![bit 1 bit 2 bit 3 bit 4 bit 5 bit 6 bit 7 bit 8
128 192 224 240 248 252 invalid invalid
Our new subnet will therefore be have the following properties:
Network address: 192.168.1.0
Netmask: 255.255.255.240
Broadcast address: 192.168.1.15
Valid hosts: 192.168.1.1 to 192.168.1.14
Gateway: 192.168.1.1 (Our Linux bos IP address)
The details of subnetting are beyond the scope of this document. However,
for further reading you may visit the Subnetting tutorial [3] in the references
section.
3.2 Configuring DHCP
To reduce the task of assigning network configurations to individual hosts, we
may choose to set up a DHCP server. If anything in the config file is unclear,
kindly refer to “Linux DHCP Server configuration“[4]. Our configuration shall
be as shown below:
[stuart@desert ~]$ cat /etc/dhcpd.conf
ddns-update-style interim;
ignore client-updates;
subnet 192.168.1.0 netmask 255.255.255.128 {
# --- default gateway
option routers 192.168.1.1;
option subnet-mask 255.255.255.240;
option nis-domain "sandstorm.org";
option domain-name "sandstorm.org";
option domain-name-servers 192.168.1.1, 212.49.70.xx;
option time-offset 10800; # East African Time
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don’t change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;
range dynamic-bootp 192.168.1.2 192.168.1.10;
default-lease-time 21600;
max-lease-time 43200;
3](https://image.slidesharecdn.com/sharing-your-internet-connection-on-linux-120723175018-phpapp01/85/Sharing-your-internet-connection-on-linux-3-320.jpg)
![# we want the nameserver to appear at a fixed address
host ns {
next-server desert.sandstorm.org;
hardware ethernet 12:34:56:78:AB:CD;
fixed-address 207.175.42.254;
}
}
where, 212.49.70.xx is the DNS IP address provided by my ISP.
3.3 Enabling ip forwarding
This can be done in either of the two ways below,
1. Adding a line in /etc/rc.local
Open the file /etc/rc.loacal, as root and append the line below.
echo "1" > /proc/sys/net/ipv4/ip_forward
2. Editing the file sysctl.conf
Login as root and open the file /etc/sysctl.conf
[root@desert ~]# vi /etc/sysctl.conf
Go to the line shown below, and change the 0 to 1.
# Controls IP packet forwarding
net.ipv4.ip_forward = 0
Finally, restart the network service to activate the new configuration. This
step is applicable for both the solutions above.
[stuart@desert ~]$ /sbin/service network restart
3.4 Configuring the firewall
If at all you’ve attempted to access the internet, you must have noticed the
request times out. So to have it working we must masquerade. Which is done
in the firewall. This is done as below:
1. Flush any default rules
[root@desert ~]# iptables -F
[root@desert ~]# iptables -t nat -F
[root@desert ~]# iptables -t mangle -F
2. Delete any additional chains in our tables
[root@desert ~]# iptables -X
[root@desert ~]# iptables -t nat -X
[root@desert ~]# iptables -t mangle -X
4](https://image.slidesharecdn.com/sharing-your-internet-connection-on-linux-120723175018-phpapp01/85/Sharing-your-internet-connection-on-linux-4-320.jpg)
![3. Save configuration and restart the firewall
[root@desert ~]# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[root@desert ~]# service iptables save
[root@desert ~]# service iptables restart
4. Test configuration Finally, we can test the configuration to ascertain
that out configuration works using the ping command on a client. Output
as that shown below shows that we are connected to the internet.
[root@desert ~]# ping google.com
PING google.com (64.233.181.147) 56(84) bytes of data.
64 bytes from ni-in-f147.1e100.net (64.233.181.147): icmp_seq=1 ttl=49
time=379 ms
64 bytes from ni-in-f147.1e100.net (64.233.181.147): icmp_seq=2 ttl=49
time=379 ms
64 bytes from ni-in-f147.1e100.net (64.233.181.147): icmp_seq=3 ttl=49
time=368 ms
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 368.635/376.084/379.839/5.267 ms
[root@desert ~]#
Alas! you learnt a new magic trick. It works!
