Difference between revisions of "Internet sharing"

From ArchWiki
Jump to: navigation, search
m (Instructions: Clarified connection of the two PC's.)
(update link(s) (avoid redirect))
(48 intermediate revisions by 18 users not shown)
Line 1: Line 1:
[[Category:Networking (English)]]
+
[[Category:Networking]]
 +
[[cs:Internet Share]]
 
[[fr:Partage de connexion]]
 
[[fr:Partage de connexion]]
[[es:Conexion a Internet compartida]]
+
[[it:Internet Share]]
{{i18n|Internet_Share}}
+
[[ru:Internet Share]]
 +
This article explains how to share the internet connection from one machine to other(s).
  
==Preface==
+
== Requirements ==
Let's assume you have an Internet connection and you want to share it. There are two main ways to do that.
+
  
<pre>
+
* The machine acting as server should have an additional network device.
  Internet                          pc1
+
* That network device should be connected to the machines that are going to receive internet access. They can be one or more machines. To be able to share internet to several machines a [[Wikipedia:Network switch|switch]] is required. If you are sharing to only one machine, a [[Wikipedia:Ethernet crossover cable|crossover cable]] is sufficient.
1. ----> |router| ---> |switch| --->-<
+
                                      pc2 ..etc
+
+
  Internet
+
2. ------> |pc1 (router)| --> pc2..etc
+
</pre>
+
  
==Instructions==
+
{{Note|If one of the two computers has a gigabit ethernet card, a crossover cable is not necessary and a regular ethernet cable should be enough}}
I'll explain the second way (it is easier and requires one less machine).
+
<ol>
+
<li>Install a second network card to the first PC.</li>
+
  
<li>Connect the two PCs using an ethernet cable or a [http://en.wikipedia.org/wiki/Network_switch switch].  If one of the two computers has a gigabit ethernet card, a regular ethernet cable should work. Otherwise, use [http://en.wikipedia.org/wiki/Ethernet_crossover_cable crossover cable].</li>
+
== Configuration ==
  
<li>Let's assume that the first card (with the Internet) is called '''''internet0''''' and the other one (for the sharing) is called '''''local0'''''. (If those two keep switching at every boot read [http://wiki.archlinux.org/index.php/Udev#Mixed_Up_Devices.2C_Sound.2FNetwork_Cards_Changing_Order_Each_Boot this] ). The network interface of the client machine will be called '''''local1'''''.
+
This section assumes, that the network device connected to the client computer(s) is named '''''net0''''' and the network device connected to the internet as '''''internet0'''''.
  
The interfaces '''''local0''''' and '''''local1''''' will have to be in the same network.</li>
+
{{Tip|You can rename your devices to this scheme using [[Udev#Setting static device names]].}}
  
<li>Configure the second network card with:
+
=== Static IP address ===
:'''IP:''' 192.168.0.1
+
:'''Netmask:''' 255.255.255.0
+
or enter in a console (as root)
+
<pre>ifconfig local0 192.168.0.1 netmask 255.255.255.0
+
ifconfig local0 up</pre></li>
+
  
<li>To make this permanent, install [[netcfg]] if you don't have it and set up a network profile in '''/etc/network.d''', drawing on the examples in '''/etc/network.d/examples'''. Or, put the above lines in '''/etc/rc.local'''.
+
Assign an static IPv4 address to the interface connected to the other machines. The first 3 bytes of this address cannot be exactly the same as those of another interface.
 +
# ip link set up dev net0
 +
# ip addr add 139.96.30.100/24 dev net0 # arbitrary address
  
<li>Enable packet forwarding. To do so, write a "'''1'''" to '''/proc/sys/net/ipv4/ip_forward''' with:
+
To have your static ip assigned at boot, you can use [[netctl]].
<pre>echo 1 > /proc/sys/net/ipv4/ip_forward</pre></li>
+
  
<li>Edit '''/etc/sysctl.conf''' and add this line, which will make the previous change persistant after a reboot.
+
=== Enable packet forwarding ===
<pre>net.ipv4.ip_forward=1</pre>
+
If you are using ipv6, use these lines:
+
<pre>net.ipv6.conf.default.forwarding=1
+
net.ipv6.conf.all.forwarding=1</pre></li>
+
  
<li>Install iptables, enable NAT (needed to share Internet), save and start it.
+
Check the current packet forwarding settings;
<pre>pacman -S iptables
+
# sysctl -a | grep forward
iptables -t nat -A POSTROUTING -o internet0 -j MASQUERADE
+
rc.d save iptables
+
rc.d start iptables</pre></li>
+
  
<li>Add iptables in your DAEMONS array in your /etc/rc.conf so that it is started each time.</li>
+
Enter this command to temporarily enable packet forwarding:
 +
# sysctl net.ipv4.ip_forward=1
  
<li>Go to the client PC and set:
+
Edit {{ic|/etc/sysctl.d/30-ipforward.conf}} to make the previous change persistent after a reboot.
:'''IP:''' 192.168.0.2
+
{{hc|/etc/sysctl.d/30-ipforward.conf|<nowiki>
:'''Netmask:''' 255.255.255.0
+
net.ipv4.ip_forward=1
:'''Gateway:''' 192.168.0.1
+
net.ipv6.conf.default.forwarding=1
:'''DNS:''' The same DNS as the first PC
+
net.ipv6.conf.all.forwarding=1
 +
</nowiki>}}
  
<pre>ifconfig local1 192.168.0.2 netmask 255.255.255.0
+
=== Enable NAT ===
ifconfig local1 up
+
route add default gw 192.168.0.1 local1
+
echo "nameserver <adr of nameserver>" >> /etc/resolv.conf
+
</pre>
+
  
