Isle of Wight computer help

Home |  Contact |  Case studies |  Computer help |  Links |  Feedback |  Sitemap | 

Setting up a mandrake Linux PC to share its Dial-up Internet connection.

Assumes you have tried to use the Mandrake wizard - it failed.

Mandrake internet connection sharing (ICS) wizard goes a little over the top for a small network - it installs a DNS nameserver (BIND), a proxy server (squid) and a DHCP server (dhcpd). Furthermore, it sets up the firewall to redirect all http requests (your browser asking for a web page) to the squid proxy server.
None of these servers are really necessary, and add complexity and multiple potential failure points to your network. (Although the set up is a valid one and simplifies sharing when it works!)
We will however leave them running for now, just in case. When you have it all working, they can be turned off one by one (to make it easier to locate any problems) if you wish by typing drakxservices as root.

Firewalling is not discussed here - see the shorewall or netfilter docs.

Let's try to do it manually!

For the following environments:

Where 'This_PC' is the one we are working on - it has a network card and a working modem.
It will forward all outbound Internet traffic to the Internet, receive any replies, and forward them to the correct PC on your LAN.

To set up a linux 'client' see simple network setup
To set up ICS with a cable or ADSL modem see ICS.html

First check your cabling - if you have a dual boot machine, is Windows internet connection sharing working ? Do the cables work on a known good network? Are you using the correct cable? To connect 2 PCs directly without a hub or switch, you need a crossover cable.

For our purposes:
Network interface cards (NICs) are called eth0, eth1 etc in Linux
ICS short for internet connection sharing - sharing a single internet connection with only 1 public IP address between multiple computers.
IP ADDRESS is a number used to uniquely identify a network interface.
DEFAULT GATEWAY address is the IP address of the device connected to the internet. Wit dial-up, this gets set up automatically once you are connected to your ISP.
NAMESERVER address is the IP address of your internet service providers (ISP) nameserver - used to look up the corresponding IP address of a human readable address like
HOSTNAME is a unique name for your computer - anything you like, for example linux.mylan.home or zeus.greekgods or kevin but not,, or anything .com, .net, .org etc...

Note about IP addresses:
Each interface on your network must have a different IP address from the same scheme. The usual numbering schemes for private networks are 192.168.x.x or 10.x.x.x .

 You will need your ISPs nameserver IP address (get it from your ISPs web site or a working  installation that is dialled up)

You will need to be root (administrator) to edit the files here.
To sign on as root, type su in a terminal (console), press enter followed by your root password

Here goes:

Edit /etc/sysconfig/network-scripts/ifcfg-eth0 - This is the main config file for eth0.
It should read : (you can leave out anything on a line after #)
IPADDR=         # or whatever your IP address is to be - see above
NETMASK=      # or if your IP address is 10.x.x.x
NETWORK=        # or if your IP address is 10.x.x.x
BROADCAST=    # or if your IP address is 10.x.x.x

/etc/resolv.conf should contain the nameserver address(es) - put the address of your ISPs nameserver right at the top. eg:
You can have multiple nameserver lines - the resolver will try them all in turn if one fails
This file will probably be overwritten once you have dialled up, but it does no harm to put the correct address in there anyway, just in case...

The default gateway and your hostname go in /etc/sysconfig/network:
GATEWAY= # leave blank or delete - will get set up automatically when you are connected to your ISP

We then need to set up packet forwarding:
Put the following command at the beginning of /etc/sysctl.conf

Then 'turn off' the redirection to squid and set up network address translation:
Install iptables - type "urpmi iptables" as root, or use the package manager in the start menu or mcc

Add the following code to the bottom of /etc/rc.d/rc.local.
iptables -t nat -D PREROUTING -i eth0 -j loc_dnat
iptables -t nat -A POSTROUTING -o ppp+ -j MASQUERADE
This will delete a rule from your firewall and set up NAT (masquerading) - later, when you understand more, you can change shorewall and remove the first line, but for now we'll keep it simple.

Reboot the computers

Then try it all out:
Try pinging your computer from its self (type "ping" or whatever your IP address is) If you get errors, then your NIC/networking is not working - ask for help (see below).
If OK - Try pinging each PC from the other
If OK - Try browsing from each machine

If you can browse from the PC with the modem, but not another Linux box connected to it, see Simple net set up.

If you are still having problems, post the following information in the networking forum:
Overview of your problem - not just "I can't connect to the internet" - what have you done/tried so far, what works, what doesn't?
Physical network set up - what plugs in to what
Output of "ifconfig" , "route -n" , "iptables -nvL" and "iptables -nvL -t nat"
Summary of the results of all pings above.

Please pass on your comments for improvements, mistakes or omissions to me - consider this work in progress.

If you live on the Isle of Wight (UK) and you are still stuck, give me a call!