In my previous post, newly connected devices cannot connect to the internet! Noooooo!!
But not to worry, after this everything will be working properly 
The reason for no internet connection is that the packets are currently being forwarded to the gateway (our server) and no further. What needs to happen, is that the gateway accept the packets from other devices, modify/adjust them slightly, and then forward them onto another network interface that is connected to the internet.
Using eth0 as the local network, and eth1 as the internet, the following commands will setup the IP rules to allow packets to flow from eth0 to eth1!
sudo iptables -A FORWARD -o eth1 -i eth0 -s 10.1.1.0/24 -m conntrack --ctstate NEW -j ACCEPT sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -t nat -F POSTROUTING sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
Heres some notes about the previous commands:
- The first rule allows forwarded packets input from
eth0and output toeth1 - The second rule allows forwarding of established connection packets (and those related to ones that started)
- The third and fourth rules do the NAT between networks
- Writing to
/proc/sys/net/ipv4/ip_forwardenables IP forwarding, it tells the kernel “yes”, you really do want to start forwarding packets
In order to verify that it works, try and access the internet on the newly connected machine… SUCCESS!!
The image below gives a before and after shot of the command ifconfig on my server. After running a system update, there was approximately 68MB of internet traffic!
However, not so quickly!!
The settings to made to iptables are not permanent! After every reboot, the above commands must be run. This is not useful! So …
Run the following command to save the iptables rules:
sudo iptables-save | sudo tee /etc/iptables.sav
Add the following line to /etc/rc.local (before the exit)
iptables-restore < /etc/iptables.sav
Modify /etc/sysctl.conf and remove the hash (#) from line
net.ipv4.ip_forward=1
Now, the server will be safe from a restart. Special thanks goes to those that contributed to the documentation about Internet Connection Sharing on the Ubuntu wiki.
Next is to investigate the power of the setup of a gateway…
- What can I gain by seeing all the traffic on the network?
- How can I allow only specific devices access to the internet?
- Any more questions? Post them in the comments section