This guide should allow you to basically share the Internet connection in just a minute or so and its purpose is to make you understand the basics of what is happening when you use different commands. For sharing the Internet connection, we'll use the iptables tool because it can be found in all Linux distributions of all sizes and shapes.
If you just want to get the Internet connection up and running, enter this two lines in a terminal:echo "1" > /proc/sys/net/ipv4/ip_forwardiptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Note: eth0 is the interface connected to the Internet (to the outside world). If, in your case, it represents something else, just modify the interface to fit your situation.
Putting these two commands in the rc.local file is a good idea if you want to have Internet connection sharing after you reboot your computer. The rc.local script can be usually found in /etc/ or /etc/rc.d/ directories.
I should explain the commands so you'll get a better idea of what is happening.
The first line enables IP packet forwarding by setting the value 1 in the ip_forward file. The default value in this file is 0 and that means that packet forwarding is disabled. This should be enabled because hosts do not forward packets, but if you want to share the Internet connection, your computer should also behave as a router.
The second line uses the iptables command which processes packets through sets of filtering rules. This allows iptables to act as an excellent firewall, if configured properly, but it is also commonly used from address translation to connect networks to the Internet through only one IP address. Since iptables has a very comprehensive set of features, explaining it in detail would probably take more than 100 pages. The easiest way to share the Internet connection is to perform NAT (network address translation), using this command.
The first parameter assigned to the iptables command is -t nat
. It instructs iptables to work with the address translation chains. The tables that can be used with the -t parameter are filter, nat, mangle and raw. When no parameter is set, iptables uses filters so that's why we have to specify the importance of using nat. The -A
parameter appends this rule, the POSTROUTING chain meaning that the translation will occur after the router (your PC in this case) will determine how to deliver the packet. The -o eth0
parameter sets the outgoing interface which will be used for the Internet connection from your ISP. If the interface you use for the Internet connection is not eth0, it should be replaced with whatever you use. The last parameter, -j MASQUERADE
instructs iptables to jump to the MASQUERADE policy to complete packet processing. The MASQUERADE policy converts the source IP address of the packet to the IP address of the outgoing interface you set. That's why the process is called address translation and that's why all the computers in your network will have only one IP address in the outside world.
This is the most basic setup that can be performed to share the Internet connection. I've used several techniques to share an Internet connection with iptables, but this one is the easiest and it can be remembered without much effort. In some modern Linux distributions, you'll find graphical tools that will allow you to do the same thing, but I find this method to be a lot better because it can be used even for distros that come in only a few MB. I also think that this method is faster because you don't have to look for the graphical interface (if there is one) and through all the steps required for set-up.