1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help-Internet Connection Sharing in Ubuntu

Discussion in 'Linux - General discussion' started by tyknappy, Jan 17, 2008.

  1. tyknappy

    tyknappy Member

    Joined:
    Jul 30, 2005
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    16
    Ok, so I have Ubuntu 7.10 installed on my hp laptop and I get internet through the wireless card(eth1). So now I am trying to figure out how to get internet connection sharing working so that my desktop ubuntu box can get internet too. I have my desktop computer connected to a wired hub that is also connected to my laptop (connected through eth0). When my laptop had windows installed on it ICS worked flawlessly. So now I am trying to figure out how to do it on my ubuntu laptop. I looked all over the internet for a solution to my problem, but a lot of the tutorials are pretty confusing to me, im still a noob a linux so any help would be appreciated
     
  2. OzMick

    OzMick Guest

    You need to create a network bridge. I'm not sure if it works well on Linux when bridging a wlan to a lan, but I don't think it is too difficult.

    One suggestion I've seen is to install "firestarter". I'll assume you at least know how to download/install new stuff with Ubuntu.

    There are some other command line solutions I see getting thrown around. http://ubuntuforums.org/showthread.php?t=132515

    Again, I'm not sure if it will work wlan<->lan. I saw something that went on about most wireless cards being unable to spoof MAC addresses which is apparently needed for the method by which Linux does bridging, though it was fairly old and the kernel has probably changed quite a bit since, so give it a go still.
     
  3. varnull

    varnull Guest

    Last edited by a moderator: Jan 17, 2008
  4. OzMick

    OzMick Guest

  5. varnull

    varnull Guest

    Nice device.. I may invest. It would be very useful for testing laptop repairs.

    Most of the ubuntu things related to mac spoofing all seem to end like this one.. a solution, but nobody prepared to tell how.

    http://ubuntuforums.org/showthread.php?t=561116

    That's annoying, and very bad practice.. If I find a cure to a problem I am having I make sure to let people know how to do it.
     
    Last edited by a moderator: Jan 17, 2008
  6. tyknappy

    tyknappy Member

    Joined:
    Jul 30, 2005
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    16
    I have firestarter on my computer but every time I try to enable ICS it says that my wired connection(eth0) is not ready, so then when I enable it and restart firestarter it then says my wireless connection(eth1) is not ready, and the only way I can get my wireless working again is by having my wired connection disabled, so I am kind of lost on what to do to get that to work properly, if you can get it to work at all

    I thought that Ubuntu would have a pretty easy built in way of enabling ICS like windows does, but I guess I was wrong about that
     
    Last edited: Jan 17, 2008
  7. varnull

    varnull Guest

    So they do talk to each other..

    You need to manually create a bridge between the 2 nics using the iptables scripts..

    ####################################
    Basic masquerading

    Many home users now have more than a single computer, but only a single connection to the internet (e.g. ppp or dsl or dhcp). So by default, only one computer at the time can be connected to the internet. However, with nat and masquerading, it is possible to have all computers in the household connected to the internet, simultaneously, and transparently, using the same single connection. Addresses of the packets that are being routed through the internet cannot be arbitrary. Almost all combinations of the form a.b.c.d are routable addresses. Notable exceptions are the ranges of "private" addresses, intended to be used exclusively for internal machines on a LAN (local area network). These ranges are (RFC 1918):

    * 10.0.0.0 - 10.255.255.255 (10.xxx.xxx.xxx/8)
    * 172.16.0.0 - 172.31.255.255 (172.16.xxx.xxx/12)
    * 192.168.0.0 - 192.168.255.255 (192.168.xxx.xxx/16)

    On your local LAN you are king - i.e. you can assign whatever addresses from a private range you want. Obviously, if you try to send a packet out on the internet from one of those private addresses, it won't work - routers drop packets containing a private address. So what needs to be done, is

