2011/12/5
connection sharing on linux
To turn a linux box with two network interfaces into a NAT router with the most basic functions, four separate changes are required. This is more complicated than it needs to be. For future reference:
1. Enable packet forwarding in the “registry”:
Edit /etc/sysctl.conf to add
net/ipv4/ip_forward=1 then
> sysctl -p /etc/sysctl.conf
2. Set address sharing for outbound traffic and poke holes in the firewall:
Assume eth0 is the WAN-facing interface and eth1 is the LAN-facing interface, then
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> iptables -t filter -A FORWARD -i eth1 -o eth0 -j ACCEPT
> iptables -t filter -A FORWARD -i eth0 -o eth1 -m state –state ESTABLISHED,RELATED -j ACCEPT
> /etc/init.d/iptables save active
> /etc/init.d/iptables restart
Turn on the iptables service in sysvconfig
3. Enable automatic serving of dynamic LAN IP’s:
Assume 10.0.0.x is the LAN-side subnet and 192.168.0.1 is the WAN-side DNS server or gateway, then
Edit /etc/dhcp3/dhcpd.conf to add, e.g.
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.2 10.0.0.10;
option routers 10.0.0.1;
option domain-name-servers 192.168.0.1
}
> /etc/init.d/dhcp3-server restart
4. Set the LAN-facing interface to be on the LAN-side subnet:
Assume 10.0.0.1 is the LAN-side address of connection sharing machine, then
Edit /etc/network/interfaces to add
auto eth1
iface eth1 inet static
address 10.0.0.1
netmask 255.255.255.0
gateway 192.168.0.1
> /etc/init.d/networking restart
