| View previous topic :: View next topic |
| Author |
Message |
beerisgoodmate
Tux's lil' helper
Joined: 20 May 2005
Posts: 129
|
 Posted: Fri Jan 04, 2008 12:12 pm Post subject: Share LAN internet connection over wifi PCI card. |
 |
|
Hi All,
My Gentoo box is connected to the internet over lan.
I have a wifi card I wish to share the internet with.
Any tips on how to do this?
Cheers |
|
| Back to top |
|
 |
Dagger
Retired Dev
Joined: 11 Jun 2003
Posts: 765
Location: UK
|
| Posted: Fri Jan 04, 2008 1:20 pm Post subject: |
|
|
1st you need to configure your Wireless card
2nd you need to have iptables rules in place to forward internet traffic across the interfaces.
can you please post your:
ifconfig
ifconfig -a
iptables -L
_________________
95% of all computer errors occur between chair and keyboard (TM)
Join the FSF as an Associate Member!
Post under CC license. |
|
| Back to top |
|
|
beerisgoodmate
Tux's lil' helper
Joined: 20 May 2005
Posts: 129
|
| Posted: Fri Jan 04, 2008 9:35 pm Post subject: |
|
|
Hi Dagger, thanks for the reply.
| Quote: | | 1st you need to configure your Wireless card |
I have already configured the wifi card for accessing my (now broken) wifi. I assume I have to set a static IP etc?
| Quote: |
2nd you need to have iptables rules in place to forward internet traffic across the interfaces.
|
hmmm, I have never used iptables before as far as I know.
| Quote: |
can you please post your:
ifconfig
ifconfig -a
iptables -L |
| Code: | ifconfig
eth0 Link encap:Ethernet HWaddr 00:1D:60:A2:3E:81
inet addr:10.0.0.5 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::21d:60ff:fea2:3e81/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:626 errors:0 dropped:0 overruns:0 frame:0
TX packets:606 errors:0 dropped:0 overruns:0 carrier:2
collisions:0 txqueuelen:1000
RX bytes:574322 (560.8 Kb) TX bytes:153426 (149.8 Kb)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ra0 Link encap:Ethernet HWaddr 00:0F:EA:0A:81:CF
inet addr:169.254.111.44 Bcast:169.254.255.255 Mask:255.255.0.0
inet6 addr: fe80::20f:eaff:fe0a:81cf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:11780 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:471200 (460.1 Kb)
Interrupt:18 Base address:0xc000 |
| Quote: | ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:1D:60:A2:3E:81
inet addr:10.0.0.5 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::21d:60ff:fea2:3e81/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:641 errors:0 dropped:0 overruns:0 frame:0
TX packets:625 errors:0 dropped:0 overruns:0 carrier:2
collisions:0 txqueuelen:1000
RX bytes:585053 (571.3 Kb) TX bytes:160766 (156.9 Kb)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ra0 Link encap:Ethernet HWaddr 00:0F:EA:0A:81:CF
inet addr:169.254.111.44 Bcast:169.254.255.255 Mask:255.255.0.0
inet6 addr: fe80::20f:eaff:fe0a:81cf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:13078 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:523120 (510.8 Kb)
Interrupt:18 Base address:0xc000
sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) |
| Quote: | iptables -L
FATAL: Module ip_tables not found.
iptables v1.3.8: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded |
I might have to play with iptables a bit to get it working... |
|
| Back to top |
|
|
Dagger
Retired Dev
Joined: 11 Jun 2003
Posts: 765
Location: UK
|
| Posted: Fri Jan 04, 2008 11:15 pm Post subject: |
|
|
ok assuming your your internet uses class A network 10.x.x.x you can use class C network for your other computer (192.168.1.x should do, but can be any other one)
I assume this is very "lazy" setup as you trust your users on the wifi site.
Yes you have to assign a static IP for your wireless
of course your kernel needs to support relevant options from "Core Netfilter Configuration". It's save to mark ALL of them as modules. From your logs it seems it doesn't at the moment.
if you go to /usr/src/linux and run
make menuconfig
go to:
Networking -> Networking Options -> Network packet filtering ramework (Netfilter) -> Core Netfilter Configuration -> select all as modules
and
Networking -> Networking Options -> Network packet filtering ramework (Netfilter) -> IP: Netfilter Configuration -> select all as modules
than exit menuconfig and save configuration
| Code: |
make && make modules_install
|
than you need to add some sime iptables rules.
instead of copy pasting lets try to post some rules with description so it will be easier to understand
| Code: |
#!/bin/sh
# basic definitions
IPTABLES="/sbin/iptables"
WAN_IF="eth0" # interface which has internet access
WAN_IP="10.0.0.5" # and it's IP
LAN_IF="ra0" # interface we want to share internet access with
#Flush the chains and set up policies.
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD DROP # by default we don't allow anything to be forwarded. we want only stuff we specify
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -A FORWARD -i $WAN_IF -o $LAN_IF -m state --state ESTABLISHED,RELATED -j ACCEPT # we allow to forward only already established connections from internet.
$IPTABLES -A FORWARD -i $LAN_IF -o $WAN_IF -j ACCEPT # we forward ALL connections from local network to internet
$IPTABLES -t nat -A POSTROUTING -o $WAN_IF -j SNAT --to-source $WAN_IP # after routing and before packet will leave the iptables we need to change it's source IP
# so it will look like this packect has been generated by your gentoo box.
|
i hope this will help you a bit. I presume this should be enough to get it to work. I would highly recommend you to read iptables documentation as it's uber powerful tool and definitely one which is good to know.
Just as I said before it's VERY lazy configuration and does just a forwarding bit. It doesn't show even 0.000001% of iptables potential.
i hope this will help.
_________________
95% of all computer errors occur between chair and keyboard (TM)
Join the FSF as an Associate Member!
Post under CC license. |
|
| Back to top |
|
|
|
Networking & Security
