Help Ubuntu Com

8/3/2019 Help Ubuntu Com

1/6

Contents

1. Introduction1. GUI Method via Network Manager

(Ubuntu 9.10 and up)1. Wireless Ad-Hoc connection

sharing scenario2. Ubuntu Internet Gateway Method

(iptables)1. Gateway set up2. Client set up

3. Advanced Gateway Configuration1. DHCP/DNS server

4. Other approaches1. Alternate server software (CLI)2. Alternate gateway software (GUI)3. Simple iptables example

5. See also

Ubuntu Documentation > Community Documentation > InternetConnectionSharing

InternetConnectionSharing

Style Cleanup Required: This article does not follow the style standards in the Wiki Guide. More info...

IntroductionInternet Connection Sharing (ICS) provides the ability for one computer toshare its Internet connection with another computer. To do this, a computerwith an Internet connection must be c onfigured to function as an Internetgateway. A second computer (or network of computers) connects to theInternet indirectly via the gateway computer.

Situations in which ICS may be necessary include:

Dial-up connect ion. Authenticated (PPPoA/E) connection.

Wireless connection.When it is impractical (such as with distance) to run multiple network cables to each c omputer.

GUI Method via Network Manager (Ubu ntu 9.10 and up)

In order to share an Internet connection, the comp uter that will do t he sharing must have two network cards or ports. This assumesthat you are using at least one Ethernet port and that it is ident ified as "eth0". eth0 will be the port that other computers will connectto you on.

When you are logged in:

Go to "System" on your top bar.Navigate to "Preferences" and select "Network Connections".When that window opens, select "Auto eth0", and press "Edit" (This assumes that you are connected to the Internet on someother port, for example wlan0 using wireless).

A new window will open. Navigate to the tab titled "IPv4 Settings", and change the Method to "Shared to other computers". Afterrestarting the computer, you should now be ab le to plug in any c omputer in to your other Ethernet port or share through yourwireless card.

Note: To clarify the above example, here is an example configuration that will work:

1. You are already connected to the Internet using your wireless on port wlan0.2. The Ethernet port eth0 is connected to the PC that needs to share your Internet connection (or you could wire eth0 to a

router for multiple machines).

Note: In the case of connecting a router, especially one with wireless, where you want the users to share your connection:

1. Check before you start (in Sy naptic or with dpkg-query -l dnsmasq* ) that dnsmasq-base is installed and that dnsmasq is not installed. Install or uninstall as appropriate (see next section).

2. After connecting the router, to enable masquerading, type:

sudo iptables -t nat -A POSTROUTING -j MASQUERADE

Wireless Ad-Hoc connection sharing scenario

Step-by-step guide:

dnsmasq-base has to be installed:

sudo apt-get install dnsmasq-base

Remove dnsmasq because it conflicts with NetworkManager :

sudo apt-get remove dnsmasq

Restart NetworkManager :

sudo /etc/init.d/network-manager restart

Add a new wireless network with NetworkManager (left-click on NetworkManager icon, then select "Create New WirelessNetwork").

Search

Community Documentation

Login to Edit

converted by Web2PDFConvert.com
https://help.ubuntu.com/community/Internet/ConnectionSharing?action=fullsearch&context=180&value=linkto%3A%22Internet%2FConnectionSharing%22https://help.ubuntu.com/communityhttp://www.web2pdfconvert.com/?ref=PDFhttp://www.web2pdfconvert.com/?ref=PDFhttps://help.ubuntu.com/community/NetworkManagerhttps://help.ubuntu.com/community/NetworkManagerhttps://help.ubuntu.com/community/NetworkManagerhttps://help.ubuntu.com/community/NetworkManagerhttps://help.ubuntu.com/community/Tag#StyleCleanuphttps://help.ubuntu.com/community/Internet/ConnectionSharing?action=fullsearch&context=180&value=linkto%3A%22Internet%2FConnectionSharing%22https://help.ubuntu.com/community/Internethttps://help.ubuntu.com/community/Internet/ConnectionSharing?action=fullsearch&context=180&value=linkto%3A%22Internet%2FConnectionSharing%22https://help.ubuntu.com/community/Internethttps://help.ubuntu.com/communityhttps://help.ubuntu.com/https://help.ubuntu.com/community/Internet/ConnectionSharing?action=loginhttps://help.ubuntu.com/community


2/6


3/6

#net.ipv4.ip_forward=1

... so that it reads:

net.ipv4.ip_forward=1

Client set up

Any OS can connect to the Internet as an ICS client as long as networking has been configured correctly. The following example willfocus on how to set up an Ubuntu ICS c lient. For this example, it is assumed that the client is connected to an Ubuntu gateway,which has been configured to share ICS on the 192.168.0.x subnet according to the gateway set up out lined above.

For this example, eth0 is the network card on the client which is connected (by crossov er cable) to eth1 on the Ubuntu gateway. Youcan replace eth0 as needed for your situation. Also, any private IP subnet can be used for the internal network IP address, as long asit matches the subnet on the gateway.

Disable networking

sudo /etc/init.d/networking stop

Give the client a static IP address

sudo ip addr add 192.168.0.100/24 dev eth0

This IP address can be anything within the gateway's private IP range.

Configure rout ing

sudo ip route add default via 192.168.0.1

This address should match the IP address on the gateway's internal network card (eth1 in the abov e example).

Configure DNS servers

Unless your ICS gateway can also perform DNS, you must manually configure the client with your ISP DNS servers. If you do no tknow your ISP's DNS servers, you can use OpenDNS servers instead.

Backup your current /etc/resolve.conf file:

sudo cp /etc/resolv.conf /etc/resolv.conf.backup

Open /etc/dhcp3/dhclient.conf with your favorite text editor:

sudo nano /etc/dhcp3/dhclient.conf

Search for the line that starts "prepend domain-name-servers", and change it to look like this:

prepend domain-name-servers 208.67.222.222,208.67.220.220;

208.67.222.222 and 208.67.220.220 are OpenDNS DNS servers. If you wish to use your ISP's DNS servers, use them here instead of the OpenDNS servers.

Restart networking

sudo /etc/init.d/networking restart

Once this is finished, your c lient will now have access to the Internet via ICS. Please direct any questions/comments to the InternetConnection Sharing Documentation thread.

A beginner's working example of a Ubuntu Desktop with 2 NIC cards, sharing Internet connect ion:http://ubuntuforums.org/showthread.php?p=3713684

Advanced Gateway Configuration

The above example outlines how to do basic ICS on a static IP network. Once you have configured your Ubuntu computers for ICSand confirmed that everything works across y our static network, there are a few advanced routing configurations which c an make itmuch easier to set up the ICS client.

Advanced configurations include DHCP server and DNS server. A DHCP server allows the client to get an IP address automaticallywithout having to manually configure a static IP. A DNS server allows the client to resolve Internet host names without manuallyconfiguring DNS addresses.

DHCP/DNS server

This is deceptively easy, and will be acceptable for most situations. However, it will not allow the ICS client to see computers ondifferent subnets.

http://www.web2pdfconvert.com/?ref=PDFhttp://www.web2pdfconvert.com/?ref=PDFhttp://ubuntuforums.org/showthread.php?p=3713684http://ubuntuforums.org/showthread.php?s=88b74f79f0ab07638e6b361c09040b45&t=503287https://www.opendns.com/start?device=ubuntuhttp://en.wikipedia.org/wiki/Domain_Name_System


4/6

Install software.

sudo aptitude install dnsmasq

Stop the server. After dnsmasq has been installed, it is automatically started, so it will need to be stopped before changes canbe made.

sudo /etc/init.d/dnsmasq stop

Make a backup of the well-commented configuration file (we won't use any o f this, but it's handy to have a copy o f for

reference later).

sudo cp /etc/dnsmasq.conf /etc/dnsmasq.conf-backup

Edit /etc/dnsmasq.conf with your favorite text editor, and add the following two lines:

interface=eth1dhcp-range=192.168.0.100,192.168.0.250,72h

Note: The "interface" should match the interface that your clients are connected to , and the "dhcp-range" should be within thegateway's private IP subnet that y ou configured according with the "Gateway set up" directions above.

