Results 1 to 10 of 16

Thread: How to share an internet connection in Linux

Hybrid View

  1. #1
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default How to share an internet connection in Linux

    This "How To" is a work in progress. People can respond in this thread and we'll work together to find the best solution.
    Unfortunately I've only got access to one PC right now so I can't test any of this stuff out.

    Let's say you have a small wired network of three computers all connected together by means of a hub.

    Code:
            PC1
             |
          [hub]--- PC2
             |
            PC3
    Next you come along with your laptop and your Alfa. You use your Alfa to connect to a wireless network, and you want to share your internet connection with this little network of 3 PC's. On your laptop, your Alfa is wlan0 and your wired Ethernet card is eth0.

    The objective is to hook up your laptop to the hub and to provide the other three computers with Internet access.

    So here goes, there's two ways of sharing the Internet connection:

    1) Simple Layer-2 Ethernet Bridging

    You can create a simple Layer-2 bridge between the interfaces wlan0 and eth0. All this does is share all frames between the two interfaces. For instance, if a broadcast frame is received on wlan0, it will be forwarded on to eth0. It's exactly as if you were to take wlan0 and eth0 and connect them into a hub together so that they can both see each others frames.
    When one of the wired computers on the LAN sends out a DHCP request, it will be received at eth0 on your laptop and from there it will be forwarded to wlan0, and from there the DHCP request will reach the access point. When the DHCP reply comes back from the access point, it will be received at wlan0 on your latop and from there it will be forwarded to eth0. So each of the three PC's will get an IP address directly from the access point. It will be exactly as though the three PC's were connected directly to the AP.

    2) Make eth0 act as a router that leads to the network on wlan0

    You make eth0 behave as a NAT-enabled router. eth0 will be part of a private network containing the three PC's. eth0 will have its own DHCP server. When eth0 responds to a DHCP request, it specifies itself as the default gateway, meaning that when the other 3 computers want to access the internet, they treat eth0 as the router.
    When eth0 receives an IP packet that has a destination IP address other than its own, it will perform NAT on the packet and then forward the packet on to wlan0. Later when a reply is received on wlan0, your eth0 NAT-enabled router will perform NAT on the packet and forward it on to the appropriate computer. This, by the way, is how Microsoft Internet Connection Sharing works.

    ---------------------------------

    I find the 2nd choice to be preferable, because if you were to change the wifi network that wlan0 is connected to, then the three LAN PC's don't need to know about it, all they need to do is treat eth0 as their default gateway, there's no need for them to perform a DHCP request all over again.

    --------------------------------

    Now here's the thing. I know exactly how to achieve both of these methods in MS-Windows, but since MS-Windows is gay and I don't use it anymore, I want to be able to achieve both of them at the command line in Linux, hence I started this thread.

    ------------------------------

    The First Method
    So far I've been playing around with creating a Layer-2 Ethernet bridge, and it seems as though it's easier than I could ever have imagined. Here's how you create a bridge between wlan0 and eth0:

    Code:
    sudo brctl addbr vhub        #This creates the virtual hub
    sudo brctl addif vhub eth0   #This connects eth0 to the virtual hub
    sudo brctl addif vhub wlan0  #This connects wlan0 to the virtual hub
    sudo ifconfig vhub up
    By the way I found out how to do this from: https://help.ubuntu.com/community/NetworkConnectionBridge

    If I'm not mistaken that should be it. Now just connect your laptop by Ethernet cable into the physical hub and let the 3 PC's do a DHCP. They'll end up with an internet connection. (Sadly I can't test this out because I've only got one computer at my disposal so if I'm wrong then post here and correct me).

    ------------------

    The second method
    This one will be somewhat more complicated. I haven't done much research on this, but it looks like this is achieved by means of using iptables to do "IP masquerading". Basically you set up iptables so that it will create a virtual NAT-enabled, DHCP-enabled router between eth0 and wlan0.
    If anyone has experience with this and has gotten it working, then feel free to beat me to the punch and post your solution here. Otherwise if nobody replies then I'll have a go at it myself and post what I find later.
    ------------------

    Sorry for posting a half-finished How To but I reckon it's better than nothing because this is a topic I'm really interested in. Plus everyone can contribute to find the best solution.
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  2. #2
    Good friend of the forums spawn's Avatar
    Join Date
    Jan 2010
    Posts
    280

    Default

    The second method:

    # echo '1' > /proc/sys/net/ipv4/ip_forward

    # iptables -t nat -A POSTROUTING -o wlan0 src <YOURNETWORK> -j MASQUERADE

  3. #3
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    Thanks for the reply Spawn.

