HowtoForge - Linux Howtos in English English|HowtoForge.de - Linux-Howtos auf Deutsch Deutsch

How To Masquerade On Linux (Internet Connection Sharing)

Submitted by phd (Contact Author) (Forums) on Fri, 2007-12-21 13:02. :: Linux

How To Masquerade On Linux (Internet Connection Sharing)  

It's very simple to masquerade (internet connection sharing in Windows language ) on Linux with a few lines of iptables and ip_forward commands.

First of all you have to flush and delete existing firewall rules.

So flush rules by typing in terminal:

iptables -F
iptables -t nat -F
iptables -t mangle -F

Now delete these chains:

iptables -X
iptables -t nat -X
iptables -t mangle -X

Now it's time to save the iptables rules so type:

service iptables save
service iptables restart

Now all rules and chains have been cleared!

Check it in /etc/sysconfig/iptables which has all default rules set to accept.

Now open /etc/rc.d/rc.local and insert the line:

echo "1" > /proc/sys/net/ipv4/ip_forward

And then save and close the file.

Now asuming that your internet interface is eth0, type:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save
service iptables restart

Note: check if iptables is set to start during boot up.

Or check the status of your iptables service:

chkconfig –list iptables

If level 5 is on then it's ok othewise start the service at level 5 or level 2345.

Note: The post is also available on my own site - article desktop.


[Creative Commons Attribution License]
This page is licensed under a Creative Commons License.
login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf | Display a printer-friendly version of this page. printer-friendly version

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Please do not use the comment function to ask for help! If you need help, please use our forum: http://www.howtoforge.com/forums
Comments will be published after administrator approval.
Thanks
Submitted by dwallor (Contact Author) (Forums) on Wed, 2008-01-16 09:11.

Awesome.

 One small note.  "chkconfig -list iptables" should be "chkconfig --list iptables" (at least on my system, which is normal for all multi-character option names).

To explain (for noobies out there), the command can be "chkconfig -L iptables" or "chkconfig --list iptables".  Note the one dash versus two.  The single-character version, "L" has one dash.  the multi-character version "list", which means the same thing, has two dashes.  This seems to be a standard, as it's held true for every unix command I've used (I think).

 More inportant note:

Remember to configure your LAN adapter (in this case eth0) and give it an ip address.  If you want your computer to be like a router with a 198.168.x.1 style address, use "ifconfig eth0 192.168.0.1 netmask 255.255.255.0 up".  You'll also need to use whatever configuration you system provides you to change the adapters address to 192.168.0.1 so it will be set correctly at bootup.

login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf