Ubuntu – Internet connection sharing without Network Manager


I followed these instructions for setting up a shared internet connection with iptables. Specifically, I:

  1. Added a network interface for my second NIC in /etc/network/interfaces like so:

    auto eth1

    iface eth1 inet static



  2. Entered these rules exactly:

    sudo iptables -A FORWARD -o eth0 -i eth1 -s -m conntrack --ctstate NEW -j ACCEPT

    sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

    sudo iptables -t nat -F POSTROUTING

    sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

  3. Saved my rules to a file and added it to /etc/rc.local

  4. Enabled IP forwarding by changing the value of /proc/sys/net/ipv4/ip_forward to 1

  5. Uncommented the line net.ipv4.ip_forward=1 in /etc/sysctl.conf

  6. Restarted

Now, when I plug my laptop into the eth1 interface, I get an IP address and can ping the gateway, but I can't reach anything outside of that. i.e., I can't ping

In case it's relevant, my other interface is a PPPoE connection. It looks like this:

auto dsl-provider
iface dsl-provider inet ppp
pre-up /sbin/ifconfig eth0 up
provider dsl-provider

auto eth0
iface eth0 inet manual

I thought maybe the problem was that dnsmasq wasn't assigning nameservers, so I added dns-nameservers under both interfaces in /etc/network/interfaces. That didn't help, so I tried adding the nameservers to /etc/resolv.conf. No help there. Finally, I tried adding them to /etc/dnsmasq.conf:


This didn't help either. I'm not sure however if my problem really has anything to do with nameservers or if this is just another case of outdated, worthless documentation.

I was able to get this working with Network Manager at one point, but I didn't like how Network Manager didn't let me assign a DHCP range. So I'd like to avoid going back to that.

Best Answer


sudo iptables -A FORWARD -o ppp0 -i eth1 -s -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -t nat -F POSTROUTING
sudo iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

Thanks again to g0rdon at #openwrt :)

Related Question