Turn Linux PC into Router
In Microsoft Windows, there's a thing called "Internet Connection Sharing". Here's how it works:
* You have two NIC's, let's say they're eth0 and wlan0. (Yes I give Linux names to my NIC's in Windows :P )
* You set up wlan0 as normal to access the wireless network and the internet.
* You go into the settings for wlan0 and enable "Internet Connection Sharing". At this point, it asks you to select a different NIC thru which the internet connection will be shared.
* You select eth0.
* Windows assigns an IP address of 192.168.0.1 to eth0.
* Windows sets up a DHCP daemon on eth0 so that other client machines can hook into eth0 and get an IP address.
* When you run an Ethernet cable from the eth0 port to another machine, the other machine will do a DHCP request and your machine will give it an IP address, default gateway, etc.. The default gateway is set to 192.168.0.1, meaning that eth0 is acting as a router.
* When eth0 receives packets to its own MAC address, but with a different IP address than its own, the packets get routed thru wlan0.
* eth0 also performs PAT and NAT.
Is there Linux software for doing this?
Also, totally unrelatedly, is there anyway of bridging two network connections at the commandline? I did it in Ubuntu one time before using the GUI but I'd like to know how to do it at the commandline.
I had once though about asking the same question here but then I thought I would take the time to look it up on google. Basically all your doing is setting up a DHCP server and IP forwarding. You want DHCPD, and IP forwarding can be done in many ways. You could also do something like this that could act as a wireless bridge if you want to span a larger distance than your AP can.
Do you want it to be specifically to be a router? if so check out IPCOPOriginally Posted by penguin_to_bits
OK first thing I need to do is set my Linux machine to route packets from eth0 to wlan0 (and vice versa). To do this, I think I use "iptables", that right? Also I'll want to perform "Source NAT". Should I use "iptables" to do this?
If I get that working, it looks like I'll be able to connect my machine to another machine via cross-over cable, and the the other machine will be able to access the internet via my wlan0 interface if it sets its default gateway to the IP address of my eth0 interface.
But then I'll want to run on a DHCP server on my eth0 also. Looks like I can use dhcpd.conf to do this.
Has anyone done this before? Basically I want to turn my eth0 into a router that has a DHCP server and which performs NAT, and which forwards packets thru to my wlan0 interface (and also forwards back the way).
I know I can get an actual distro of Linux that's designed for turning a PC into a router, but all I want is a normal PC that has the extra ability of being able to "share its internet connection".
Go here to build a script to setup iptables to route the traffic from one nic to the other.
I used dnsmasq as my dhcp and dns server.
Pretty simple to set it up as a router. With a few more steps, it's pretty simple to set up an ap this way, too. All it takes is a wireless card that supports master mode, like an atheros or hostap(prism2).
You can also use bridge-utils to setup a transparent bridge.
With a couple of hours research, you'll be up an running.
Have Fun
Please forgive me for digging up an old thread , but somehow I believe its still an issue with Internet Sharing on backtrack.
Internet Sharing on Slackware Linux . (Tested on Backtrack 3, Slackware 12.0)
Introduction : First of all get this straight. There is no easy and step by step documentation provided by the slackware team or by any linux groups for Internet Sharing in Backtrack. There are softwares like firestarter and ipmasq that people recommend on various forums but none of these works perfectly in slackware. So lets begin . Follow the steps exactly as it is mentioned and if you are lucky you will most probably have your internet connection shared.
1.First of all your ethernet cards should be configured properly.
Lets consider two ethernet interfaces , that is eth0 and eth1.
eth0 : The interface that directly connects to the Internet.
eth1 : The interface that is connected to the internal network.
Example Configurations on your Slackware Box:
1. eth0 : ip 10.30.69.78 broadcast 10.30.69.255 netmask 255.255.255.0
2. eth1 : ip 192.168.1.1 broadcast 192.168.1.255 netmask 255.255.255.0
#ifconfig eth0 10.30.69.78 bcast 10.30.69.255 netmask 255.255.255.0 [The interface connected to the Internet]
<your ip> <broadcast add> <subnet mask>
#ifconfig eth1 192.168.1.1 bcast 192.168.1.255 netmask 255.255.255.0 [The interface connected to the Internal LAN]
<your internal ip> <broadcast add> <subnet mask>
Configurations on a System on the Internal Network
eth0 192.168.1.2 broadcast 192.168.1.255 netmask 255.255.255.0 default gateway 192.168.1.1 dns 192.168.1.1
2.Go to konsole .
root#route add default gw 10.30.69.1
<Replace this Ip by the default gateway ip provided by your service provider>
3.Edit /etc/resolv.conf. Add nameservers or dns address in this file. It should something like
nameserver 202.144.115.4 <replace this ip by your choice of dns>
nameserver 202.144.10.50 <replace this ip by your choice of dns>
4.By this stage you system should ping the systems on your internal network. And the systems from internal network can ping to both the interfaces on the Slackware System.
Try ping 192.168.1.20 and from the internal system try to ping 10.30.69.78. If all goes well , you will get reply from both machines. Or else troubleshoot your network for any other issues like firewall dropping packets or some hardware related problems.
5. Now here starts the real work. Download dnsmasq . Install dnsmasq. Go to konsole and type dnsmasq start.
6. Edit the /etc/rc.d/rc.ip_forward file.
Find something that looks this in the file
# Start IP packet forwarding:
# ip_forward_start() {
# if [ -f /proc/sys/net/ipv4/ip_forward ]; then
# echo "Activating IPv4 packet forwarding."
# echo 1 > /proc/sys/net/ipv4/ip_forward
# fi
# When using IPv4 packet forwarding, you will also get the
# rp_filter, which automatically rejects incoming packets if the
# routing table entry for their source address doesn't match the
# network interface they're arriving on. This has security
# advantages because it prevents the so-called IP spoofing,
# however it can pose problems if you use asymmetric routing
# (packets from you to a host take a different path than packets
# from that host to you) or if you operate a non-routing host
# which has several IP addresses on different interfaces. To
# turn rp_filter off, uncomment the lines below:
# if [ -r /proc/sys/net/ipv4/conf/all/rp_filter ]; then
# echo "Disabling rp_filter."
# echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
# fi
}
Uncomment the lines so that it looks like the code below and save the file.
# Start IP packet forwarding:
ip_forward_start() {
if [ -f /proc/sys/net/ipv4/ip_forward ]; then
echo "Activating IPv4 packet forwarding."
echo 1 > /proc/sys/net/ipv4/ip_forward
fi
# When using IPv4 packet forwarding, you will also get the
# rp_filter, which automatically rejects incoming packets if the
# routing table entry for their source address doesn't match the
# network interface they're arriving on. This has security
# advantages because it prevents the so-called IP spoofing,
# however it can pose problems if you use asymmetric routing
# (packets from you to a host take a different path than packets
# from that host to you) or if you operate a non-routing host
# which has several IP addresses on different interfaces. To
# turn rp_filter off, uncomment the lines below:
if [ -r /proc/sys/net/ipv4/conf/all/rp_filter ]; then
echo "Disabling rp_filter."
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
fi
}
7. Edit the /etc/rc.d/rc.modules file.
Find something that looks like this
# # EXTERNAL -> external network interface
# # INTERNAL -> internal network interface
# EXTERNAL=eth1
# INTERNAL=eth0
# echo 1 > /proc/sys/net/ipv4/ip_forward
# echo "Setting up NAT (Network Address Translation)..."
# # by default, nothing is forwarded.
# iptables -P FORWARD DROP
# # Allow all connections OUT and only related ones IN
# iptables -A FORWARD -i $EXTERNAL -o $INTERNAL -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A FORWARD -i $INTERNAL -o $EXTERNAL -j ACCEPT
# enable MASQUERADING
# iptables -t nat -A POSTROUTING -o $EXTERNAL -j MASQUERADE
#
Replace the above by this code
# # EXTERNAL -> external network interface
# # INTERNAL -> internal network interface
EXTERNAL=eth0
INTERNAL=eth1
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "Setting up NAT (Network Address Translation)..."
# # by default, nothing is forwarded.
# iptables -P FORWARD DROP
# # Allow all connections OUT and only related ones IN
iptables -A FORWARD -i $EXTERNAL -o $INTERNAL -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTERNAL -o $EXTERNAL -j ACCEPT
#enable MASQUERADING
iptables -t nat -A POSTROUTING -o $EXTERNAL -j MASQUERADE
#
This ensures that ip forwarding and ip masquerading takes place.
8. Edit the /etc/rc.d/inet2.conf file. Place this code and save the file. '
# This is to establish Dial-on-demand
# PPPD_AUTO: 0 = off, 1 = on. Pretty simple huh?
PPPD_AUTO=0
if [ "$PPPD_AUTO" = "1" ]; then
echo "Activating Dial-on-Demand."
# Replace with the Nameserver of YOUR ISP or just their address
pppd :202.144.115.4
route add -host 192.168.1.1 255.255.255.0 dev eth0
fi
9. If you have done everything exactly as mentioned above , this last step will get the internet sharing activated. All you need to do from here is run the following command : bash /etc/rc.d/rc.ip_forward start .
10. Making sure that Internet Sharing works everytime you system starts up , just make small shell script for example - net-start.sh. Save this file in the /etc/rc.d folder.
ifconfig eth0 10.30.69.78 broadcast 10.30.69.255 netmask 255.255.255.0
ifconfig eth0 up
ifconfig eth1 192.168.1.1 broadcast 192.168.1.255 netmask 255.255.255.0
route add default gw 10.30.69.1
rc.ip_forward start
11. Edit the file /etc/rc.d/rc.local and just add the folllowing line in the file and save the file.
bash net-start.sh
Reboot your system. It should run the shell script in the start up and you slackware box will run as a router.
Posting Permissions