    I tried it out just there and iptables rejected the src argument, I think you meant -s instead.

    It accepted the following syntax:

    Code:
    sudo iptables -t nat -A POSTROUTING -o wlan0 -s 10.10.10.0/24 -j MASQUERADE
    I wish I could try this out but I've only got 1 computer at my disposal.
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  4. #4
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by Virchanza View Post
    Thanks for the reply Spawn.

    I tried it out just there and iptables rejected the src argument, I think you meant -s instead.

    It accepted the following syntax:

    Code:
    sudo iptables -t nat -A POSTROUTING -o wlan0 -s 10.10.10.0/24 -j MASQUERADE
    I wish I could try this out but I've only got 1 computer at my disposal.
    Assuming syntax and the like, spawn's method works equally as well.

    The cool feature with your original though, the bridging, comes into play especially when we think of MiTM attacks. Traceroute through a Layer-2 bridge does not degrade the hop counter.

    I'll give you a moment to think about that.

    Basically, a properly implemented bridge can firewall, MiTM, log, cache, protect or otherwise interact with a network stream. It can forward or deny ARP requests and the like, and it can do all sorts of neat tricks, all without being seen on the network. Certainly the results can be seen, but not the device causing them.

    Personally I use (among other things) bridged devices to firewall out my DMZ networks silently. A proper bridge does not have management interfaces for the bridge* and thus can not be cracked by an intruder**. It is also useful from other networking points of view (protecting 10.0.0.0/8 from Windows broadcast floods for example) though a lot of these "features" are now protected by VLAN's in this day and age.

    Besides which it's good fun to toy with people who can not figure out why their system is doing stupid things when it can ping the server just fine

    *Generally 3 NIC's - two to bridge, one to manage with - the latter having an IP, the former not
    **Short of things like snort-DoS attacks and the like, as well as one-way-shellcode execution, which is why you should never have a default gateway on a management network.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  5. #5
    Good friend of the forums spawn's Avatar
    Join Date
    Jan 2010
    Posts
    280

    Default

    yes sorry my fault ....

    I have written many firewalls with PF
    i'm forgetting how write a iptables rule

    Quote Originally Posted by [QUOTE=Virchanza View Post
    I wish I could try this out but I've only got 1 computer at my disposal.
    Why you not test it in vmware or similar ?

  6. #6
    Member Mr-Protocol's Avatar
    Join Date
    Jan 2010
    Location
    Ohio
    Posts
    142

    Default

    I have tried this and I couldn't get it to work as I desired.

    I have a Fonera router I am trying to hook to my ethernet card on my laptop via Crossover Cable. The Fonera's IP is static to 10.11.1.1

    My wireless card is hooked up to my WAP for internet with the ip 192.168.0.100

    Commands I entered:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A POSTROUTING -o wlan0 -s 10.11.1.0/24 -j MASQUERADE

    My BT4 laptop can contact both the Fonera and outside world. But people connecting to the Fonera cannot access the internet.

    Any ideas? Do i need to use a normal CAT5/6 cable after i have the iptables in place? (I don't think I do but i could be wrong)

  7. #7
    Member Vagabond's Avatar
    Join Date
    Feb 2010
    Posts
    50

    Default How to do ICS with Backtrack using 2 Wifi-Cards

    Hi !

    I´m glad I found this thread, because I´m planning to do something slightly different:

    I want to connect to a Wireless Router using my Alfa and then
    create my own AP with a second WIFI-Card I haven´t bought yet (simple one, just doing the trick. Suggestions ?)

    I thought a router could do it, but I have not found any router
    that repeats the signal from Antenna 1 (YAGI) to Antenna 2 (OMNI).
    Many of them got 2 antennas, but the use them both for both tasks.

    I apreciate any help !

    Peace !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •