Who is this article for?
This article is for anyone who wants to share their Internet connection. I will try to explain things as well as I can to give you enough knowledge to fix any problems you may come across without overloading you with too much information.What we will be creating
I'm going to assume you have a Linux computer that is connected to the Internet some how already. This may be directly or via a router (wired or wireless). We will call this your Internet connected device and name it eth0 from here on.You will also have another network device that you want to connect to another device such as a computer or games console. Again this can be wired or wireless but we'll call this device your local network connected device and name it eth1 from here on.
They say a picture is worth a thousand words so I'll attempt some ASCII to draw this set up:
---------- eth0 ------- eth1 --------------| Internet | ------ | Linux | --------- | Local device | ---------- ------- --------------If you intend on having just one device on your local network then you can plug it directly into your Linux computer. This will require a cross-over cable unless the network device on either side can cross the connection automatically. The above diagram is fine for this setup.
However, if you expect you will want more than one device on the local network then you will need to add a switch to the above setup between the Linux computer and the Local network like so:
---------- --- | Device 1 | | ---------- ---------- eth0 ------- eth1 -------- | ----------| Internet | --------- | Linux | --------- | Switch | --------- | Device 2 | ---------- ------- -------- | ---------- | ---------- --- | Device 3 | ----------If you use this set up the you will not require any cross-over cables
What technologies we will be using
First of all we will be using a firewall to share your Internet connection between network devices. The firewall we will be using is Netfilter, namely IPTABLES. IPTABLES uses sets of rules to manipulate network traffic. This will allow us to pass the Internet between different network devices. However we wont write any rules ourselves as there is a program available that will do that for us.We will also be using a DHCP server to allow other network devices to connect to Linux without having to configure each one manually. Again this will be easy to set up as the same program that we will use to configure IPTABLES can also configure the DHCP server too.
The program that can do all this is Firestarter. Firestarter is a tool that allows you to configure your Netfilter firewall using a simple GUI. As mentioned before we can also use it to configure your DHCP server.
Installation
To get everything we need to share your Internet connection you will need to install the following packages using your package manager:firestarterdhcp3-serveriptables
The package names may very depending on your distribution/repositories but if you are using a Ubuntu distribution you can install all of these by entering the following commands into a terminal:
sudo apt-get update && sudo apt-get install firestarter dhcp3-server iptables
Configuration
Before we start setting up your firewall we need to set up your network devices. If you skip this section then chances are you will run into problems with Firestarter later. It's where most people's problems come from so I can't stress enough about not skipping this part of the tutorial.If you are already connected to the Internet then you will have at least one IP address. Normally this is assigned via DHCP from your Internet service provider (ISP) and you haven't needed to bother knowing what that IP address is. If you have a router then that will have taken that IP address and then issued you a different one using DHCP. Whichever IP address is assigned to your computer, we need to find out it is. You can do this by entering the following command into a terminal:
ifconfigThis will list all of your network devices and any IP addresses that are assigned to them. You need to figure out which one is your Internet connected device and make a note of it's IP address. For the above diagrams our Internet connected device is eth0 so the output we're looking for would like like this:
eth0 Link encap:Ethernet HWaddr 00:18:f3:0c:21:e1 inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::218:f3ff:fe0c:21e1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2404694 errors:0 dropped:0 overruns:0 frame:0 TX packets:2145493 errors:44 dropped:0 overruns:0 carrier:44 collisions:235562 txqueuelen:1000 RX bytes:2169604043 (2.1 GB) TX bytes:692576527 (692.5 MB) Interrupt:23 Base address:0xe800As you can see from the "inet addr:192.168.1.10" line the IP address is 192.168.1.10. If you're connected to a router then it's common for the IP address to be similar to this.
You will now need to manually set an IP address for the local network connected device. If this isn't done before you start Firestarter then you will get an error message and Firestarter wont work. The easiest way to set an IP address that will survive a reboot is to use your network manager. You will find your network manager in different places depending on your distribution but it can often be found running in an icon on your taskbar, next to the clock. When you find your network manager set up the IP address of your local network connected device. You want the IP address of this device to be in a different subnet to the Internet connected device. From my output we saw that the IP address was in the 192.168.1.x range. Therefore I'm going to make my subnet for my local network connected device in the 192.168.5.x range and to keep things clear I'll give eth1 the IP address of 192.168.5.1
Okay so we are almost there now, we just need to configure Firestarter. We need to open the Firestarter application as root as we want it to create configuration files for the DHCP daemon and create some rules for IPTABLES. How to open Firestarter as root depends on your distribution again. If you are using a Ubuntu style distribution then you will do this by entering the following command into a console:
sudo firestarter
Otherwise you would need to log in as root and then open Firestarter by entering the following commands into a console:
sufirestarter
The first time you open Firestarter is will begin with a wizard that will help you set everything up. The first window is just a welcome screen so hit "Forward" to get to the good stuff.The next screen is where you choose your Internet connected device. In the above diagrams this would be eth0 but it may be different on your system. There are also two check boxes for you to tick. You will probably leave "Start the firewall on dial-out" unticked unless your Linux computer connects directly to the Internet and acts as a modem. If you have a router then you will leave this unticked. The second check box will probably need to be ticked unless you have configured your IP address manually. Once you have finished configuring this page click "Forward"
The next page is used to configure your device that is connected to your local network or eth1 in the diagrams above. Make sure the first tick box, "Enable Internet connection sharing" is ticked. You will then need to choose the correct device that is connected to your local network. Next make sure that you have ticked "Enable DHCP for local network". Once that is ticked you will be able to drop down the "DHCP server details" section. In this section we want to select "create new DHCP configuration". Now enter an IP address range that fit inside the subnet of the IP address you gave to you local network connected device and doesn't include the IP address you gave to that device. For our example we can have the range of:
Lowest IP address to assign: 192.168.5.2
Highest IP address to assign: 192.168.5.10This will allow 9 devices to connect on the local network. You may need to adjust your values to match your network size. Leave the Name server as "
That's it! If you have followed this tutorial properly then Firestarter should open up without any errors and any devices on your local network should now be able to connect to the Internet.
Links
Firestarter: http://www.fs-security.com/
Netfilter/IPTABLES: http://www.netfilter.org/
Author: http://www.ukdragon.com/
0 comments:
Post a Comment