Академический Документы
Профессиональный Документы
Культура Документы
Community Documentation
Ubuntu Documentation > Community Documentation > InternetConnectionSharing
Login to Edit
InternetConnectionSharing
Style Cleanup Required: This article does not follow the style standards in the Wiki Guide. More info...
Introduction
Internet Connection Sharing (ICS) provides the ability for one computer to share its Internet connection with another computer. To do this, a computer with an Internet connection must be configured to function as an Internet gateway. A second computer (or network of computers) connects to the Internet indirectly via the gateway computer. Situations in which ICS may be necessary include: Dial-up connection. Authenticated (PPPoA/E) connection. Wireless connection. When it is impractical (such as with distance) to run multiple network cables to each computer.
Contents 1. Introduction 1. GUI Method via Network Manager (Ubuntu 9.10 and up) 1. Wireless Ad-Hoc connection sharing scenario 2. Ubuntu Internet Gateway Method (iptables) 1. Gateway set up 2. Client set up 3. Advanced Gateway Configuration 1. DHCP/DNS server 4. Other approaches 1. Alternate server software (CLI) 2. Alternate gateway software (GUI) 3. Simple iptables example 5. See also
In order to share an Internet connection, the computer that will do the sharing must have two network cards or ports. This assumes that you are using at least one Ethernet port and that it is identified as "eth0". eth0 will be the port that other computers will connect to you on. When you are logged in: Go to "System" on your top bar. Navigate to "Preferences" and select "Network Connections". When that window opens, select "Auto eth0", and press "Edit" (This assumes that you are connected to the Internet on some other port, for example wlan0 using wireless). A new window will open. Navigate to the tab titled "IPv4 Settings", and change the Method to "Shared to other computers". After restarting the computer, you should now be able to plug in any computer into your other Ethernet port or share through your wireless card. Note: To clarify the above example, here is an example configuration that will work: 1. You are already connected to the Internet using your wireless on port wlan0. 2. The Ethernet port eth0 is connected to the PC that needs to share your Internet connection (or you could wire eth0 to a router for multiple machines). Note: In the case of connecting a router, especially one with wireless, where you want the users to share your connection: 1. Check before you start (in Synaptic or with dpkg-query -l dnsmasq*) that dnsmasq-base is installed and that dnsmasq is not installed. Install or uninstall as appropriate (see next section). 2. After connecting the router, to enable masquerading, type: sudo iptables -t nat -A POSTROUTING -j MASQUERADE
Restart NetworkManager: sudo /etc/init.d/network-manager restart Add a new wireless network with NetworkManager (left-click on NetworkManager icon, then select "Create New Wireless Network").
converted by Web2PDFConvert.com
Call the new network "UbuntuAdhoc" (Note: If you choose another name, you will have to turn on connection sharing later by editing the network that you just created). Set encryption to "WEP40..." (Note: You may have to experiment here according to what type of encryption with ad-hoc the device supports. WPA is not supported). NetworkManager now should connect to itself (which means it creates the ad-hoc wireless network and routes any Internet traffic to your wired network interface). Now, connect with the client(s), and you should have a working Internet connection.
Gateway set up
The following example will focus on the most common gateway setup: an Ubuntu computer with two wired network adapters (eth0 and eth1) hosting ICS to a static internal network configured for the 192.168.0.x subnet. For this example, eth0 is used to represent the network card connected to the Internet, and eth1 represents the network card connected to a client PC. You can replace eth0 and eth1 as needed for your situation. Also, any private IP subnet can be used for the internal network IP addresses. In summary: eth0 = the network adapter with internet (external or WAN). eth1 = the network adapter to which a second computer is attached (internal or LAN). 192.168.0.x = IP subnet for eth1 Your setup may be different. If so, make sure to change them accordingly in the following commands. Configure internal network card Configure your internal network card (eth1) for static IP like so: sudo ip addr add 192.168.0.1/24 dev eth0 The external and internal network cards cannot be on the same subnet. Configure NAT Configure iptables for NAT translation so that packets can be correctly routed through the Ubuntu gateway. sudo iptables -A FORWARD -o eth0 -i eth1 -s 192.168.0.0/24 -m conntrack --ctstate NEW -j ACCEPT sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -A POSTROUTING -t nat -j MASQUERADE The first rule allows forwarded packets (initial ones). The second rule allows forwarding of established connection packets (and those related to ones that started). The third rule does the NAT. IPtables settings need to be set-up at each boot (they are not saved automatically), with the following commands: Save the iptables: sudo iptables-save | sudo tee /etc/iptables.sav Edit /etc/rc.local and add the following lines before the "exit 0" line: iptables-restore < /etc/iptables.sav Enable routing Configure the gateway for routing between two interfaces by enabling IP forwarding: sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward" Edit /etc/sysctl.conf, and (up to 10.04) add these lines: net.ipv4.conf.default.forwarding=1 net.ipv4.conf.all.forwarding=1
The /etc/sysctl.conf edit is required because of the following bug in Hardy and later releases: Launchpad Bug Report
