|
|
|
Help-Internet Connection Sharing in Ubuntu
|
|
Junior Member
|
17. January 2008 @ 21:04 |
Link to this message
|
Ok, so I have Ubuntu 7.10 installed on my hp laptop and I get internet through the wireless card(eth1). So now I am trying to figure out how to get internet connection sharing working so that my desktop ubuntu box can get internet too. I have my desktop computer connected to a wired hub that is also connected to my laptop (connected through eth0). When my laptop had windows installed on it ICS worked flawlessly. So now I am trying to figure out how to do it on my ubuntu laptop. I looked all over the internet for a solution to my problem, but a lot of the tutorials are pretty confusing to me, im still a noob a linux so any help would be appreciated
|
|
Advertisement
|
|
|
|
|
OzMick
Suspended permanently
|
17. January 2008 @ 21:54 |
Link to this message
|
You need to create a network bridge. I'm not sure if it works well on Linux when bridging a wlan to a lan, but I don't think it is too difficult.
One suggestion I've seen is to install "firestarter". I'll assume you at least know how to download/install new stuff with Ubuntu.
There are some other command line solutions I see getting thrown around. http://ubuntuforums.org/showthread.php?t=132515
Again, I'm not sure if it will work wlan<->lan. I saw something that went on about most wireless cards being unable to spoof MAC addresses which is apparently needed for the method by which Linux does bridging, though it was fairly old and the kernel has probably changed quite a bit since, so give it a go still.
|
|
varnull
Suspended permanently
|
17. January 2008 @ 22:20 |
Link to this message
|
|
This message has been edited since posting. Last time this message was edited on 17. January 2008 @ 22:24
|
|
OzMick
Suspended permanently
|
17. January 2008 @ 22:30 |
Link to this message
|
Originally posted by varnull:
...most people say just buy a wireless router.
Agreed. I bought one of these rather than getting a wireless dongle: http://www.zyxel.com/web/product_family_...70-FF2AA3A0C118
It can be configured as a bridge, so while it only has 1 ethernet port, it can be plugged into an uplink on a switch and share the wireless connection.
|
|
varnull
Suspended permanently
|
17. January 2008 @ 22:44 |
Link to this message
|
Nice device.. I may invest. It would be very useful for testing laptop repairs.
Most of the ubuntu things related to mac spoofing all seem to end like this one.. a solution, but nobody prepared to tell how.
http://ubuntuforums.org/showthread.php?t=561116
That's annoying, and very bad practice.. If I find a cure to a problem I am having I make sure to let people know how to do it.
This message has been edited since posting. Last time this message was edited on 17. January 2008 @ 22:45
|
Junior Member
|
17. January 2008 @ 22:44 |
Link to this message
|
|
I have firestarter on my computer but every time I try to enable ICS it says that my wired connection(eth0) is not ready, so then when I enable it and restart firestarter it then says my wireless connection(eth1) is not ready, and the only way I can get my wireless working again is by having my wired connection disabled, so I am kind of lost on what to do to get that to work properly, if you can get it to work at all
I thought that Ubuntu would have a pretty easy built in way of enabling ICS like windows does, but I guess I was wrong about that
This message has been edited since posting. Last time this message was edited on 17. January 2008 @ 22:47
|
|
varnull
Suspended permanently
|
17. January 2008 @ 22:52 |
Link to this message
|
|
So they do talk to each other..
You need to manually create a bridge between the 2 nics using the iptables scripts..
####################################
Basic masquerading
Many home users now have more than a single computer, but only a single connection to the internet (e.g. ppp or dsl or dhcp). So by default, only one computer at the time can be connected to the internet. However, with nat and masquerading, it is possible to have all computers in the household connected to the internet, simultaneously, and transparently, using the same single connection. Addresses of the packets that are being routed through the internet cannot be arbitrary. Almost all combinations of the form a.b.c.d are routable addresses. Notable exceptions are the ranges of "private" addresses, intended to be used exclusively for internal machines on a LAN (local area network). These ranges are (RFC 1918):
* 10.0.0.0 - 10.255.255.255 (10.xxx.xxx.xxx/8)
* 172.16.0.0 - 172.31.255.255 (172.16.xxx.xxx/12)
* 192.168.0.0 - 192.168.255.255 (192.168.xxx.xxx/16)
On your local LAN you are king - i.e. you can assign whatever addresses from a private range you want. Obviously, if you try to send a packet out on the internet from one of those private addresses, it won't work - routers drop packets containing a private address. So what needs to be done, is
* Designate one machine as router. The router must have 2 network cards:
o external interface (i.e. a card used to connect the machine to the ISP); this interface uses the routable IP provided by the ISP.
o internal interface - used to connect the router to the local network. The internal interface, only takes one input cable, so you can connect it directly to a single other machine (with a crossover cable), or to a hub/switch, if you have more than one machine on the LAN (using normal network cables).
* Assign private addresses to all the computers on the LAN, including the internal interface of the router. It is customary (but not mandatory to use the first available address for this special interface. E.g. if your lan has address 192.168.0.0 then assign 192.168.0.1 to the internal interface, and 192.168.0.2, etc. to the other machines.
* Configure the router to masquerade the packets coming from the LAN, addressed to the outer world. Suppose the router receives a packet from the private address 192.168.0.2 on its internal LAN, addressed to, say, www.microsoft.com. If it sends the packet out with the private address, the packet will be dropped in no time, because the packet contains a non-routable address. So before putting the frame on the wire, the router replaces the original, non-routable address (192.168.0.2) with its external address (routable, obtained from the ISP). For all the outer world knows, the packet originated from the router itself. This is good, but it entails that the router be smart too: the replies from www.microsoft.com will be addressed to the router, not to 192.168.0.2, so upon receival of a reply, the router must know who the reply is for - for itself or for a LAN machine.
Masquerading the source address (SNAT) is part of what the nat table can do. The destination address can also be masqueraded (DNAT). This is in general, not necessary for the simplest needs of a home user.
Assuming that the external interface is eth0 and the internal interface is eth1, the commands used to turn on masquerading are as follows:
21) root:~> /sbin/iptables -P FORWARD ACCEPT
22) root:~>/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Command 21 sets the policy in the FORWARD chain (in the FILTER table) to ACCEPT. Command 22) appends (-A) to the POSTROUTING chain in the nat table (-t nat) the rule that ALL outbound packets that are about to be put on eth0, must be first masqueraded. This means in particular that if there are more than one LAN (e.g. 192.168.1.0/24 and 192.168.2.0/24), all LANs will be masqueraded: the only criterion is -o eth0. If only, say, 192.168.1.0/24 must be masqueraded, then specify the source, i.e. replace "-o eth0" with "-s 192.168.1.0/24" in command (22). Various other combinations are possible, including specifying source/destination port, state, protocol, etc. MASQUERADE is used when the IP of the external interface eth0 is dynamic (if ppp, the external interface is ppp0). If the external interface has a static IP address (more uncommon for an average home user), then instead of -j MASQUERADE use -j SNAT (i.e. source nat). MASQUERADE itself is a special type of SNAT. For instance,
22) root:~>/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to your.static.ip
Needless to say, one can masquerade an individual machine, not necessarily an entire range. Just specify the address of that particular machine.
Last, for all this to work, the ipt_MASQUERADE and iptable_nat kernel modules must be loaded into the kernel (modprobe iptable_nat). Also, forwarding must be turned on in the kernel (echo 1 > /proc/sys/net/ipv4/ip_forward). Modern distributions already run these commands from startup scripts, but if they don't, put them e.g. in /etc/rc.d/init.d/iptables. If this is the case, there are probably other iptables initializations necessary, so you may want to make a little iptables.init script (e.g. in /usr/sbin) and call this entire script from /etc/rc.d/init.d/iptables).
###############################################
That's the theory anyway..
Linux isn't windows.. Some things are complicated by design..
Ubuntu is built on debian, and debian is made primarily for large networks and servers. Some knowledge is needed....
This message has been edited since posting. Last time this message was edited on 17. January 2008 @ 22:59
|
Junior Member
|
17. January 2008 @ 23:16 |
Link to this message
|
I get the concept of that, but I dont think I would be able to get it to work with my limited linux knowledge and I dont want to ruin my laptop setup because it was a small pain trying to get everything working properly, like my wireless card, when I first installed it
If I cant get ICS to work in Ubuntu I will probably go out and by a wireless pci card.
I have dropped windows all together and I have been using Ubuntu on my laptop and desktop for about a month now and I love it, one thing I like about it is that you can do anything you want with it, unlike windows
This message has been edited since posting. Last time this message was edited on 17. January 2008 @ 23:20
|
|
varnull
Suspended permanently
|
17. January 2008 @ 23:58 |
Link to this message
|
|
Agreed.. I haven't had much success with connection sharing on linux either. Suse seems to set it up automatically as long as both networks are connected at install. Every distro has different modules built in so it's a lot hit and miss whether it is even possible with what you have installed.
Why not try starting the masquerade modules
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
and seeing if the firestarter sharing setting works then.. Any live changes like that will vanish on reboot, so you can't mess it all up by trying them.
|
Junior Member
|
18. January 2008 @ 00:22 |
Link to this message
|
|
How would I go about starting the masquerade modules? Do I do anything through the terminal, or do I have to create a script or edit one or something like that? Could you give me easy to follow directions on how to do this?, sorry if that is a stupid question.
This message has been edited since posting. Last time this message was edited on 18. January 2008 @ 00:24
|
|
varnull
Suspended permanently
|
18. January 2008 @ 05:37 |
Link to this message
|
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
Ubuntu has been modified a lot from debian.. That should work.
You need to be root so
sudo modprobe iptable_nat
the second command will add the forwarding component to the network scripts... the actual locations may differ.. it might be /proc/system/network/ipv4 or some variant..
Have you thought of asking over at the ubuntu forums? They are usually pretty helpful with the precise commands and modules.
Don't think any of us here run ubuntu seriously.. I'm on BSD (unix) which does things in kind of the same way, but differently.. if you get my drift.
I found another article.. which I will quote in full as it seems the best written one so far..
Quote:
Internet Connection Sharing on Linux
Posted November 22, 2004 ? 7:58 pm by Yakov Shafranovich in Programming, Linux
Recently I have been asked about how to setup a service similar to Internet Connection Sharing (ICS) in Windows. For those really interested Microsoft?s ICS implementation consists of an internal DHCP server hardwired to the 192.168.0.0/24 range with the master computer set to 192.168.0.1. There is also a small DNS server running on the master computer caching the data from the network?s DNS servers and some sort of forwarding process that actually shuffles the data back and forth. Since standard protocols are used, any type of OS can use such configuration including Linux and Mac OS. But, the question of the day is how to setup a similar thing on Linux.
We need three components for this to function: a DHCP server, a DNS server and the traffic forwarding component. Luckily Linux includes all three with every possible customization option needed. The DHCP and DNS servers, called ?dhcpd? and ?bind? respectively, are both made by ISC and are available for download there or at your favorite repository. If you are using Fedora Core, then you should also download ?caching-nameserver? packages to make your local DNS server cache the DNS for the network. Of course, it goes without saying that YOU NEED a network interface of some kind to connect the computers together in your internal network.
1. LAN SETUP.
The first step is to make sure that your internal network functions. You should setup your Ethernet wired or wireless card and set its IP address to something like ?192.168.0.1″ via ?ifconfig? utility as follows:
/sbin/ifconfig eth1 192.168.0.1 netmask 255.255.255.0
Run ?/sbin/ifconfig? to check if the changes are applied. If you are using a Redhat Linux or Fedora Core system, you can set these settings via the ?Network? utility in ?System Settings? folder of your start menu (assign IP address).
