Internet Connection Sharing

Sharing Your Connection with Other Windows or Linux Boxes

Now that so many households have more than one computer, some way of sharing the internet connection is often desirable. And while cable or DSL users might be best served by a hardware solution such as a router, setting up one of the computers as a gateway is a method that will work with any type of net connection. The paragraphs below describe how to set up your Linux box to share its connection, and is written with non-techie or new Linux users in mind. Note that the other computers don't need to be running Linux as well. Also note that there are other ways to do this; but the method below is reasonably simple and should work well for most home users.

Advantages vs. Disadvantages

Before we start on the specifics, you should probably look at the pros and cons of gateway based sharing to determine whether it will be suitable. First, the good points:

• Cheap to set up; only requires NICs - aka ethernet cards - and cabling (unless you go wireless..) Apart from the internet, these will also allow sharing files and printers.
• Will work with various OS's - the "client" machines can be Linux, Windows etc, or a mixture.
• Security - a properly configured firewall on the gateway will also protect the clients.

On the downside:

• The gateway computer needs to be turned on and connected for the other boxes to connect.
• Non permanent 'net connections (eg. dialup modem) have to be initiated from the gateway box - not normally a problem with a home network. Alternatively you could use a dial-on-demand tool like diald but these can be a bit tricky to set up.
• Like any shared connection, you'll also be sharing bandwidth, though this shouldn't be a problem with only a couple of users browsing the web.

Basically all that's required is a computer connected to the net in the usual way via dialup or cable/DSL - this is the gateway. The other computers are then connected to the gateway using standard ethernet parts and practices. Linux is an ideal candidate for the gateway computer because of its flexibility and its potentially good security. The other machines that connect to the gateway can run pretty well any OS, but in the examples below we'll be looking at only Linux or a couple of versions of Windows

Hardware Setup

You may have this already. Each of the client machines will need an ethernet card installed to allow connection to the gateway. If you only have one or two client boxes you can connect them directly to the gateways ethernet card(s) using crossover cables, but if you have more clients you'll probably elect to use a hub or switch. Most of the modern distros will include a point'n'click style tool to make installing and configuring the NICs a no-brainer.

Configuring the Gateway

First, some simple advice that might prevent some grief later: back up any configuration files you'll be editing. Then if things don't work out for any reason you can go back to the original configuration :)

Basically you'll follow these steps:

• Configure the NIC that connects to the other local machine(s).
• Enable masquerading/ip forwarding by configuring the firewall
• Edit a couple of networking related configuration files

Now for the details. The NIC on the local network side can be configured using ifconfig or you can just edit its config. file manually - on a RedHat style system this will be /etc/sysconfig/network-scripts/ifcfg-ethx. You can use any valid private network addresses for the NICs but if you use the addresses in the examples below you should have no problems. Just remember that if you use different IPs to those in this article you'll need to use the substitution consistently on both gateway and client(s). We'll use 192.168.0.1 for this particular card. Here's an example file, using the second NIC (eth1) as the interface to the LAN - if you have only one NIC it'll be eth0:

DEVICE=eth1 BOOTPROTO=none IPADDR=192.168.0.1 NETMASK=255.255.255.0 NETWORK=192.168.0.0 BROADCAST=192.168.0.255 ONBOOT=yes 

Now we enable masquerading via the firewall - you are running one aren't you? Actually, it's possible to enable forwarding simply by running echo "1" > /proc/sys/net/ipv4/ip_forward but considering the benefits of iptables firewalls and their ease of implementation, they'll be the approach we take here. Depending on the firewalling software you are using, this will be done by editing part of a script or by ticking the appropriate boxes with GUI tools. These are the details you'll typically need to enter:

• IP forwarding (or masquerading) enabled
• The device name of the NIC that the other machine(s) connect through - eg. eth0 or eth1
• The name of the interface to the WAN or Internet - eth0 or ppp0 for example.
• The IP address range of the LAN - enter 192.168.0.0/24 here. It allows IP addresses from 192.168.0.1 to 192.168.0.254 to be used for the boxes on the network.

Don't forget to re-run the firewall script (or reboot) for the changes to take place. And if you are having trouble configuring your firewall or you don't have one at all, there is an easy to use script available here.

Providing you already have a working internet connection on this machine, there should be no need to provide DNS details, otherwise edit /etc/resolv.conf to look something like this:

  nameserver xxx.xxx.xxx.xxx   nameserver xxx.xxx.xxx.xxx   

where xxx.xxx.xxx.xxx are the IP addresses of your ISPs nameservers.

You'll also need these nameserver or DNS addresses when configuring the clients. If you don't know the numbers, or they are automatically assigned by your ISP upon connection, you should be able to get them from /etc/resolv.conf on the gateway while it is connected to the internet. This file is usually overwritten with the DNS numbers by the ppp tool - eg. kppp or pppoe - while the net connection is up.