5](https://image.slidesharecdn.com/sharing-your-internet-connection-on-linux-120723175018-phpapp01/85/Sharing-your-internet-connection-on-linux-5-320.jpg)
![References
[1] Anonymous, 2ND February 2008, ”CentOS / RedHat Linux Internet
Connection sharing.“
http://www.cyberciti.biz/faq/rhel-fedora-linux-internet-connection-sharing-howto/
Accessed Wednesday, April 07 2010 19:47:13 hours.
[2] Phd, 16TH January 2008, ”How to Masquerade on Linux(Internet connec-
tion sharing).”
http://www.howtoforge.com/internet-connection-sharing-masquerading-on-linux
Accessed Wednesday, April 07 2010 20:04:21 hours.
[3] Becker, Ralph, 25TH January 2007, ”IP Subnetting Tutorial.“
http://www.ralphb.net/IPSubnet/
Accessed Wednesday, April 07 2010 21:25:45 hours.
[4] Ochieng, Edmund, 3RD March 2010, ”Linux DHCP Server configuration.”
http://www.scribd.com/full/27775817?access key=key-303haxdvitgb29x4ohs
Accessed Wednesday, April 07 2010 21:49:54 hours.
Figure 1: Makmende amerudi
6](https://image.slidesharecdn.com/sharing-your-internet-connection-on-linux-120723175018-phpapp01/85/Sharing-your-internet-connection-on-linux-6-320.jpg)
Sharing your-internet-connection-on-linux
- 1. Sharing your Internet connection on Linux Edmund Ochieng’ April 7, 2010 Abstract With only one IP address from your Internet Service Provider(ISP) and multiple PCs, it may appear impossible to share Internet; a router may become handy in mapping the public address to multiple internal addresses to be used by the multiple PCs. Routers generrally aren’t cheap and are often purchased by big and have the financial muscle. However, this guide should help a home user or small businesses turn a Linux box into an affordable router. 1
- 2. 1 Introduction There exist several guides on the internet that guide users how to share internet however, many of them make it look like rocket science even to everyday Linux users. This document will attempt to make this process as easy as it can be. If its still difficult to understand let me know. Perhaps, I will be able to do something about it. Hope you enjoy the guide. 2 Planning your network Planning is crucial and is dependent on the number of computers you would wish to share the internet connection. It greatly determines the speeds accessible by each client. For instance if an entire class C network such as 192.168.1.0 / 255.255.255.0 is used, the internet speed will be divided by 254 -the number of valid hosts. Thus, if the number of IP addresses used is less than 254 then an operation known as subnetting is necessary to optimize the internet speeds. 3 Doing the job This section takes us step-by-step through the configuration process giving mul- tiple solutions where applicable. 3.1 Choosing size of the network The size of the network should be equal or greater than the number of hosts to be networked. A slightly larger subnet is preffered to allow for easy expansion without necessitating the need to change the network configurations. For this guide we shall assume we have four PCs that we would wish to connect to the internet excluding the connected Linux PC. This makes a total of five hosts. Each network should have two additional addresses for the network address and broadcast address. Thus we shall add 2 to 5 to make 7 hosts. 7 ≤ 2y , where y is the number of host bits 7 ≤ 23 ⇒ 7 ≤ 8 8 − 7 = 1 extra IP address W e can instead take y = 4 to increase number of f ree slots but, x+y =8 x=8−y x = 4 network bits This implies the netmask shall be, 255.255.255.240. Taking the first subnet, our network address shall be, 192.168.1.0 and netmask 255.255.255.240. Here is how we obtain 240 in our last octet And since, x = 4 the last octect of our netmask becomes 240. 2
