Internet Connection Sharing on Linux using iptables
It is very easy to setup an internet connection sharing in Linux system using iptables. This method can be used to share an internet connection from a Linux system(I used CentOS 6.2, but it should work on other distributions that support iptables). Another method of doing this is using a proxy server like squid.
Enable IP forwarding
Run as root
sysctl -w net.ipv4.ip_forward=1
To enable it in system startup, edit the file
/etc/sysctl.conf and setnet.ipv4.ip_forward = 1iptables
Run command as root
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables saveConfiguration
The configuration should be like this
Router
Connected to the internet provider
IP : 192.168.1.1
IP : 192.168.1.1
Internet Connected System
eth0 (LAN Card 1)
Connected to router
- IP : 192.168.1.10
- Netmask : 255.255.255.0
- Gateway : 192.168.1.1 (IP of the router)
eth1 (LAN Card 2)
Connected to the other system
- IP : 192.168.0.20 (Not the same network as the first card)
- Netmask : 255.255.255.0
- Gateway : 192.168.1.1 (IP of the router)
You can even use Squid as transparent proxy as website access log for your LAN. Just add the command given below after installing and configuring squid as transparent proxy.
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
No comments:
Post a Comment