2. DHCP Server.
Once the LAN is setup and DHCP is installed, you need to create a configuration file and place it in ?/etc/dhcpd.conf?. Here is a sample configuration:
default-lease-time 3600;
max-lease-time 7200;
authoritative;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.1;
option domain-name-servers 192.168.0.1;
ddns-update-style ad-hoc;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.10 192.168.0.50;
This will set your DHCP server. Now you have to start it as follows (on Redhat/Fedora):
/etc/init.d/dhcpd start
Or manually:
/sbin/dhcpd
Check the system log and at this point you should try pinging different computers on your local LAN to see if the LAN setup works. If it does, the next step is the DNS server.
2. DNS / BIND.
If you installed BIND and ?caching-nameserver? package on Fedora, all you need to do is start the server:
/etc/init.d/named start
Check the system log to make everything is fine. To check whether DNS works locally, use the ?nslookup? command and run ?server 127.0.0.1″ and try to do a lookup (with an Internet connection). Then try to do the same on any other LAN computer via nslookup/
3. Sharing the connection.
The actual sharing component in Linux is done via the firewall (iptables or ipchains depending on the Kernel version). For the 2.6 kernels, the iptables command is used. You need add the following to ?/etc/sysconfig/network? file on Fedora:
FORWARD_IPV4=true
and run a set of commands:
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
where ?eth0″ is your Internet connection. For a simpler solution, just download the Firestarter GUI Firewall which has NAT support.
Once everything is up and running, try to see if Internet is up on client computers via a web browser. Make sure to check the system log for problems. Once you have everything down pat, you can set the DNS and DHCP servers to run automatically either via the ?Services? utility in Fedora (to run on startup) or by editing the ?ifup/ifdown? scripts in the ?/etc/syconfig/network-scripts? directory (to start when the connection goes up)
The article explains why the M$ way seems so simple.. (theres a first.. an explanation of how something actually works instead of a load of technical jargon) As always by making it foolproof it hides the kind of nitty-gritty people should really have some idea of, and be able to configure.
You will probably have to look for the modules and startup scripts.. It's one place where ubuntu is different from other *nix
It doesn't look to frightening.. Just remember to make a backup of any file you intend to alter.. that way you can change back easily if something goes wrong.
You will be editing files as root, probably using nano (recommended) so the first thing to do with a file like sbin/iuptables is do .. as root.. cp /sbin/iptables /usr/backups/iptables (that way you know where you are)
the first thing you should do is look for the files they are listing in the guides and have a read of them with gedit.. see if anything looks familiar, and check what modules are running at startup.. lots of clues can be had from just reading some of the configuration files.. they usually have examples included which you can uncomment/edit to try. They will open in read only mode for a normal user (not root) so you can't damage anything.
Some reference materials as you are new to the command line (you will get used to it as you become more confident, though I have a suspicion the ubuntu people don't like you messing about down in the internals from the root terminal.. they want to restrict people to using the pretty windows like GUI for everything)
sudo (don't like sudo.. I would rather just log in as root in the first place if I'm intending to mess about with system files) http://www.gratisoft.us/sudo/man/sudo.html
nano (simple file editor) http://linux.die.net/man/1/nano
man (quick and dirty help about a command or application) http://www.computerhope.com/unix/uman.htm
This message has been edited since posting. Last time this message was edited on 18. January 2008 @ 05:47
|
Junior Member
|
18. January 2008 @ 11:00 |
Link to this message
|
I tried what you said varnull, but I keep getting an access denied thing when I try to do them. I found this link www.ubuntuforums.org and tried what they said to enable ICS but I keep getting an access denied thing or nothing seems to happen at all, for that too
This message has been edited since posting. Last time this message was edited on 18. January 2008 @ 11:00
|
|
Advertisement
|
|
|
|
varnull
Suspended permanently
|
18. January 2008 @ 11:36 |
Link to this message
|
|
For network connections settings you either need to be root, or your user account needs the tools to access the protocols.
Log out and drop to runlevel 1 or 2, then try after logging in as a single user.
Access denied always means you need a root priveledge to do what you are attempting (why I don't like sudo)
|
|
