So recently i had to setup my linux server to be able to dialup to the internet and act as a internet sharing box for the other pc’s on the network. This is how i did it.
This guide is written for Ubuntu, but most things will work on other flavors.
All the commands herein require root access (i believe), you can either add sudo
before them, login as root, use sudo
or sudo su
to get a root shell.
IP Forwarding Using IPTables
First thing to to is enable ip forwarding in the config
/etc/sysctl.conf: net.ipv4.ip_forward = 1
Then we need to enable it in the kernel (otherwise a reboot is needed)
echo 1 > /proc/sys/net/ipv4/ip_forward
And to see the current state of ip forwarding you can use
cat /proc/sys/net/ipv4/ip_forward
Now we need to setup forwarding rules. First we need to setup a rule to forward data.
iptables -A POSTROUTING -t nat -o ppp0 -j MASQUERADE (where ppp0 is your internet connection)
Next we need to accept data from the intranet that is going to be forwarded
iptables -A FORWARD -t filter -i eth0 -j ACCEPT (where eth0 is your local network)
And the last rule needed is to block all packets from the internet that were not established from the intranet.
Note that ESTABLISHED and RELATED are states where the connection was initiated from the intranet, so we block everything else (namely INVALID,NEW,UNTRACKED).
iptables -A INPUT -t filter -i ppp0 -m state --state INVALID,NEW,UNTRACKED -j DROP (where ppp0 is your internet connection)
If you want to open some internet ports for use, such as running a ssh server you can use the following.
Here we use -I to insert the rule at the top (above the previous one) so this will accept the connecion before the above rule drops the connection.
iptables -I INPUT -t filter -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT (change 22 to the port you need)
Now we have iptables setup, we need to save the configuration.
iptables-save > /etc/iptables.up.rules (the location of this file will depend on your flavor of linux)
DNS method 1: Bind Forwarding Server
If you havent installed bind, you can use this to install it under ubuntu/debian
apt-get install bind9
To setup dns forwarding, simply add this to the dns config
/etc/bind/named.conf.options: forward first; forwarders { 1.2.3.4; }; (change 1.2.3.4 to your isp's dns server)
You can use OpenDNS as your forwarding server, these can really speed up dns requests (leading to faster browsing).
Now issue the restart command to bind to reload the configuration and it sholud be working
/etc/init.d/bind9 restart
DNS Method 2: DNSMasq
DnsMasq (short for DNS masquerade), is a combined dns forwarder and dhcp server, and will consume far less memory than bind. This is found on many linux modem/routers (i.e. Linksys WRT54GL).
Installation is similar to bind
apt-get install dnsmasq
But unlike bind, you dont need to setup dns servers, it will use the ones defined in /etc/resolve.conf (useful if your using a direct internet connection)
if you have bind running you will have to stop it with
/etc/init.d/bind9 stop (optionally to disable bind startup) update-rc.d -f bind9 remove
DnsMasq can then be started with /etc/init.d/dnsmasq start
Client Configuration
You will need to configure clients to use your new router, to do this point their dns and gateway server to the ip address of your new router.
Thats all folks
Thanks for reading, hope you found this useful!