In this howto, I will provide the guide necessary to share an internet connection in Linux.
So this happened to me, maybe you're in the same situation where you have one computer with wifi access, and you want to share that wifi connection with a computer that does not have a wireless chip. Or, you may be picking up a wifi signal, and want to use your router to 'repeat' the signal, but of course, the wifi router cannot connect to a wifi network, it can only broadcast the signal. So that is what this howto is about. Broadcasting an existing wifi signal using your own wireless router.
HOW IT WORKS
You will need computer with at least one wireless and one wired network interface. We will refer to this computer in this howto as the "Server". The server's wireless interface will be referred to as "wlan0" and it's wired interface will be referred to as "eth0".
If your interfaces are called something different, so you may need to replace these labels as needed.
If your interfaces are called something different, so you may need to replace these labels as needed.
PREPARE THE SERVER
First thing you will need to do is disable any kind of automatic networking settings daemon. If you use ubuntu or some form of debian distro, you may be using the gnome networkmanager application, others might use wicd, or kde's network manager. Any of these applications need to be disabled because we will configure the system manually.
The server computer will need a dhcp and a dnsmasq server. If you use vectorlinux (like I do), you can get the dnsmasq package from the repositories. This package includes a dhcp server, so it it should work perfectly for what we need. If you run some other distro, look for this package in your package management application, or build them from source now.
The server computer will need a dhcp and a dnsmasq server. If you use vectorlinux (like I do), you can get the dnsmasq package from the repositories. This package includes a dhcp server, so it it should work perfectly for what we need. If you run some other distro, look for this package in your package management application, or build them from source now.
CONFIGURATION
You will need root access on your server box to do this... so make yourself root now, or get handy with that sudo command ;)
Here are tbe basic settings that we need in /etc/dnsmasq.conf
interface=eth0Everything else in the file you can leave alone.
dhcp-range=192.168.5.50,192.168.5.150,12h
Start the magic automatically on boot.
Now that everything has been configured, it is time to setup the firewall rules at boot time so that everything works as soon as the system starts.
Create a new text file and put it somewhere in your path... I have mine in /root/ and mine is calles ic.firewall
It can be called anything and really can be anywhere, so long as you remember it later on.
The file needs to have the following information
#!/bin/bash
#interface to the outside world
OUTSIDEIFACE="wlan0"
#interface to the inside private network
INSIDEIFACE="eth0"
INSIDEIPRANGE="192.168.5.0/24"
ifconfig $INSIDEIFACE down
ifconfig $INSIDEIFACE 192.168.5.1 up
killall dhcpcd
ifconfig $OUTSIDEIFACE down
iwconfig $OUTSIDEIFACE essid your_essid key your_encryption_key
#enable ip forwarding in the kernel
echo 1 > /proc/sys/net/ipv4/ip_forward
#firewall iptables rules
iptables -t nat -A POSTROUTING -o $OUTSIDEIFACE -j MASQUERADE
iptables -A FORWARD -i $OUTSIDEIFACE -o $INSIDEIFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $INSIDEIFACE -o $OUTSIDEIFACE -j ACCEPT
iptables -A INPUT -j ACCEPT -p all -s $INSIDEIPRANGE -i $INSIDEIFACE
iptables -A OUTPUT -j ACCEPT -p all -d $INSIDEIPRANGE -o $INSIDEIFACE
#adding default route to the outside world
route add -net 0.0.0.0 $OUTSIDEIFACE
killall dhcpcd
dhcpcd $OUTSIDEIFACE
Save the file to your preferred location ( remember i'm using /root/firewall.ic ).
Add it to your rc.local so that it is read at boot time.
echo 'sh /root/firewall.ic \n'>> /etc/rc.d/rc.local
echo '/etc/rc.d/rc.dnsmasq restart \n'>> /etc/rc.d/rc.local
If you do not use vectorlinux, make sure you change the last line on that code to point to the correct path for your dnsmasq start script.
Also, now it's a good time to make sure that start script is set to executable mode
chmod +x /etc/rc.d/rc.dnsmasq
Now you need to restart your server computer, reboot it, and come back when you're done.
At this point, you should be able to acces the internet from the server box. If you do not have internet access, stop now, go back and figure out how to connect to your wifi access point. You can continue with this howto after you have established a connection to the internet.
CONFIGURING A ROUTER AS A CLIENT
So this is where it gets interesting.
If you have a router that you want to use to to share this connection with multiple computers, here is what you need.
If you have a router that you want to use to to share this connection with multiple computers, here is what you need.
- Using a computer other than the Server, connect to the router and enter it's configuration interface.
- Disable DHCP server on the router.
- In the LAN section of your router, Set the IP address to 192.168.5.2 and the Netmask to 255.255.255.0
- Using a patch cable (ethernet cable), connect the Server's eth0 interface to one of the router's LAN ports.
- Make sure the router's WAN port is not connected to anything.
- Save settings on your router, and restart it (unplug it and wait 30 seconds if needed)
Your router should have internet access now.
Connect to your router's wireless interface (or wired) using a client as you normally
If you use vectorlinux, You can safely use VLWifi to connect to the wireless access point now. Otherwise, find the documentation on your distro to connect to a wireless access point without using a networking daemon. (see 'man iwconfig')
Connect to your router's wireless interface (or wired) using a client as you normally
If you use vectorlinux, You can safely use VLWifi to connect to the wireless access point now. Otherwise, find the documentation on your distro to connect to a wireless access point without using a networking daemon. (see 'man iwconfig')
IF YOU ARE NOT USING A ROUTER
In case you're only sharing a connection with another computer, without using a router do this:
Simply connect the Server's eth0 to the client's eth0 interface using a patch cable (ethernet cable)
Bring up your clients eth0
Simply connect the Server's eth0 to the client's eth0 interface using a patch cable (ethernet cable)
Bring up your clients eth0
ifconfig eth0 up
dhcpcd eth0
You should get an IP from the server box and you should now have internet access on the client too
CREDITS
I'd like to thank Tony Brijeski (Tigger) and Nightflyer from the VectorLinux community for help provided on this subject. They came up with the technical details which allowed me to do this on my own boxes, Thanks guys, I'll buy you a beer sometime ;)
Enjoy ;)
0 comments:
Post a Comment