Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ How to use Linux iptables tool for network sharing     - Linux System Tutorial: How to browse the Linux command line, weather forecast (Linux)

- Oracle set and remove columns unavailable (Database)

- Linux Command-line MySQL summary (Database)

- OpenResty load balancing MySQL (Database)

- Puppet installation and testing (Server)

- How to defragment the hard disk in Linux (Linux)

- Ubuntu installed racing game Speed Dreams 2.1 (Linux)

- How to Check notebook CPU temperature in Ubuntu (Linux)

- Android developers learning Adapter (data adapter) (Programming)

- Talk about the Linux ABI compatibility Application (Linux)

- Struts2 study notes -Valuestack (value stack) and OGNL expression (Programming)

- OpenSSL for secure transmission and use of skills of files between Windows and Linux (Linux)

- How to configure security management services under Linux (Linux)

- MySQL 5.6 use GTIDs build the master database (Database)

- Python Socket Network Programming (Programming)

- Some MySQL interview questions (Database)

- Bash added to the Vi mode indicator (Linux)

- C language - Traverse pci device (Programming)

- Automate deployment of Docker-based Rails applications (Server)

- ethtool implementation framework and application in Linux (Linux)

 
         
  How to use Linux iptables tool for network sharing
     
  Add Date : 2018-11-21      
         
         
         
  In this tutorial, I'll explain how multiple devices to share a network connection under Linux. Currently the wireless router has become mainstream consumer products, so as to solve the problem of this article. It is assumed that your home and do not have a wireless router, but you have there is a "cat" and wired NIC Linux host. "Cats" is a model of dynamic public IP address to connect to the Internet, the NIC host to connect to your switch or hub. Other devices (such as Linux or Windows PC or laptop) in the form of a bridge connection, and is not connected to the Internet. To share the Internet Linux host, you must then be converted into the gateway, so that it can achieve the send and receive information from other devices.

Terminology Glossary

Private IP address (the route is unreachable address) is used by a local LAN IP address (not visible on the Internet).
Public IP addresses (reachable to address) is visible on the Internet IP address.
IP Masquerading is to allow a series of machines connected to the Internet via the MASQ gateway function. These MASQ gateway machine other than the Internet is not visible. MASQ machine data after any incoming or outgoing must MASQ gateway.
Network Address Translation (NAT) is a technique through IP masquerading allows private IP addresses to access the Internet features.
Hardware Requirements

Hardware Requirements

One has two interfaces (a public IP address and other private IP address) of linux host, the host will be used as a gateway.
PC or laptop or multiple have a private IP address linux / windows system.
Switch / hub (optional).

Step Tutorial

Next, the process needs to be done in linux host (for shared gateway) on.

1, enable IP forwarding

To set up a network share, you need to change kernel parameters on a linux host to enable IP forwarding. The kernel boot parameter in the /etc/sysctl.conf file.

Open this file, locate containing "# net.ipv4.ip_forward = 0" in this line, remove the # (cancel comment), and then set its value to 1, and the following should be consistent after changing for the better.

net.ipv4.ip_forward = 1
So you have to activate the IP forwarding function is active, by executing the following command:

$ Sudo sysctl -w net.ipv4.ip_forward = 1
$ Sudo sysctl -p
2, NAT configuration

Another important part of the network share is NAT configuration, which can be done using the command iptables, iptables firewall rule contains four tables:

FILTER (default table)
NAT
MANGLE
RAW
For this tutorial we will use only two tables: FILTER and NAT tables.

First, refresh all active firewall rules.

$ Sudo iptables -X
$ Sudo iptables -F
$ Sudo iptables -t nat -X
$ Sudo iptables -t nat -F
In input form, you need to set up forwarding chain (FORWARD) to an acceptable (ACCEPT) destination, so all through the host's packets will be handled properly.

$ Sudo iptables -I INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
$ Sudo iptables -I FORWARD -m state --state RELATED, ESTABLISHED -j ACCEPT
In the NAT table, you must enable IP masquerading as your WAN port, we assume that the WAN protocol is ppp0. To the ppp0 interface to enable IP spoofing technology, we use the following command:

$ Sudo iptables -t nat -I POSTROUTING -o ppp0 -j MASQUERADE

3, equipped with a private IP address

After all configurations on linux host is complete, you need to configure additional devices (linux / windows PC or laptop) DNS server, and default gateway, so that they can point to data stream linux host. Note that you do not need to set up a DNS server on linux host, every DNS request sent from other devices are automatically forwarded to the linux host ISP upstream.

If another device on your system is linux, you can following command to change their default gateway and DNS server. Assuming your network is a private IP address of the network segment 192.168.1.0/24, IP address, host binding on linux is 192.168.1.1.

$ Sudo ip route deldefault
$ Sudo ip route add default via 192.168.1.1
$ Sudo sh -c "echo 'nameserver 192.168.1.1'> /etc/resolv.conf"
If there are other linux device, you can repeat the command.

If you have windows device, you can control the Network Connection Properties panel to change the default gateway and DNS server.

4, a complete script

This is a complete script to set up a network connection sharing on linux host. WAN port (ppp0 agreement) needs according to your specific network interface protocol instead.

$ Sudo vi / usr / local / bin / ishare
#! / Bin / bash
## Internet connection shating script
sysctl -w net.ipv4.ip_forward = 1
sysctl -p
iptables -X
iptables -F
iptables -t nat -X
iptables -t nat -F
iptables -I INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
iptables -I FORWARD -m state --state RELATED, ESTABLISHED -j ACCEPT
iptables -t nat -I POSTROUTING -o ppp0 -j MASQUERADE
Save the above script to / usr / local / bin / ishare, then add executable permissions by executing the following command.

$ Sudo chmox + x / usr / local / bin / ishare
If you need to boot this script, you need to execute the script /etc/rc.local file and in the file of "exit 0" before adding the following line.

/ Usr / local / bin / ishare
     
         
         
         
  More:      
 
- Applications Linux leap second problem caused (Linux)
- Bash common several configuration files (Linux)
- Windows Ubuntu dual system a key Ghost, grub rescue prompt solution (Linux)
- GCC and gfortran write MEX program (Matlab2012a) under Ubuntu 14.04 (Programming)
- Linux environment RabbitMQ installation and monitoring of plug-in installation (Linux)
- CentOS7 installation hardware monitoring for Zabbix enterprise applications (Server)
- VMware Workstation virtual machine startup error: Could not open / dev / vmmon in CentOS 6 (Linux)
- Asynchronous communication mechanism between the Android source code analysis thread (Programming)
- Java memory analysis tool uses detailed MAT (Programming)
- Add a custom encryption algorithm in OpenSSL (Linux)
- Apache site default home page settings (Server)
- Ubuntu 12.04 64bit Install Source Insight 3.5 and create desktop icons (Linux)
- Ubuntu comes with gedit editor to add Markdown preview widget (Linux)
- ORA-30926 and MERGE tables empty the temporary occupation problem (Database)
- Github inventory objects Algorithm (Linux)
- Linux Shell debugging (Programming)
- Alternative methods of intrusion bundled executable file new thinking (Linux)
- Linux more efficient than select a model epoll (Linux)
- JavaScript prototype and prototype chain and project combat (Programming)
- Tomcat session clustering and server session (Server)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.