Start the DHCP/DNS server.

sudo /etc/init.d/dnsmasq start

Now, your clients should be able to pull an automatic ip address and resolve host names.

Other approaches

The following section includes a rough outline of some alternative methods for configuring an ICS gateway. They are incomplete anduntested. They are included simply for the sake of information.

Alternate server software (CLI)

There are other ways to host ICS, but they are outside the scope of this article.

Alternate NAT

The ipmasq daemon does NAT routing so y ou don't have to configure iptables. The following directions are incomplete and should notbe considered a full description o f what needs to be done to configure ipmasq.

sudo aptitude install ipmasq

Configure ipmasq to allow dhcp requests. Otherwise, you need to stop ipmasq to make a connection. You need to copy a .rul fromthe documentation directory into the /etc config and edit the interface name. Then, reconfigure ipmasq to start after networking hasbeen started.

sudo dpkg-reconfigure ipmasq

Dedicated DHCP server

dhcp3 is an easy to configure and scalable true DHCP server that c an be configured for many different aplications. dhcp3configuration is more complex, but it can be useful in many situations:

https://help.ubuntu.com/community/dhcp3-server

Dedicated DNS server

BIND9 is a popular and well-supported local DNS server. It is very versatile and very powerful, but difficult to configure correctly:

https://help.ubuntu.com/community/BIND9ServerHowto

Alternate gateway software (GUI)

Another approach is to set up Firestarter , to run connection sharing, to set up dhc p3-server, and to set its configuration to listen tothe correct eth*. To change this later, run sudo dpkg-reconfigure dhcp3-server .

Basically, you need to have Firestarter active/turned on/protecting, to have the connection shared.

When you install dhcp3-server, it will place a sample config file in your /etc/dhcp3 folder, called dhcpd.conf. I suggest that you installdhcp3-server first and then Firestarter because if you are lucky, Firestarter will set up a new dhcp3 config file for you.

At any time that changes are made to your dhcpd.conf file, restart the server by typing sudo /etc/init.d/dhcp3-server restart . Alternatively, every t ime you run the sudo dpkg-reconfigure dhcp3-server command, at the end, your server will restart.

There are several issues that I had. First of all, the Firestarter firewall won't even start if you don't have it configured to listen to theright interface. You can change which one it listens to in Preferences --> Network Settings. The Local-network-connected device must

http://www.web2pdfconvert.com/?ref=PDFhttp://www.web2pdfconvert.com/?ref=PDFhttps://help.ubuntu.com/community/Firestarterhttps://help.ubuntu.com/community/BIND9ServerHowtohttps://help.ubuntu.com/community/dhcp3-server


5/6

be the same as you have dhcp3-server listening to. Of course, both checkbox es under that need to be checked. The Internet-connected network device will be the one that is configured for Internet. Now, I have two NICs, but I have PPPoE configured on eth0,and I have Internet connection sharing configured on the same one, because eth0 is also configured for a static 192.168 internal IPfor my internal network.

Simple iptables example

In a simple example, wlan0 has the Internet connection, and eth0 is being used to share the connection. It could be connecteddirectly with a single computer via a crossov er cable or switch, or you could have a router with a cable from eth0 to the WAN portand a whole LAN setup behind this. Interestingly, the Internet connection could be ppp0, a 3G, or mobile Internet modem.

