   TTL match support                                                                                                        

< >   tcpmss match support                                                                                                     

< >   stealth match support                                                                                                    

< >   Connection state match support                                                                                           

< >   Unclean match support (EXPERIMENTAL)                                                                                     

< >   Owner match support (EXPERIMENTAL)                                                                                       

< >   Packet filtering                                                                                                         

<*>   Full NAT                                                                                                                 

<*>     MASQUERADE target support                                                                                              

<*>     REDIRECT target support                                                                                                

[*]     NAT of local connections (READ HELP)                                                                                   

< >     Basic SNMP-ALG support (EXPERIMENTAL)                                                                                  

< >   Packet mangling                                                                                                          

< >   LOG target support                                                 

 < >   ULOG target support                                                                                                      

< >   TCPMSS target support                                                                                                    

< > ARP tables support     

Any other files you want me to paste etc just let me know... am dying here trying to sort this out

----------

## pharmboy

Under Netfilter you will need Packet Filtering and I believe Packet Mangling as well, this is from memory, someone correct me if I'm wrong. Either as module or directly into kernel works, I have my Iptables stuff compiled into kernel. That's all I can see there that you missed. Gluck!

----------

## Arx

Yay.

Packet filtering and Packet Mangling are the key.

The tutorials I looked at didn't mention that, and neither did the first 30 threads I looked at before I hit this one.

You kick ass.

----------

## Vanquirius

You might find this page interesting:

http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/

Find a good suggestion of modules in 

"Requirements for IP Masquerade on Linux 2.4.x"

And "Configuring..." also has some nice scripts for you to get your routing started.

----------

