-
ICS/IP Masquerade on Ubuntu/Kubuntu/Debian-ish Distros
Primarily a post-it note for myself, so excuse me for not being overly verbose.
Scenario: One Kubuntu box, connected to the internet via eth1, want it to share that connection (and expose some services such as Samba and SSH) via eth0 to some other machine. The Kubuntu box is on 192.168.2.200 to the internet, 192.168.2.1 is a WiFi router, 192.168.1.1 is the ADSL modem that the router is connected to, so I’m gonna use 192.168.0.0 as the local network, i.e. where I want eth0 to live and expose the internet to my other comp.
Adding this to /etc/network/interfaces:
# Here we be sharing to da eth0 gigamabit intamaface auto eth0 iface eth0 inet static address 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255Starting the masquerade ball:
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o eth1 -j MASQUERADE iptables -A FORWARD -s 192.168.0.0/16 -o eth0 -j ACCEPT iptables -A FORWARD -d 192.168.0.0/16 -m state --state ESTABLISHED,RELATED -i eth0 -j ACCEPT
Restarting the network and bringing up the shared interface, then activation ip forwarding:
/etc/init.d/networking restart echo 1 > /proc/sys/net/ipv4/ip_forward
No DHCP here, so whatever comp wants to access the internet must set a static IP in the 192.168.0.2-254 range, using 192.168.0.1 as gateway, and also manually putting in DNS server addresses. These could be OpenDNS, which would be 208.67.222.222 and 208.67.220.220.
|