#!/bin/sh## internet connection sharing wlan0 is the gate way# eth0 is the lan port this might use a straight ethernet cable to a router wan port or a switch or a single PC# 192.168.2.2 is the port that is being used by the lan for access I changed it to 192.168.2.254 and set fixed addresses forthe wan and router## change wlan0 to ppp0 and you can use this for mobile broadband connect ion sharing#ip link set dev eth0 upip addr add 192.168.2.1/24 dev eth0sysct l net.ipv4.ip_forward=1iptables -t nat -A POSTROUTING -o wlan0 -s 192.168.2.0/24 -j MASQUERADEiptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 3074 -j DNAT --to-destination 192.168.2.2iptables -t nat -A PREROUTING -i wlan0 -p udp -m multiport --dports 88,3074 -j DNAT --to-destination 192.168.2.2iptables -A FORW ARD -i wlan0 -d 192.168.2.2 -p tcp --dport 3074 -j ACCEPT

iptables -A FORW ARD -i wlan0 -d 192.168.2.2 -p udp -m multiport --dports 88,3074 -j ACCEPT

You could use the above as a bash script changing things to suit your needs.

If things go wrong, the following script should save you when things get badly messed up.

#!/bin/sh## rc.flush-iptables - Resets iptables to default values.## Copyright (C) 2001 Oskar Andreasson ## This program is free software; you can redistribute it and/or modify# it under the terms of the GNU General Public License as published by

# the Free Software Foundation; version 2 of the License.## This program is distributed in the hope that it will be useful,# but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the# GNU General Public License for more details.## You should have received a copy of the GNU General Public License# along with this program or from the site that you downloaded it# from; if not, write to the Free Software Foundation, Inc., 59 Temple# Place, Suite 330, Boston, MA 02111-1307 USA## Configurations#IPTABLES="/usr/sbin/iptables"

## reset the default policies in the filter table.#$IPTABLES -P INPUT ACCEPT$IPTABLES -P FORWARD ACCEPT$IPTABLES -P OUTPUT ACCEPT## reset the default policies in the nat table.#$IPTABLES -t nat -P PREROUTING ACCEPT$IPTABLES -t nat -P POSTROUTING ACCEPT$IPTABLES -t nat -P OUTPUT ACCEPT## reset the default policies in the mangle table.#

$IPTABLES -t mangle -P PREROUTING ACCEPT$IPTABLES -t mangle -P POSTROUTING ACCEPT$IPTABLES -t mangle -P INPUT ACCEPT$IPTABLES -t mangle -P OUTPUT ACCEPT$IPTABLES -t mangle -P FORWARD ACCEPT## flush all the rules in the filter and nat tables.#

http://www.web2pdfconvert.com/?ref=PDFhttp://www.web2pdfconvert.com/?ref=PDF


6/6

$IPTABLES -F$IPTABLES -t nat -F$IPTABLES -t mangle -F## erase all chains that's not default in filter and nat table.#$IPTABLES -X$IPTABLES -t nat -X$IPTABLES -t mangle -X

Further reading: https://help.ubuntu.com/community/IptablesHowTo

Internet connection sharing documentation thread: http://ubuntuforums.org/showthread.php?t=503287

See also

WifiDocs/ShareEthernetConnectionThroughWirelessInternetHowto

CategoryHardware CategoryInternet CategoryNetworking

Internet/ConnectionSharing (last e dited 2011-12-16 02:01:06 by xp1 )

Parent Page Page History

The material on this wiki is available under a free license, see Copyright / License for details You can contribute to this wiki, see Wiki Guide for details
http://www.web2pdfconvert.com/?ref=PDFhttp://www.web2pdfconvert.com/?ref=PDFhttps://help.ubuntu.com/community/WikiGuidehttps://help.ubuntu.com/community/Licensehttps://help.ubuntu.com/community/Internet/ConnectionSharing?action=infohttps://help.ubuntu.com/community/Internethttps://launchpad.net/~xp1https://help.ubuntu.com/community/CategoryNetworkinghttps://help.ubuntu.com/community/CategoryInternethttps://help.ubuntu.com/community/CategoryHardwarehttps://help.ubuntu.com/community/InternetHowtohttps://help.ubuntu.com/community/WifiDocs/ShareEthernetConnectionThroughWirelesshttp://ubuntuforums.org/showthread.php?t=503287https://help.ubuntu.com/community/IptablesHowTo

Documents

Help Ubuntu Com