Difference between revisions of "Iptables"

From Tomelec
Jump to: navigation, search
(Created page with "== Share Internet connection creating a NAT == Sometime it´s handy to share an Internet connection with other network devices. For example to dial in using an UMTS modem and the...")
 
Line 11: Line 11:
 
*clients must have a default route set
 
*clients must have a default route set
 
*clients should have a manual DNS server entry
 
*clients should have a manual DNS server entry
 +
 +
Because that means a lot of work, here is a Shellscript that
 +
*configures the LAN port eth0
 +
*enables IP forwarding and sets up a nat for ppp0
 +
*launches ''dnsmasq'' as a DHCP and DNS server. Client´s get their IP address and DNS server address automatically assigned.
 +
<nowiki>#!/bin/sh
 +
#Internet-Gateway für netzwerk auf eth0 einrichten.
 +
#Zugang ist ppp0
 +
 +
if [ "$1" = "start" ]; then
 +
  echo Gateway erstellen ...
 +
  #Interface einstellen
 +
  ifconfig eth0 192.168.10.1 up
 +
  #IP forwarding einschalten
 +
  echo 1 > /proc/sys/net/ipv4/ip_forward
 +
  #NAT
 +
  iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
 +
  #DNS und DHCP
 +
  dnsmasq --dhcp-range=192.168.10.10,192.168.10.50,255.255.255.0,1h --no-dhcp-interface=ppp0 --log-dhcp --log-queries
 +
 +
  elif [ "$1" = "stop" ]; then
 +
    echo Gateway beenden ...
 +
    #DNS und DHCP Server aus
 +
    start-stop-daemon --stop --retry=TERM/30/KILL/5 --pidfile /var/run/dnsmasq.pid --name dnsmasq
 +
    #IP forwarding aus
 +
    echo 0 > /proc/sys/net/ipv4/ip_forward
 +
    #NAT aus
 +
    iptables -t nat -D POSTROUTING -o ppp0 -j MASQUERADE
 +
    #Interface aus
 +
    ifconfig eth0 down
 +
 +
  else
 +
    echo Internet-Gateway script
 +
    echo Aufruf mit Parameter start oder stop!
 +
fi</nowiki>
 +
Make sure ''dnsmasq'' is installed. Change the network interfaces and the IP range according to your needs. The script is quite simple, don´t expect too much ;)
 +
 +
Run the internet gateway script as root with parameter ''start''.
 +
<nowiki>sudo ./inetgateway.sh start</nowiki>

Revision as of 18:27, 17 September 2011

Share Internet connection creating a NAT

Sometime it´s handy to share an Internet connection with other network devices. For example to dial in using an UMTS modem and then getting a second computer (client) on the LAN port online.

  • enable IP forwarding
  • create a simple NAT
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

ppp0 is the network device with an Internet connection. Important notes:

  • the LAN port for the client´s network must have an IP address set
  • clients must have an IP address within the same subnet of course
  • clients must have a default route set
  • clients should have a manual DNS server entry

Because that means a lot of work, here is a Shellscript that

  • configures the LAN port eth0
  • enables IP forwarding and sets up a nat for ppp0
  • launches dnsmasq as a DHCP and DNS server. Client´s get their IP address and DNS server address automatically assigned.
#!/bin/sh
#Internet-Gateway für netzwerk auf eth0 einrichten.
#Zugang ist ppp0

if [ "$1" = "start" ]; then
  echo Gateway erstellen ...
  #Interface einstellen
  ifconfig eth0 192.168.10.1 up
  #IP forwarding einschalten
  echo 1 > /proc/sys/net/ipv4/ip_forward
  #NAT
  iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
  #DNS und DHCP
  dnsmasq --dhcp-range=192.168.10.10,192.168.10.50,255.255.255.0,1h --no-dhcp-interface=ppp0 --log-dhcp --log-queries

  elif [ "$1" = "stop" ]; then
    echo Gateway beenden ...
    #DNS und DHCP Server aus
    start-stop-daemon --stop --retry=TERM/30/KILL/5 --pidfile /var/run/dnsmasq.pid --name dnsmasq
    #IP forwarding aus
    echo 0 > /proc/sys/net/ipv4/ip_forward
    #NAT aus
    iptables -t nat -D POSTROUTING -o ppp0 -j MASQUERADE
    #Interface aus
    ifconfig eth0 down

  else
    echo Internet-Gateway script
    echo Aufruf mit Parameter start oder stop!
fi

Make sure dnsmasq is installed. Change the network interfaces and the IP range according to your needs. The script is quite simple, don´t expect too much ;)

Run the internet gateway script as root with parameter start.

sudo ./inetgateway.sh start