- 3. bit 1 bit 2 bit 3 bit 4 bit 5 bit 6 bit 7 bit 8 128 192 224 240 248 252 invalid invalid Our new subnet will therefore be have the following properties: Network address: 192.168.1.0 Netmask: 255.255.255.240 Broadcast address: 192.168.1.15 Valid hosts: 192.168.1.1 to 192.168.1.14 Gateway: 192.168.1.1 (Our Linux bos IP address) The details of subnetting are beyond the scope of this document. However, for further reading you may visit the Subnetting tutorial [3] in the references section. 3.2 Configuring DHCP To reduce the task of assigning network configurations to individual hosts, we may choose to set up a DHCP server. If anything in the config file is unclear, kindly refer to “Linux DHCP Server configuration“[4]. Our configuration shall be as shown below: [stuart@desert ~]$ cat /etc/dhcpd.conf ddns-update-style interim; ignore client-updates; subnet 192.168.1.0 netmask 255.255.255.128 { # --- default gateway option routers 192.168.1.1; option subnet-mask 255.255.255.240; option nis-domain "sandstorm.org"; option domain-name "sandstorm.org"; option domain-name-servers 192.168.1.1, 212.49.70.xx; option time-offset 10800; # East African Time # option ntp-servers 192.168.1.1; # option netbios-name-servers 192.168.1.1; # --- Selects point-to-point node (default is hybrid). Don’t change this unless # -- you understand Netbios very well # option netbios-node-type 2; range dynamic-bootp 192.168.1.2 192.168.1.10; default-lease-time 21600; max-lease-time 43200; 3
- 4. # we want the nameserver to appear at a fixed address host ns { next-server desert.sandstorm.org; hardware ethernet 12:34:56:78:AB:CD; fixed-address 207.175.42.254; } } where, 212.49.70.xx is the DNS IP address provided by my ISP. 3.3 Enabling ip forwarding This can be done in either of the two ways below, 1. Adding a line in /etc/rc.local Open the file /etc/rc.loacal, as root and append the line below. echo "1" > /proc/sys/net/ipv4/ip_forward 2. Editing the file sysctl.conf Login as root and open the file /etc/sysctl.conf [root@desert ~]# vi /etc/sysctl.conf Go to the line shown below, and change the 0 to 1. # Controls IP packet forwarding net.ipv4.ip_forward = 0 Finally, restart the network service to activate the new configuration. This step is applicable for both the solutions above. [stuart@desert ~]$ /sbin/service network restart 3.4 Configuring the firewall If at all you’ve attempted to access the internet, you must have noticed the request times out. So to have it working we must masquerade. Which is done in the firewall. This is done as below: 1. Flush any default rules [root@desert ~]# iptables -F [root@desert ~]# iptables -t nat -F [root@desert ~]# iptables -t mangle -F 2. Delete any additional chains in our tables [root@desert ~]# iptables -X [root@desert ~]# iptables -t nat -X [root@desert ~]# iptables -t mangle -X 4
- 5. 3. Save configuration and restart the firewall [root@desert ~]# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE [root@desert ~]# service iptables save [root@desert ~]# service iptables restart 4. Test configuration Finally, we can test the configuration to ascertain that out configuration works using the ping command on a client. Output as that shown below shows that we are connected to the internet. [root@desert ~]# ping google.com PING google.com (64.233.181.147) 56(84) bytes of data. 64 bytes from ni-in-f147.1e100.net (64.233.181.147): icmp_seq=1 ttl=49 time=379 ms 64 bytes from ni-in-f147.1e100.net (64.233.181.147): icmp_seq=2 ttl=49 time=379 ms 64 bytes from ni-in-f147.1e100.net (64.233.181.147): icmp_seq=3 ttl=49 time=368 ms --- google.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 368.635/376.084/379.839/5.267 ms [root@desert ~]# Alas! you learnt a new magic trick. It works! 5
- 6. References [1] Anonymous, 2ND February 2008, ”CentOS / RedHat Linux Internet Connection sharing.“ http://www.cyberciti.biz/faq/rhel-fedora-linux-internet-connection-sharing-howto/ Accessed Wednesday, April 07 2010 19:47:13 hours. [2] Phd, 16TH January 2008, ”How to Masquerade on Linux(Internet connec- tion sharing).” http://www.howtoforge.com/internet-connection-sharing-masquerading-on-linux Accessed Wednesday, April 07 2010 20:04:21 hours. [3] Becker, Ralph, 25TH January 2007, ”IP Subnetting Tutorial.“ http://www.ralphb.net/IPSubnet/ Accessed Wednesday, April 07 2010 21:25:45 hours. [4] Ochieng, Edmund, 3RD March 2010, ”Linux DHCP Server configuration.” http://www.scribd.com/full/27775817?access key=key-303haxdvitgb29x4ohs Accessed Wednesday, April 07 2010 21:49:54 hours. Figure 1: Makmende amerudi 6