Internet Connection Sharing using iptables

Written by BinnyVA on April 16, 2007 – 4:26 pm -

Networking

It is very easy to setup an internet connection sharing in Linux system using iptables. This method can be used to share an internet connection from a Linux system(I used Fedora Core 6, but it should work on other distributions that support iptables). Another method of doing this is using a proxy server like squid.

Enable IP forwarding

Run as root

sysctl -w net.ipv4.ip_forward=1

To enable it in system startup, edit the file /etc/sysctl.conf and set

net.ipv4.ip_forward = 1

iptables

Run command as root

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save

Configuration

The configuration should be like this

Router

Connected to the internet provider
IP : 192.168.1.1

Internet Connected System

eth0 (LAN Card 1)

Connected to router

  • IP : 192.168.1.10
  • Netmask : 255.255.255.0
  • Gateway : 192.168.1.1 (IP of the router)

eth1 (LAN Card 2)

Connected to the other system

  • IP : 192.168.0.20 (Not the same network as the first card)
  • Netmask : 255.255.255.0
  • Gateway : 192.168.1.1 (IP of the router)

Second System

LAN Card connected to the first system

  • IP : 192.168.0.30
  • Netmask : 255.255.255.0
  • Gateway : 192.168.0.20 (IP of the second Card in the first system)

Disclaimer

Linux networks is not a subject I am an expert on. So take my advice with a pinch of salt. The above procedure worked for me. YMMV.

Status

Some results of various commands are shown here. Check to see if it matches the result on your system.

# iptables -t nat -L POSTROUTING
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  —  anywhere             anywhere

# cat /proc/sys/net/ipv4/ip_forward
1
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

del.icio.us | Digg it | Furl | ma.gnolia | reddit | StumbleUpon |

Related Posts

  • Fedora 9(Sulphur) Released
  • Disable Unwanted Services In Fedora 7
  • Using SSH over a Proxy

    • Posted in Command Line, Fedora, Networking, Tutorials |

    17 Comments to “Internet Connection Sharing using iptables”

    1. flape Says:
      July 4th, 2007 at 7:48 pm

      Well works on Fedora 5 and Fedora 6, but not on Fedora 7 :(

    2. BinnyVA Says:
      July 5th, 2007 at 11:05 am

      @flape
      I use Fedora 7 - it works for me here. I had a bit of trouble setting it up at first - but in a few attempts it worked fine.

    3. Gurdeep Singh Says:
      July 9th, 2007 at 12:46 pm

      Hi
      Can anbody tell if i share internet through this. then how can i do port forwarding for VNC and WEB Server located on windows client. what rules should be add in IPtables

    4. samer Says:
      August 23rd, 2007 at 2:32 am

      Its not working on F7 any help please :D

    5. Matthew Evetts Says:
      October 23rd, 2007 at 2:16 am

      Worked a dream. Ran the linux commands and it worked straight away - Fedora Core 7 with Windows clients.
      Many many thanks!

    6. James Says:
      October 26th, 2007 at 2:43 am

      I tried it on fedora 7 (kernel 2.6.21). It didn’t work… Is there something else I need to download and install?

    7. Abhi Says:
      October 26th, 2007 at 1:45 pm

      Hi

      I tried it on my fedora 7 but didn’t worked :(

      i didn’t get which router address we need to add?

    8. Pedro Says:
      November 21st, 2007 at 8:40 pm

      Hi guys, nice tutorial, but i’m wondering if a different setup would still work. This is my current system:

      - 1 external wireless router that shares the internet connection to the entire building (and to which I have no access to and uses DHCP to provide IPs to the clients);
      - 1 server machine with 1 wireless card (connecting to the external router (again, DHCP)), and one internal (wired) network card, which I would setup with a static IP address;
      - 1 wireless router (my own, full access), which I can connect to the server’s static IP network card;
      - 1 laptop, which I wish to connect to the internal router and still have internet from the external router.

      Is this possible, and if so, how do I set it up?

      Thanks in advance,
      Pedro

    9. khomkhay Says:
      November 26th, 2007 at 11:53 am

      please help me I would to setup and configuration internet server by IP table and web server and send mail Server on linux redhat Enterprise 4 or fedora 3 or 5
      please help step by step ditail

    10. vijay Says:
      November 27th, 2007 at 7:03 pm

      Hi,
      I m trying with fedora 8 but its not happening please help.

    11. vijay Says:
      November 27th, 2007 at 7:03 pm

      Hi,
      I m trying with fedora 8 but its not happening please help.
      vijay

    12. BinnyVA Says:
      November 27th, 2007 at 9:14 pm

      @Vijay
      I now have Fedora 8 - it worked perfectly.

    13. joshua Says:
      December 29th, 2007 at 8:35 am

      BinnyVA: what did u do on fedora 8 to make it work :)

    14. BinnyVA Says:
      December 29th, 2007 at 12:36 pm

      @Joshua
      Just follow the given instructions - it worked without any trouble for me.

    15. DigitalBrain Ntavyo Says:
      March 7th, 2008 at 7:57 pm

      This is real pretty cool im using Centos 5 and Fedora 8 it work fine

    16. Natalie Says:
      March 10th, 2008 at 8:41 pm

      I’ve done it before and it is easy so there is nothing wrong with your advice thanks for taking the time to write them so clearly.

    17. nildon Says:
      May 31st, 2008 at 8:34 pm

      Is there anyone who knows how to set up this in similar situatuion: My laptop is connected to internet via eth1, but eth1 is ethernet emulation card and eth0 is other notebook.

    Leave a Comment