Internet Connection Sharing using iptables

Written by BinnyVA on April 16, 2007 – 4:26 pm -

Networking

It is very easy to setup an internet connection sharing in Linux system using iptables. This method can be used to share an internet connection from a Linux system(I used Fedora Core 6, but it should work on other distributions that support iptables). Another method of doing this is using a proxy server like squid.

Enable IP forwarding

Run as root

sysctl -w net.ipv4.ip_forward=1

To enable it in system startup, edit the file /etc/sysctl.conf and set

net.ipv4.ip_forward = 1

iptables

Run command as root

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save

Configuration

The configuration should be like this

Router

Connected to the internet provider
IP : 192.168.1.1

Internet Connected System

eth0 (LAN Card 1)

Connected to router

  • IP : 192.168.1.10
  • Netmask : 255.255.255.0
  • Gateway : 192.168.1.1 (IP of the router)

eth1 (LAN Card 2)

Connected to the other system

  • IP : 192.168.0.20 (Not the same network as the first card)
  • Netmask : 255.255.255.0
  • Gateway : 192.168.1.1 (IP of the router)

Second System

LAN Card connected to the first system

  • IP : 192.168.0.30
  • Netmask : 255.255.255.0
  • Gateway : 192.168.0.20 (IP of the second Card in the first system)

Disclaimer

Linux networks is not a subject I am an expert on. So take my advice with a pinch of salt. The above procedure worked for me. YMMV.

Status

Some results of various commands are shown here. Check to see if it matches the result on your system.

# iptables -t nat -L POSTROUTING
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  anywhere             anywhere
# cat /proc/sys/net/ipv4/ip_forward
1
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Posted in Command Line, Fedora, Networking, Tutorials | 32 Comments »