Using iptables in order to share an internet connection

Many users run small networks, be it at home or work. One of the widely used techniques for sharing the internet connection over a small local area network is Microsoft’s ICS (Internet Connection Sharing).

What if the main server is not running windows? Some prefer to opt for linux, and run several services that benefit client computers on this network (such as dns, dhcp, samba, NIS, etc…)

The good news for linux users is that they can benefit from the same functionality of ICS, but using linux iptables.

The following is a sample rule:

/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

Note that you will need to have ip forwarding enabled.

RedHat/Fedora users can execute the following:

echo 1 > /proc/sys/net/ipv4/ip_forward

Now, these rules can be saved in a .sh file, make that shell script executable (chmod +x filename.sh)

Then, make this file execute whenever your system boots. An example would be editing /etc/rc.local and setting the path to that file in there.

This simple iptables rule can be expanded in order to allow certain ports, block others, check protocols for incoming packets on such ports (tcp, udp) , etc.

Advanced rules to come later hopefully.

One thought on “Using iptables in order to share an internet connection”

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>