The only thing left to do now is to set the default route. This is the route to the internet and could be ethx for a cable connection or ppp0 for DSL/dialup. On a RedHat style distro this is done by editing /etc/sysconfig/network - or with Debian look for /etc/network/interfaces. Here's an example using eth0 as the WAN or internet interface, it should contain these lines:

NETWORKING=yes FORWARD_IPV4=true GATEWAYDEV=eth0 

Configuring the Clients

Linux clients are easy, and merely require editing a couple of files. On a RedHat style machine with a single NIC, your /etc/sysconfig/network-scripts/ifcfg-eth0 file would look something like:

DEVICE=eth0 BOOTPROTO=none IPADDR=192.168.0.2  NETMASK=255.255.255.0 NETWORK=192.168.0.0 BROADCAST=192.168.0.255 ONBOOT=yes 

Note: Use 192.168.0.2 for the first client, 192.168.0.3 etc. for additional clients.

Next edit your /etc/sysconfig/network file to contain the lines "NETWORKING=yes" and "GATEWAYDEV=192.168.0.01". Finally, edit /etc/resolv.conf to match the same file on the gateway machine when the internet connection is up.

Windows XP clients are set up like this:
Click on Start > Control Panel
Click on Network and Internet Connections
Click on Network Connections
Right click on the icon representing the NIC
Click on Properties
Make sure the Internet Protocol (TCP/IP) box is ticked
Click on Internet Protocol (TCP/IP) again if necessary to highlight it
Click the Properties button
Select the Use the following IP addresses button and enter these values:
IP address - 192.168.0.2 (use this address for the first client, 192.168.0.3 etc. for additional clients)
Subnet - 255.255.255.0
Default Gateway - 192.168.0.1
Next, select Use the following DNS server addresses
Enter the DNS numbers of your ISP here.
Click OK
Get treatment for carpal tunnel syndrome :)

Windows 95/98/ME clients are set up this way:
Click on Network Neighborhood Click Properties
Click on TCP/IP in the Network window
Click the Properties button
Select the IP Address tab
Select Specify an IP Address and enter these values:
IP address - 192.168.0.2 (use this address for the first client, 192.168.0.3 etc. for additional clients)
Subnet Mask- 255.255.255.0
Click on the Gateway tab
Type "192.168.0.1" into the New Gateway box then click Add
Click the DNS Configuration tab
Click the Enable DNS button
Enter a name for the client in the Host box (eg. crasher) Now enter the DNS numbers of your ISP into the DNS Server Search Order box and click Add.
Click OK - it's all done.

Testing / Troubleshooting

What do you do if it doesn't work? Pinging the various networking interfaces to see if they respond would be a good start. For those not familiar with ping, it's a simple little tool that does nothing but send packets of data to the target host and then waits to see if it gets an answer back. If it receives a reply, then you know that particular target is connected and running, so you can go on to test the next link. It's a good way of pinpointing problem areas quickly. Starting from the gateway, try pinging the NIC on the LAN side, and if everything is working you should see something like this:

[john@localhost john]$ ping 192.168.0.1    PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.   64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=0.108 ms   64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=0.086 ms   64 bytes from 192.168.0.1: icmp_seq=3 ttl=64 time=0.081 ms   64 bytes from 192.168.0.1: icmp_seq=4 ttl=64 time=0.076 ms    --- 192.168.0.1 ping statistics ---   4 packets transmitted, 4 received, 0% packet loss, time 2997ms   rtt min/avg/max/mdev = 0.076/0.087/0.108/0.016 ms

Note that ping will keep running until you stop it with {ctrl-c} - a few seconds should be enough. In the example above, you can see that the we can talk to the NIC with no problems. Destination Unreachable messages will probably signify an addressing or hardware problem, while a NIC that can be reached but fails to return the packets might indicate a configuration problem. In these situations try running (as root) ifconfig to see the details of the network interfaces on the machine. Check that the IP address is correct, and that the device is running or "UP". If it isn't running, you can start it manually with ifconfig ethx up (where x is the NIC number - 0 or 1), and then try pinging it again. Provided you already have a working internet connection on the gateway, there'll be little point pinging the WAN interface.

Once you're satisfied that you can ping the local interfaces OK, go to the client machine and see if it can ping its NIC. Windows boxes have ping available as well, but on XP especially you might have to rummage through the menus until you find an X-Term window, or whatever XP calls it. Here is the order in which to do the pinging:
From the gateway: Ping the LAN interface - eg. ping 192.168.0.1
Then go to the client: ping its own LAN interface - eg. ping 192.168.0.2
Still from the client: ping the LAN interface on the gateway - ping 192.168.0.1
Back at the gateway: ping the LAN interface on the client - ping 192.168.0.2
If this all checks out, try running cat /proc/sys/net/ipv4/ip_forward
If IP forwarding is enabled it should return "1". If you get nothing, try running echo "1" > /proc/sys/net/ipv4/ip_forward, and if this fixes things recheck that your firewall script is OK and has been run. Also recheck your config files.