CentOS / Redhat Linux Internet Connection Sharing
Q. How do I configure CentOS / Redhat Linux computer to share my internet connection? How do I configure RHEL as a software router with two interfaces? How do I share my single connection with other PCs on LAN?
A. Linux can be easily configured to share an internet connection using iptables. Al you need to two network interface cards as follows:
a) Your internal (LAN) network connected via eth0 with static ip address 192.168.1.254
b) Your external WAN) network is connected via eth1 with static ip address 192.168.2.1
Please note that interface eth1 may have public IP address or IP assigned by ISP. eth1 may be connected to a dedicated DSL / ADSL / WAN / Cable router.
Step # 1: Enable Packet Forwarding
Login as the root user. Open /etc/sysctl.conf file
# vi /etc/sysctl.conf
Add the following line to enable packet forwarding for IPv4:
net.ipv4.conf.default.forwarding=1
Save and close the file. Restart networking:
# service network restart
Step # 2: Enable IP masquerading
In Linux networking, Network Address Translation (NAT) or Network Masquerading (IP Masquerading) is a technique of transceiving network traffic through a router that involves re-writing the source and/or destination IP addresses and usually also the TCP/UDP port numbers of IP packets as they pass through. In short, IP masquerading is used to share the internet connection.
Share internet connection
To share network connection via eth1, enter the following rule at command prompt (following useful for ppp0 or dial up connection):
# service iptables stop
# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# service iptables save
# service iptables restart
Open your Windows / Mac / Linux computer networking GUI tool and point router IP to 192.168.1.254 (eth0 Linux IP). You also need to setup DNS IP such as 208.67.222.222 and 208.67.220.220. You should now able to ping or browse the internet:
c:> ping 202.54.1.20
c:> ping google.com
Shell Script to Setup Basic Linux Network Sharing
This is basic connection sharing, following shell script is for more advance user. [ Download the script here and modify SHARE_IF as per your requirements. ]
#!/bin/bash
# Created by nixCraft - www.cyberciti.biz
IPT="/sbin/iptables"
MOD="/sbin/modprobe"
# set wan interface such as eth1 or ppp0
SHARE_IF="eth1"
# clean old fw
echo "Clearing old firewall rules..."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
# Get some kernel modules
echo "Loading kernel modules..."
$MOD ip_tables
$MOD iptable_filter
$MOD iptable_nat
$MOD ip_conntrack
$MOD ipt_MASQUERADE
$MOD ip_nat_ftp
$MOD ip_nat_irc
$MOD ip_conntrack_ftp
$MOD ip_conntrack_irc
# Clean old rules if any, rhel specific but above will take care of everything
# service iptables stop
# unlimited traffic via loopback device
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
echo "Setting ${SHARE_IF} as router interface..."
$IPT --table nat --append POSTROUTING --out-interface ${SHARE_IF} -j MASQUERADE
# Start other custom rules
#$IPT
# End other custom rules
echo "*** Instructions on TCP/IP On The Windows / Mac / Linux Masqueraded Client ***"
echo "1. Login to your other LAN desktop computers"
echo "2. Open network configuration GUI tool such. Under Windows XP - Click Start, click Control Panel, click Network and Internet Connections, and then click Network Connections"
echo "3. Set DNS (NS1 and NS2) to 208.67.222.222 and 208.67.220.220"
echo "4. Select the 'Gateway' tab in the TCP/IP properties dialog."
echo "5. Enter $(ifconfig ${SHARE_IF} | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}') as the default gateway."
Subscribe to our free e-mail newsletter or RSS feed to get all updates.
You can Email this page to a friend.
Related Other Helpful FAQs:
- Redhat / CentOS Linux list all packages available for installation
- How to run a script after ppp interface is comes up under Linux
- How do I install or upgrade an RPM file or package under Red Hat / Fedora / Suse Linux?
- Linux Move a print job from one queue to another
- Increase the number of telnet sessions allowed
Discussion on This FAQ
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: computer networking, configuring internet connection sharing, debian internet connection sharing, destination ip addresses, enable internet connection sharing, fedora internet connection sharing, internet connection sharing in linux, internet connection sharing with linux, iptables Masqueraded, lan network, linux internet connection sharing, Linux Masqueraded Client, network address translation, network interface cards, setting up internet connection sharing, share internet connection, software router
February 2nd, 2008 at 3:14 pm
Dear friend,
could i find access.log in Internet Sharing
CentOS / Redhat Linux Internet Connection Sharing
http://www.cyberciti.biz/faq/rhel-fedora-linux-internet-connection-sharing-howto/
June 3rd, 2008 at 9:49 am
thank you for the tutorial. Saved my day
June 24th, 2008 (3 weeks ago) at 10:05 am
Thanks for the tutorial. Tried the advanced version, went ok for few minutes then connection timed out. Appreciate any feedback.
July 3rd, 2008 (6 days ago) at 11:36 am
Thanks