Wednesday, March 25, 2015

Internet Connection Sharing on Linux Mint 17.1

I've read,  tried and failed several times on this. At first I thought it might be a snap using howtos tutorials scatter around internet. But it turn out to be no general solution to this. The keywords are gateway, ip masquarade, and off course, Internet Connection Sharing on Linux.

Here's a working solution that works using Linux Mint 17.1 and these configuration/setup
  1. You have cable/ADSL internet connection that need to be shared to a closed network at home/office.  
  2. A small server with 2 network cards, one connected to the cable/ADSL router/modem and one to the home/office network
  3. Have a working connection from server that you can connect to router/modem in one connection and internal network for another (you can use ping to their addresses respectively)  
  4. Here's my sample of ifconfig result from the server:

    eth0      Link encap:Ethernet  HWaddr xx:xx:e3:2f:dc:87 
              inet addr:192.168.1.100  Bcast:192.168.1.255  Mask:255.255.255.0
              inet6 addr: fe80::dafe:e3ff:fe2f:dc87/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:28325 errors:0 dropped:12 overruns:0 frame:0
              TX packets:17926 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:24606975 (24.6 MB)  TX bytes:2362173 (2.3 MB)

    eth1      Link encap:Ethernet  HWaddr xx:xx:a6:ee:88:66 
              inet addr:10.0.1.2  Bcast:10.0.1.255  Mask:255.255.255.0
              inet6 addr: fe80::5604:a6ff:feee:8866/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:131 errors:0 dropped:0 overruns:0 carrier:1
              collisions:0 txqueuelen:1000
              RX bytes:0 (0.0 B)  TX bytes:23258 (23.2 KB)

    lo        Link encap:Local Loopback 
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:1331 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1331 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:123928 (123.9 KB)  TX bytes:123928 (123.9 KB)


    eth0 is for internet connection and eth1 for intranet connection 
  5. Tested using Mint 17.1 MATE-64 as server and Mint 17.1 Cinnamon-64 as client
OK, for short here's how to set it
On the server
  1. Create a script as adminitrator called ishare

    $ sudo vi /usr/local/bin/ishare


    The WAN interface (eth0) can be replaced according to your network interface (should be the one connected to the internet)

    #!/bin/bash
    ## Internet connection sharing script
    sysctl -w net.ipv4.ip_forward=1
    sysctl -p
    iptables -X
    iptables -F
    iptables -t nat -X
    iptables -t nat -F
    iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -I FORWARD  -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

  2. Save the above script to /usr/local/bin/ishare, and then change the executable bit by the following command.

    $ sudo chmod +x /usr/local/bin/ishare

  3. If you want the script executed every startup, you can register the script to /etc/rc.local.
    Open /etc/rc.local, before statement "exit 0", add the following line:

    /usr/local/bin/ishare 

    Had a few notes on etc/sysctl.conf , whether to set the net.ipv4.ip_forward=1
    manually or the script will handle it. I'll update it after I retest it (I'm also planning on test it on Zentyal server).
For  the client you have to connect to internal network using the same segment and set the ip manually within the ip range
e.g in my case, this is the setup

ip: 10.0.1.20
subnet: 255.255.255.0
gateway: 10.0.1.2 #using servers internal ip address
dns: 8.8.8.8 #using google dns
Be sure to check the original reference if you stumbled upon troubles. Also, I haven't include any advanced rules on firewall settings to it so be advised.


 

No comments: