Tuesday, July 29, 2008

Simple Netfilter internet connection sharing

Imagine this, you are in a meeting with your work mates in a hotel which charges unreasonably high internet access fee. You are connected to the Internet via your HSDPA modem. Your mates need to check his mail and to do some administrative stuff on the groupware. You want to share your internet connection and you are using Linux with Iptables(netfilter) installed (whoo..hooo....). Now, how do you do that.
Simple, here is my little bash script, let say inet_share.sh. Customise it as you wish.
#!/bin/bash
CLIENT_BOUND_DEVICE=wlan0
INET_BOUND_DEVICE=ppp0
CLIENT_NETWORK=192.168.5.0/24

echo 0 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -F
/sbin/iptables -F -t nat
/sbin/iptables -F -t mangle

/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD DROP

/sbin/iptables -A FORWARD -i $CLIENT_BOUND_DEVICE -o $INET_BOUND_DEVICE -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i $INET_BOUND_DEVICE -o $CLIENT_BOUND_DEVICE -m state --state RELATED,ESTABLISHED -j ACCEPT

/sbin/iptables -A POSTROUTING -t nat -s $CLIENT_NETWORK -o $INET_BOUND_DEVICE -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward


How to run it?
sudo ./inet_share.sh
Oh, BTW, don't forget to set the DNS on the client machines with the one your machine is currently using. Or, you can install dnsmasq for DNS caching and let your mates' machines use your IP as the DNS server.
Hope, this is also useful.

1 comment:

Hendy Irawan said...

Trims Mas...

Udah kucoba di Kediri ama Dedi

Works flawlessly :D