    * Designate one machine as router. The router must have 2 network cards:
    o external interface (i.e. a card used to connect the machine to the ISP); this interface uses the routable IP provided by the ISP.
    o internal interface - used to connect the router to the local network. The internal interface, only takes one input cable, so you can connect it directly to a single other machine (with a crossover cable), or to a hub/switch, if you have more than one machine on the LAN (using normal network cables).
    * Assign private addresses to all the computers on the LAN, including the internal interface of the router. It is customary (but not mandatory to use the first available address for this special interface. E.g. if your lan has address 192.168.0.0 then assign 192.168.0.1 to the internal interface, and 192.168.0.2, etc. to the other machines.
    * Configure the router to masquerade the packets coming from the LAN, addressed to the outer world. Suppose the router receives a packet from the private address 192.168.0.2 on its internal LAN, addressed to, say, www.microsoft.com. If it sends the packet out with the private address, the packet will be dropped in no time, because the packet contains a non-routable address. So before putting the frame on the wire, the router replaces the original, non-routable address (192.168.0.2) with its external address (routable, obtained from the ISP). For all the outer world knows, the packet originated from the router itself. This is good, but it entails that the router be smart too: the replies from www.microsoft.com will be addressed to the router, not to 192.168.0.2, so upon receival of a reply, the router must know who the reply is for - for itself or for a LAN machine.

    Masquerading the source address (SNAT) is part of what the nat table can do. The destination address can also be masqueraded (DNAT). This is in general, not necessary for the simplest needs of a home user.
    Assuming that the external interface is eth0 and the internal interface is eth1, the commands used to turn on masquerading are as follows:

    21) root:~> /sbin/iptables -P FORWARD ACCEPT

    22) root:~>/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

    Command 21 sets the policy in the FORWARD chain (in the FILTER table) to ACCEPT. Command 22) appends (-A) to the POSTROUTING chain in the nat table (-t nat) the rule that ALL outbound packets that are about to be put on eth0, must be first masqueraded. This means in particular that if there are more than one LAN (e.g. 192.168.1.0/24 and 192.168.2.0/24), all LANs will be masqueraded: the only criterion is -o eth0. If only, say, 192.168.1.0/24 must be masqueraded, then specify the source, i.e. replace "-o eth0" with "-s 192.168.1.0/24" in command (22). Various other combinations are possible, including specifying source/destination port, state, protocol, etc. MASQUERADE is used when the IP of the external interface eth0 is dynamic (if ppp, the external interface is ppp0). If the external interface has a static IP address (more uncommon for an average home user), then instead of -j MASQUERADE use -j SNAT (i.e. source nat). MASQUERADE itself is a special type of SNAT. For instance,

    22) root:~>/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to your.static.ip

    Needless to say, one can masquerade an individual machine, not necessarily an entire range. Just specify the address of that particular machine.

    Last, for all this to work, the ipt_MASQUERADE and iptable_nat kernel modules must be loaded into the kernel (modprobe iptable_nat). Also, forwarding must be turned on in the kernel (echo 1 > /proc/sys/net/ipv4/ip_forward). Modern distributions already run these commands from startup scripts, but if they don't, put them e.g. in /etc/rc.d/init.d/iptables. If this is the case, there are probably other iptables initializations necessary, so you may want to make a little iptables.init script (e.g. in /usr/sbin) and call this entire script from /etc/rc.d/init.d/iptables).

    ###############################################

    That's the theory anyway..

    Linux isn't windows.. Some things are complicated by design..
    Ubuntu is built on debian, and debian is made primarily for large networks and servers. Some knowledge is needed....
     
    Last edited by a moderator: Jan 17, 2008
  8. tyknappy

    tyknappy Member

    Joined:
    Jul 30, 2005
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    16
    I get the concept of that, but I dont think I would be able to get it to work with my limited linux knowledge and I dont want to ruin my laptop setup because it was a small pain trying to get everything working properly, like my wireless card, when I first installed it

    If I cant get ICS to work in Ubuntu I will probably go out and by a wireless pci card.

