Isle of Wight computer help

IW PC home pageHome

IW PC contact pageContact

IoW PC case studiesCase studies

Information pagesComputer help

IoW PC linksLinks

FeedbackFeedback

SitemapSitemap


Setting up a mandrake Linux PC to share its Internet connection.

Assumes you have tried to use the Mandrake wizard - it failed.

Mandrake internet connection sharing (ICS) wizard goes a little over the top for a small network - it installs a nameserver (BIND), a proxy server (squid) and a DHCP server (dhcpd). Furthermore, it sets up the firewall to redirect all http requests (your browser asking for a web page) to the squid proxy server.
None of these servers are really necessary, and add complexity and multiple potential failure points to your network. (Although the set up is a valid one and simplifies sharing when it works!)
We will however leave them running for now, just in case. When you have it all working, they can be turned off one by one (to make it easier to locate any problems) by typing drakxservices as root.

Also consider plugging all your PCs into the router, or a hub/switch attached to the router, and allow the router to do ICS and firewalling if it supports it, but we are assuming you wish to use the firewall in Linux, or don't wish to buy a hub. Firewalling is not discussed here - see the shorewall or netfilter docs.


Let's try to do it manually!

For the following environments:
Another_PC-->This_PC-->router/cable_modem
Another_PC-->hub/switch-->This_PC-->router/cable_modem
Another_PC-->hub/switch-->This_PC-->another_hub/switch-->router/cable_modem

Note: Setup is slightly different for a dial-up modem - see ics_modem.html
To set up a Linux 'client' see simple_net_setup.html

Where 'This_PC' is the one we are working on - it has 2 network cards. One is connected to your internet connection (we will assume eth0) and the other is connected to your internal private local area network (LAN) (we will assume eth1). It will forward all outbound internet traffic to the internet, receive any replies, and forward them to the correct PC on your LAN.

First check your cabling - if you have a dual boot machine, is Windows internet connection sharing working ? Do the cables work on a known good network?


For our purposes:
Network interface cards (NICs) are called eth0, eth1 etc in Linux
ICS short for internet connection sharing - sharing a single internet connection with only 1 public IP address between multiple computers.
IP ADDRESS is a number used to uniquely identify a network interface. Notice network INTERFACE - this means each device (eg computer) can (and in this case, should) have more than one IP address
DEFAULT GATEWAY address is the IP address of the device connected to the internet eg. your router, or PC running internet connection sharing. The address to use is the one allocated to the interface connected to your internal network. It will almost certainly be in one of the ranges in "Note about IP addresses" below. Most likely 192.168.0.1 , 192.168.1.1 or 10.0.0.1
NAMESERVER address is the IP address of your internet service providers (ISP) nameserver - used to look up the corresponding IP address of a human readable address like www.google.com
HOSTNAME is a unique name for your computer - anything you like, for example linux.mylan.home or zeus.greekgods or kevin but not www.google.com, www.microsoft.com...

Note about IP addresses:
Each interface on your network must have a different IP address. The usual numbering schemes for private networks are 192.168.x.x or 10.x.x.x . Furthermore, each 'side' of a router (in this case your ICS machine is acting as a router) must be on a different subnet, so we will number the LAN side 192.168.3.1. Don't worry if you don't understand this as yet - just follow the instructions...

The numbering scheme used on eth0 (the internet side of 'This_PC') should match that of your gateway device (router,cable modem etc). For example, if your router manual says the IP address is 192.168.1.1 you will number your computer network interface eth0 192.168.1.2

You need to find out what your IP address and default gateway are - these can be obtained from a working windows installation if you dual boot, or your router/cable modem manual as above. You will also need your nameserver IP address (get it from your ISP)

You will need to be root (administrator) to edit the files here.
To sign on as root - type su in a terminal (console), press enter followed by your root password


Let's get started then:

Edit /etc/sysconfig/network-scripts/ifcfg-eth0 - This is the main config file for the first (internet facing) interface.
It should read : (you can leave out anything on a line after #)
DEVICE=eth0
BOOTPROTO=static # You may also use BOOTPROTO=dhcp if your cablemodem/router/ISP supports or requires it - see note [1] at the end of the page.
IPADDR=192.168.1.2         # or whatever your IP address is to be - see above
NETMASK=255.255.255.0      # or 255.0.0.0 if your IP address is 10.x.x.x
NETWORK=192.168.1.0        # or 10.0.0.0 if your IP address is 10.x.x.x or 192.168.0.0 if your IP address is 192.168.0.x
BROADCAST=192.168.1.255    # or 10.255.255.255 if your IP address is 10.x.x.x or 192.168.0.255 if your IP address is 192.168.0.x
ONBOOT=yes
MII_NOT_SUPPORTED=yes

Edit  /etc/sysconfig/network-scripts/ifcfg-eth1 - This is the main config file for the second (LAN facing) interface.
It should read :
DEVICE=eth1
BOOTPROTO=static
IPADDR=192.168.3.1
NETMASK=255.255.255.0     
NETWORK=192.168.3.0       
BROADCAST=192.168.3.255  
ONBOOT=yes
MII_NOT_SUPPORTED=yes

/etc/resolv.conf should contain the nameserver address(es) - put the address of your ISPs nameserver right at the top. eg:
nameserver 195.20.224.165
You can have multiple nameserver xxx.xxx.xxx.xxx lines - the resolver will try them all in turn if one fails

The default gateway and your hostname go in /etc/sysconfig/network:
HOSTNAME=yourhostname_goes_here
NETWORKING=yes
GATEWAY=192.168.1.1    # or the IP address of your gateway device - the default gateway


We then need to set up packet forwarding:
Put the following command at the beginning of /etc/sysctl.conf
net.ipv4.ip_forward=1


Then 'turn off' the redirection to squid:
Install iptables - type "urpmi iptables" as root, or use the package manager in the start menu or mcc

Add the following code to the bottom of /etc/rc.d/rc.local.
iptables -t nat -D PREROUTING -i eth0 -j loc_dnat
This will delete a rule from your firewall - later, when you understand more, you can change shorewall and remove this line, but for now we'll keep it simple.


Reboot.


Then try it all out:
Try pinging your computers 'internet side' NIC (type "ping 192.168.1.2" or whatever your IP address is) If you get errors, then your NIC is not working - ask for help (see below).
If OK - Try pinging the gateway
If OK - try pinging the LAN side (ping 192.168.3.1)
If OK - Try browsing.
Then try all the above from another PC connected to the LAN - If this is a linux box and it doesn't work, see Simple net set up.

If you are still having problems, post the following information in the Mandrakeusers.org networking forum:
Overview of your problem - not just "I can't connect to the internet" - what have you done/tried so far, what works, what doesn't?
Physical network set up - what plugs in to what
Output of "ifconfig" , "route -n" , "iptables -nvL" and "iptables -nvL -t nat"
Summary of the results of all pings above.


Note [1] If you are using DHCP for your external interface, you should comment out the IPADDR, NETMASK, NETWORK and BROADCAST entries in /etc/sysconfig/network-scripts/ifcfg-eth0 by placing a # at the beginning of the line. You should add the following to your firewall (you could put the rules at the end of /etc/rc.d/rc.local):
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


Please pass on your comments for improvements, mistakes or omissions to me - consider this work in progress.



If you live on the Isle of Wight (UK) and you are still stuck, give me a call!