You can figure out the address of the nameserver by looking into the /etc/resolv.conf of PC1, if its Internet connection is already established. If you don't have a nameserver, you can use [https://code.google.com/speed/public-dns/ Google Public DNS] which is relatively fast. Its addresses are '''8.8.8.8''' and '''8.8.4.4'''.</li></ol>
+
[[pacman|Install]] the package {{Pkg|iptables}} from the [[official repositories]]. Use iptables to enable NAT:
  
{{Note| Of course, this also works with a mobile broadband connection (usually called ppp0 on PC1)}}
+
# iptables -t nat -A POSTROUTING -o internet0 -j MASQUERADE
 +
# iptables -A FORWARD -i net0 -o internet0 -j ACCEPT
 +
# iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 +
 
 +
{{Note|Of course, this also works with a mobile broadband connection (usually called ppp0 on PC1).}}
 +
 
 +
Read the [[iptables]] article for more information (especially saving the rule and applying it automatically on boot). There is also an excellent guide on iptables [[Simple stateful firewall]].
 +
 
 +
=== Assigning ip addresses to the client pc(s) ===
 +
 
 +
If you are planning to regularly have several machines using the internet shared by this machine, then is a good idea to install a [[Wikipedia:dhcp|dhcp server]].
 +
 
 +
You can read the [[dhcpd]] wiki article, to add a dhcp server. Then, install the [[dhcpcd]] client on every client pc.
 +
 
 +
If you are not planing to use this setup regularly, you can manually add an ip to each client instead.
 +
 
 +
==== Manually adding an ip ====
 +
 
 +
Instead of using dhcp, on each client pc, add an ip address and the default route:
 +
# ip addr add 139.96.30.120/24 dev eth0
 +
# ip link set up dev eth0
 +
# ip route add default via 139.96.30.100 dev eth0
 +
 
 +
Configure a DNS server for each client, see [[resolv.conf]] for details.
  
 
That's it. The client PC should now have Internet.
 
That's it. The client PC should now have Internet.
  
==See also==
+
== Troubleshooting ==
*[[Sharing ppp connection with wlan interface]]
+
 
*[[Simple stateful firewall]]
+
If you are able to connect the two PCs but cannot send data (for example, if the client PC makes a DHCP request to the server PC, the server PC receives the request and offers an IP to the client, but the client does not accept it, timing out instead), check that you don't have other [[Iptables]] rules [https://bbs.archlinux.org/viewtopic.php?pid=1093208 interfering].
*[[Router]]
+
 
*[[USB 3G Modem]]
+
== See also ==
 +
 
 +
* [[Ad-hoc networking]]
 +
* [[Sharing PPP Connection]]
 +
* [[Simple stateful firewall]]
 +
* [[Router]]
 +
* [[USB 3G Modem]]

Revision as of 13:04, 25 February 2014

This article explains how to share the internet connection from one machine to other(s).

Requirements

  • The machine acting as server should have an additional network device.
  • That network device should be connected to the machines that are going to receive internet access. They can be one or more machines. To be able to share internet to several machines a switch is required. If you are sharing to only one machine, a crossover cable is sufficient.
Note: If one of the two computers has a gigabit ethernet card, a crossover cable is not necessary and a regular ethernet cable should be enough

Configuration

This section assumes, that the network device connected to the client computer(s) is named net0 and the network device connected to the internet as internet0.

Tip: You can rename your devices to this scheme using Udev#Setting static device names.

Static IP address

Assign an static IPv4 address to the interface connected to the other machines. The first 3 bytes of this address cannot be exactly the same as those of another interface.

# ip link set up dev net0
# ip addr add 139.96.30.100/24 dev net0 # arbitrary address

To have your static ip assigned at boot, you can use netctl.

Enable packet forwarding

Check the current packet forwarding settings;

# sysctl -a | grep forward

Enter this command to temporarily enable packet forwarding:

# sysctl net.ipv4.ip_forward=1

Edit /etc/sysctl.d/30-ipforward.conf to make the previous change persistent after a reboot.

/etc/sysctl.d/30-ipforward.conf
net.ipv4.ip_forward=1
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1

Enable NAT

Install the package iptables from the official repositories. Use iptables to enable NAT:

# iptables -t nat -A POSTROUTING -o internet0 -j MASQUERADE
# iptables -A FORWARD -i net0 -o internet0 -j ACCEPT
# iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
Note: Of course, this also works with a mobile broadband connection (usually called ppp0 on PC1).

Read the iptables article for more information (especially saving the rule and applying it automatically on boot). There is also an excellent guide on iptables Simple stateful firewall.

Assigning ip addresses to the client pc(s)

If you are planning to regularly have several machines using the internet shared by this machine, then is a good idea to install a dhcp server.

You can read the dhcpd wiki article, to add a dhcp server. Then, install the dhcpcd client on every client pc.

If you are not planing to use this setup regularly, you can manually add an ip to each client instead.

Manually adding an ip

Instead of using dhcp, on each client pc, add an ip address and the default route:

# ip addr add 139.96.30.120/24 dev eth0
# ip link set up dev eth0
# ip route add default via 139.96.30.100 dev eth0

Configure a DNS server for each client, see resolv.conf for details.

That's it. The client PC should now have Internet.

Troubleshooting

If you are able to connect the two PCs but cannot send data (for example, if the client PC makes a DHCP request to the server PC, the server PC receives the request and offers an IP to the client, but the client does not accept it, timing out instead), check that you don't have other Iptables rules interfering.

See also