I followed these instructions for setting up a shared internet connection with iptables. Specifically, I:
-
Added a network interface for my second NIC in /etc/network/interfaces like so:
auto eth1
iface eth1 inet static
address 192.168.1.100
netmask 255.255.255.0
-
Entered these rules exactly:
sudo iptables -A FORWARD -o eth0 -i eth1 -s 192.168.1.0/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -t nat -F POSTROUTING
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-
Saved my rules to a file and added it to /etc/rc.local
-
Enabled IP forwarding by changing the value of /proc/sys/net/ipv4/ip_forward to 1
-
Uncommented the line
net.ipv4.ip_forward=1
in /etc/sysctl.conf -
Restarted
Now, when I plug my laptop into the eth1 interface, I get an IP address and can ping the gateway, but I can't reach anything outside of that. i.e., I can't ping 8.8.8.8.
In case it's relevant, my other interface is a PPPoE connection. It looks like this:
auto dsl-provider
iface dsl-provider inet ppp
pre-up /sbin/ifconfig eth0 up
provider dsl-provider
auto eth0
iface eth0 inet manual
I thought maybe the problem was that dnsmasq wasn't assigning nameservers, so I added dns-nameservers 8.8.8.8 8.8.8.4
under both interfaces in /etc/network/interfaces. That didn't help, so I tried adding the nameservers to /etc/resolv.conf. No help there. Finally, I tried adding them to /etc/dnsmasq.conf:
no-resolv
server=8.8.8.8
server=8.8.4.4
This didn't help either. I'm not sure however if my problem really has anything to do with nameservers or if this is just another case of outdated, worthless documentation.
I was able to get this working with Network Manager at one point, but I didn't like how Network Manager didn't let me assign a DHCP range. So I'd like to avoid going back to that.
Best Answer
Fixed:
Thanks again to g0rdon at #openwrt :)