From 10.10 onwards, it suffices to edit /etc/sysctl.conf and uncomment:
converted by Web2PDFConvert.com
Client set up
Any OS can connect to the Internet as an ICS client as long as networking has been configured correctly. The following example will focus on how to set up an Ubuntu ICS client. For this example, it is assumed that the client is connected to an Ubuntu gateway, which has been configured to share ICS on the 192.168.0.x subnet according to the gateway set up outlined above. For this example, eth0 is the network card on the client which is connected (by crossover cable) to eth1 on the Ubuntu gateway. You can replace eth0 as needed for your situation. Also, any private IP subnet can be used for the internal network IP address, as long as it matches the subnet on the gateway. Disable networking sudo /etc/init.d/networking stop Give the client a static IP address sudo ip addr add 192.168.0.100/24 dev eth0 This IP address can be anything within the gateway's private IP range. Configure routing sudo ip route add default via 192.168.0.1 This address should match the IP address on the gateway's internal network card (eth1 in the above example). Configure DNS servers Unless your ICS gateway can also perform DNS, you must manually configure the client with your ISP DNS servers. If you do not know your ISP's DNS servers, you can use OpenDNS servers instead. Backup your current /etc/resolve.conf file: sudo cp /etc/resolv.conf /etc/resolv.conf.backup Open /etc/dhcp3/dhclient.conf with your favorite text editor: sudo nano /etc/dhcp3/dhclient.conf Search for the line that starts "prepend domain-name-servers", and change it to look like this: prepend domain-name-servers 208.67.222.222,208.67.220.220; 208.67.222.222 and 208.67.220.220 are OpenDNS DNS servers. If you wish to use your ISP's DNS servers, use them here instead of the OpenDNS servers. Restart networking sudo /etc/init.d/networking restart Once this is finished, your client will now have access to the Internet via ICS. Please direct any questions/comments to the Internet Connection Sharing Documentation thread. A beginner's working example of a Ubuntu Desktop with 2 NIC cards, sharing Internet connection: http://ubuntuforums.org/showthread.php?p=3713684
DHCP/DNS server
This is deceptively easy, and will be acceptable for most situations. However, it will not allow the ICS client to see computers on different subnets.
converted by Web2PDFConvert.com
Install software. sudo aptitude install dnsmasq Stop the server. After dnsmasq has been installed, it is automatically started, so it will need to be stopped before changes can be made. sudo /etc/init.d/dnsmasq stop Make a backup of the well-commented configuration file (we won't use any of this, but it's handy to have a copy of for reference later). sudo cp /etc/dnsmasq.conf /etc/dnsmasq.conf-backup Edit /etc/dnsmasq.conf with your favorite text editor, and add the following two lines: interface=eth1 dhcp-range=192.168.0.100,192.168.0.250,72h Note: The "interface" should match the interface that your clients are connected to, and the "dhcp-range" should be within the gateway's private IP subnet that you configured according with the "Gateway set up" directions above. Start the DHCP/DNS server. sudo /etc/init.d/dnsmasq start Now, your clients should be able to pull an automatic ip address and resolve host names.
Other approaches
The following section includes a rough outline of some alternative methods for configuring an ICS gateway. They are incomplete and untested. They are included simply for the sake of information.
be the same as you have dhcp3-server listening to. Of course, both checkboxes under that need to be checked. The Internetconnected network device will be the one that is configured for Internet. Now, I have two NICs, but I have PPPoE configured on eth0, and I have Internet connection sharing configured on the same one, because eth0 is also configured for a static 192.168 internal IP for my internal network.
#!/bin/sh # # rc.flush-iptables - Resets iptables to default values. # # Copyright (C) 2001 Oskar Andreasson <bluefluxATkoffeinDOTnet> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; version 2 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program or from the site that you downloaded it # from; if not, write to the Free Software Foundation, Inc., 59 Temple # Place, Suite 330, Boston, MA 02111-1307 USA # # Configurations # IPTABLES="/usr/sbin/iptables" # # reset the default policies in the filter table. # $IPTABLES -P INPUT ACCEPT $IPTABLES -P FORWARD ACCEPT $IPTABLES -P OUTPUT ACCEPT # # reset the default policies in the nat table. # $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT # # reset the default policies in the mangle table. # $IPTABLES -t mangle -P PREROUTING ACCEPT $IPTABLES -t mangle -P POSTROUTING ACCEPT $IPTABLES -t mangle -P INPUT ACCEPT $IPTABLES -t mangle -P OUTPUT ACCEPT $IPTABLES -t mangle -P FORWARD ACCEPT # # flush all the rules in the filter and nat tables. #
converted by Web2PDFConvert.com
$IPTABLES -F $IPTABLES -t nat -F $IPTABLES -t mangle -F # # erase all chains that's not default in filter and nat table. # $IPTABLES -X $IPTABLES -t nat -X $IPTABLES -t mangle -X Further reading: https://help.ubuntu.com/community/IptablesHowTo Internet connection sharing documentation thread: http://ubuntuforums.org/showthread.php?t=503287
See also
WifiDocs/ShareEthernetConnectionThroughWireless InternetHowto CategoryHardware CategoryInternet CategoryNetworking
Internet/ConnectionSharing (last edited 2011-12-16 02:01:06 by xp1) Parent Page Page History
The material on this wiki is available under a free license, see Copyright / License for details You can contribute to this wiki, see Wiki Guide for details
converted by Web2PDFConvert.com