In this tutorial, I'll explain how multiple devices to share a network connection under Linux. Currently the wireless router has become mainstream consumer products, so as to solve the problem of this article. It is assumed that your home and do not have a wireless router, but you have there is a "cat" and wired NIC Linux host. "Cats" is a model of dynamic public IP address to connect to the Internet, the NIC host to connect to your switch or hub. Other devices (such as Linux or Windows PC or laptop) in the form of a bridge connection, and is not connected to the Internet. To share the Internet Linux host, you must then be converted into the gateway, so that it can achieve the send and receive information from other devices.
Private IP address (the route is unreachable address) is used by a local LAN IP address (not visible on the Internet).
Public IP addresses (reachable to address) is visible on the Internet IP address.
IP Masquerading is to allow a series of machines connected to the Internet via the MASQ gateway function. These MASQ gateway machine other than the Internet is not visible. MASQ machine data after any incoming or outgoing must MASQ gateway.
Network Address Translation (NAT) is a technique through IP masquerading allows private IP addresses to access the Internet features.
One has two interfaces (a public IP address and other private IP address) of linux host, the host will be used as a gateway.
PC or laptop or multiple have a private IP address linux / windows system.
Switch / hub (optional).
Next, the process needs to be done in linux host (for shared gateway) on.
1, enable IP forwarding
To set up a network share, you need to change kernel parameters on a linux host to enable IP forwarding. The kernel boot parameter in the /etc/sysctl.conf file.
Open this file, locate containing "# net.ipv4.ip_forward = 0" in this line, remove the # (cancel comment), and then set its value to 1, and the following should be consistent after changing for the better.
net.ipv4.ip_forward = 1
So you have to activate the IP forwarding function is active, by executing the following command:
$ Sudo sysctl -w net.ipv4.ip_forward = 1
$ Sudo sysctl -p
2, NAT configuration
Another important part of the network share is NAT configuration, which can be done using the command iptables, iptables firewall rule contains four tables:
FILTER (default table)
For this tutorial we will use only two tables: FILTER and NAT tables.
First, refresh all active firewall rules.
$ Sudo iptables -X
$ Sudo iptables -F
$ Sudo iptables -t nat -X
$ Sudo iptables -t nat -F
In input form, you need to set up forwarding chain (FORWARD) to an acceptable (ACCEPT) destination, so all through the host's packets will be handled properly.
$ Sudo iptables -I INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
$ Sudo iptables -I FORWARD -m state --state RELATED, ESTABLISHED -j ACCEPT
In the NAT table, you must enable IP masquerading as your WAN port, we assume that the WAN protocol is ppp0. To the ppp0 interface to enable IP spoofing technology, we use the following command:
$ Sudo iptables -t nat -I POSTROUTING -o ppp0 -j MASQUERADE
3, equipped with a private IP address
After all configurations on linux host is complete, you need to configure additional devices (linux / windows PC or laptop) DNS server, and default gateway, so that they can point to data stream linux host. Note that you do not need to set up a DNS server on linux host, every DNS request sent from other devices are automatically forwarded to the linux host ISP upstream.
If another device on your system is linux, you can following command to change their default gateway and DNS server. Assuming your network is a private IP address of the network segment 192.168.1.0/24, IP address, host binding on linux is 192.168.1.1.
$ Sudo ip route deldefault
$ Sudo ip route add default via 192.168.1.1
$ Sudo sh -c "echo 'nameserver 192.168.1.1'> /etc/resolv.conf"
If there are other linux device, you can repeat the command.
If you have windows device, you can control the Network Connection Properties panel to change the default gateway and DNS server.
4, a complete script
This is a complete script to set up a network connection sharing on linux host. WAN port (ppp0 agreement) needs according to your specific network interface protocol instead.
$ Sudo vi / usr / local / bin / ishare
#! / Bin / bash
## Internet connection shating script
sysctl -w net.ipv4.ip_forward = 1
iptables -t nat -X
iptables -t nat -F
iptables -I INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
iptables -I FORWARD -m state --state RELATED, ESTABLISHED -j ACCEPT
iptables -t nat -I POSTROUTING -o ppp0 -j MASQUERADE
Save the above script to / usr / local / bin / ishare, then add executable permissions by executing the following command.
$ Sudo chmox + x / usr / local / bin / ishare
If you need to boot this script, you need to execute the script /etc/rc.local file and in the file of "exit 0" before adding the following line.
/ Usr / local / bin / ishare