    I have dropped windows all together and I have been using Ubuntu on my laptop and desktop for about a month now and I love it, one thing I like about it is that you can do anything you want with it, unlike windows
     
    Last edited: Jan 17, 2008
  9. varnull

    varnull Guest

    Agreed.. I haven't had much success with connection sharing on linux either. Suse seems to set it up automatically as long as both networks are connected at install. Every distro has different modules built in so it's a lot hit and miss whether it is even possible with what you have installed.

    Why not try starting the masquerade modules

    modprobe iptable_nat
    echo 1 > /proc/sys/net/ipv4/ip_forward

    and seeing if the firestarter sharing setting works then.. Any live changes like that will vanish on reboot, so you can't mess it all up by trying them.
     
  10. tyknappy

    tyknappy Member

    Joined:
    Jul 30, 2005
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    16
    How would I go about starting the masquerade modules? Do I do anything through the terminal, or do I have to create a script or edit one or something like that? Could you give me easy to follow directions on how to do this?, sorry if that is a stupid question.
     
    Last edited: Jan 18, 2008
  11. varnull

    varnull Guest

    modprobe iptable_nat

    echo 1 > /proc/sys/net/ipv4/ip_forward

    Ubuntu has been modified a lot from debian.. That should work.

    You need to be root so

    sudo modprobe iptable_nat

    the second command will add the forwarding component to the network scripts... the actual locations may differ.. it might be /proc/system/network/ipv4 or some variant..

    Have you thought of asking over at the ubuntu forums? They are usually pretty helpful with the precise commands and modules.

    Don't think any of us here run ubuntu seriously.. I'm on BSD (unix) which does things in kind of the same way, but differently.. if you get my drift.

    I found another article.. which I will quote in full as it seems the best written one so far..

    The article explains why the M$ way seems so simple.. (theres a first.. an explanation of how something actually works instead of a load of technical jargon) As always by making it foolproof it hides the kind of nitty-gritty people should really have some idea of, and be able to configure.

    You will probably have to look for the modules and startup scripts.. It's one place where ubuntu is different from other *nix

    It doesn't look to frightening.. Just remember to make a backup of any file you intend to alter.. that way you can change back easily if something goes wrong.

    You will be editing files as root, probably using nano (recommended) so the first thing to do with a file like sbin/iuptables is do .. as root.. cp /sbin/iptables /usr/backups/iptables (that way you know where you are)

    the first thing you should do is look for the files they are listing in the guides and have a read of them with gedit.. see if anything looks familiar, and check what modules are running at startup.. lots of clues can be had from just reading some of the configuration files.. they usually have examples included which you can uncomment/edit to try. They will open in read only mode for a normal user (not root) so you can't damage anything.

    Some reference materials as you are new to the command line (you will get used to it as you become more confident, though I have a suspicion the ubuntu people don't like you messing about down in the internals from the root terminal.. they want to restrict people to using the pretty windows like GUI for everything)

    sudo (don't like sudo.. I would rather just log in as root in the first place if I'm intending to mess about with system files) http://www.gratisoft.us/sudo/man/sudo.html

    nano (simple file editor) http://linux.die.net/man/1/nano

    man (quick and dirty help about a command or application) http://www.computerhope.com/unix/uman.htm
     
    Last edited by a moderator: Jan 18, 2008
  12. tyknappy

    tyknappy Member

    Joined:
    Jul 30, 2005
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    16
    I tried what you said varnull, but I keep getting an access denied thing when I try to do them. I found this link www.ubuntuforums.org and tried what they said to enable ICS but I keep getting an access denied thing or nothing seems to happen at all, for that too
     
    Last edited: Jan 18, 2008
  13. varnull

    varnull Guest

    For network connections settings you either need to be root, or your user account needs the tools to access the protocols.

    Log out and drop to runlevel 1 or 2, then try after logging in as a single user.

    Access denied always means you need a root priveledge to do what you are attempting (why I don't like sudo)
     

Share This Page