Since I’ve got a new laptop, I’d like to share one internet connection between it and my desktop pc, both of which dual-boot Linux (Ubuntu) and Windows (Vista/XP).

Until now I’ve only tested the sharing when both are under ubuntu, latter I’ll test it with one on Ubuntu (which serves as the router) and another on Windows. If in your case Windows machine are connecting to the Internet, then you may use Winows’ ICS (Internet Connection Sharing) which is very simple. But now I’m writing the cases where Ubuntu machine is connecting to the Internet.

Configuration:
laptop (ubuntu 7.10)
eth0 (192.168.0.1) <–> hub
ppp0 <–> Internet

desktop pc (ubuntu 7.10)
eth0 (192.168.0.8) <–> hub

The following steps will do this job:
on laptop:
1. enable NAT (network address translation, you may encounter this if you’re playing with vmware)

root:~> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

only doing this, you may not get NAT enabled after you reboot your system. So add the following to /etc/network/interface (may be at the end of auto eth0 section):

pre-up iptables-restore < /etc/iptables.rules
post-down iptables-save > /etc/iptables.rules

optionally if it doesn’t work with all the others (including all those below), try this first before the others:

root:~> iptables -P FORWARD ACCEPT

2. enable ip forward. add this line to /etc/sysctrl.conf (may be at the end of this file):
net.ipv4.ip_forward = 1

On desktop pc
1. set laptop as the gateway of it

root:~> route add default gw 192.168.0.1

All done! Now reboot the laptop and make the dsl connection. To check everything you configured normal just do this:

root:~> cat /proc/sys/net/ipv4/ip_forward
1
root:~> iptables -t nat -L MASQUERADE POSTROUTING
target prot opt source destination
MASQUERADE 0 — anywhere anywhere

If you get the same output, then everything goes all right. Ping a website on the desktop pc to ensure the sharing succeed.

I did all the above following these:
http://forums.afterdawn.com/thread_view.cfm/616232
http://lindesk.com/2007/04/internet-connection-sharing-using-iptables/

The key point for understanding what these steps mean and do to your system is to understand the command iptables and the target (iptables term) MASQUERADE. I read the manual of iptables carefully and as I understand, enabling MASQUERADE (or NAT) replaces the source addresses of packets that the desktop pc sends out to the Internet with ppp0’s address and destination addresses of packets that are sent from the Internet to your desktop PC with your desktop pc’s address in the LAN. In addition “-o ppp0″ means all packets going out through ppp0 will be MASQUERADEed.

But the trick is how the laptop know which packets are sent to itself and which are sent to the desktop pc. If your ever somewhat investigate network connections in a LAN, you may find it is the port number that is the secrete.

To make things clear, iptables contains some rules (table of chains) to handle any packets going through. You can add, delete and modify these rules. Roughly, a rule is made up of two parts: 1) the criteria to match packets; 2) for the matched packets, what you wanna do with them, which is called a “target”. The rough syntax of the iptables command is:

iptables [-t table] [param] [some chain in the specified table] [option]

Many built-in chains (each chain is a chain of rules) contains some pre-defined criteria to match the packets. In this post, we just utilizes the built-in rules and pre-defined target (yes target can be separately defined).

Note: the terms and understandings may not be accurate, because It’s just my understanding without further deep investigation.

Related Posts

• Finally decide to use the genkitheme for this blog
• env. preparation
• JVM Structure Study Notes

Tags: administration, configuration, Internet, laptop, linux, network, ubuntu