Difference between revisions of "Iptables"
From Tomelec
(Created page with "== Share Internet connection creating a NAT == Sometime it´s handy to share an Internet connection with other network devices. For example to dial in using an UMTS modem and the...") |
|||
| Line 11: | Line 11: | ||
*clients must have a default route set | *clients must have a default route set | ||
*clients should have a manual DNS server entry | *clients should have a manual DNS server entry | ||
| + | |||
| + | Because that means a lot of work, here is a Shellscript that | ||
| + | *configures the LAN port eth0 | ||
| + | *enables IP forwarding and sets up a nat for ppp0 | ||
| + | *launches ''dnsmasq'' as a DHCP and DNS server. Client´s get their IP address and DNS server address automatically assigned. | ||
| + | <nowiki>#!/bin/sh | ||
| + | #Internet-Gateway für netzwerk auf eth0 einrichten. | ||
| + | #Zugang ist ppp0 | ||
| + | |||
| + | if [ "$1" = "start" ]; then | ||
| + | echo Gateway erstellen ... | ||
| + | #Interface einstellen | ||
| + | ifconfig eth0 192.168.10.1 up | ||
| + | #IP forwarding einschalten | ||
| + | echo 1 > /proc/sys/net/ipv4/ip_forward | ||
| + | #NAT | ||
| + | iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE | ||
| + | #DNS und DHCP | ||
| + | dnsmasq --dhcp-range=192.168.10.10,192.168.10.50,255.255.255.0,1h --no-dhcp-interface=ppp0 --log-dhcp --log-queries | ||
| + | |||
| + | elif [ "$1" = "stop" ]; then | ||
| + | echo Gateway beenden ... | ||
| + | #DNS und DHCP Server aus | ||
| + | start-stop-daemon --stop --retry=TERM/30/KILL/5 --pidfile /var/run/dnsmasq.pid --name dnsmasq | ||
| + | #IP forwarding aus | ||
| + | echo 0 > /proc/sys/net/ipv4/ip_forward | ||
| + | #NAT aus | ||
| + | iptables -t nat -D POSTROUTING -o ppp0 -j MASQUERADE | ||
| + | #Interface aus | ||
| + | ifconfig eth0 down | ||
| + | |||
| + | else | ||
| + | echo Internet-Gateway script | ||
| + | echo Aufruf mit Parameter start oder stop! | ||
| + | fi</nowiki> | ||
| + | Make sure ''dnsmasq'' is installed. Change the network interfaces and the IP range according to your needs. The script is quite simple, don´t expect too much ;) | ||
| + | |||
| + | Run the internet gateway script as root with parameter ''start''. | ||
| + | <nowiki>sudo ./inetgateway.sh start</nowiki> | ||
Revision as of 18:27, 17 September 2011
Sometime it´s handy to share an Internet connection with other network devices. For example to dial in using an UMTS modem and then getting a second computer (client) on the LAN port online.
- enable IP forwarding
- create a simple NAT
echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
ppp0 is the network device with an Internet connection. Important notes:
- the LAN port for the client´s network must have an IP address set
- clients must have an IP address within the same subnet of course
- clients must have a default route set
- clients should have a manual DNS server entry
Because that means a lot of work, here is a Shellscript that
- configures the LAN port eth0
- enables IP forwarding and sets up a nat for ppp0
- launches dnsmasq as a DHCP and DNS server. Client´s get their IP address and DNS server address automatically assigned.
#!/bin/sh
#Internet-Gateway für netzwerk auf eth0 einrichten.
#Zugang ist ppp0
if [ "$1" = "start" ]; then
echo Gateway erstellen ...
#Interface einstellen
ifconfig eth0 192.168.10.1 up
#IP forwarding einschalten
echo 1 > /proc/sys/net/ipv4/ip_forward
#NAT
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
#DNS und DHCP
dnsmasq --dhcp-range=192.168.10.10,192.168.10.50,255.255.255.0,1h --no-dhcp-interface=ppp0 --log-dhcp --log-queries
elif [ "$1" = "stop" ]; then
echo Gateway beenden ...
#DNS und DHCP Server aus
start-stop-daemon --stop --retry=TERM/30/KILL/5 --pidfile /var/run/dnsmasq.pid --name dnsmasq
#IP forwarding aus
echo 0 > /proc/sys/net/ipv4/ip_forward
#NAT aus
iptables -t nat -D POSTROUTING -o ppp0 -j MASQUERADE
#Interface aus
ifconfig eth0 down
else
echo Internet-Gateway script
echo Aufruf mit Parameter start oder stop!
fi
Make sure dnsmasq is installed. Change the network interfaces and the IP range according to your needs. The script is quite simple, don´t expect too much ;)
Run the internet gateway script as root with parameter start.
sudo ./inetgateway.sh start
