====== Laptop as a Router ======
===== Szenario =====
No Money for a real router. Just a DSL Modem, and 2 Laptops want to access the internet at the same time. Each of them has only 1 wired network interface.
===== Solution =====
The provided solution is quit quick and sort of dirty. It does not provide DHCP or DNS, both characteristic for a well thought-through network setup.
==== What you need ====
- 5 Port 100BaseT Hub (For the given szenario a 3 port model with 10MBit would be enough)
- 2 additional CAT5 Patch cables
==== Setup ====
* Connect every item with the hub using the CAT5 Patch cables.
{{:laptoprouter.png?400|}}
* Setup basic networking on Alice:
- Setup DSL ((''sudo pppoeconf''))
- Bring up eth0 ((''sudo ifconfig eth0 192.168.0.123''))
- //(If Bob has already a configured network interface (aka ip address), Bob should be able to ping Alice and vice versa)//
- Enable IP forwarding and Masquerading. A simplification of [[iptables|Iptables Firewall]] does the trick ((
#!/bin/bash
#parameter for this script
LAN_IFACE="eth0"
EXT_IFACE="ppp0"
LAN="192.168.0.0/24"
IPTABLES="/sbin/iptables"
SERVER="192.168.0.101"
modprobe ip_tables
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
modprobe iptable_nat
case "$1" in
start)
echo "Starting Firewall..."
#set kernelparameter
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
############# POLICIES ############
#default-policy: deny everything
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
############# GENERAL STUFF ##########
#allow everything on loopback-device
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT
#ESTABLISHED,RELATED
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#PING eingehend
$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
######### NAT #############
$IPTABLES -t nat -A POSTROUTING -o $EXT_IFACE -j MASQUERADE
##### OPEN PORTS TO LAN #####
##### OPEN LOCAL PORTS #####
$IPTABLES -A INPUT -i $EXT_IFACE -p tcp --dport 22 -j ACCEPT #OpenSSH-Server (sshd)
#LAN->FIREWALL
$IPTABLES -A INPUT -i $LAN_IFACE -s $LAN -j ACCEPT
#FIREWALL->EVERYWHERE - overwrites default policy for OUTPUT
$IPTABLES -A OUTPUT -j ACCEPT
#LAN->EVERYWHERE
$IPTABLES -A FORWARD -s $LAN -j ACCEPT
#Enable IP-Forwarding
echo 1 >/proc/sys/net/ipv4/ip_forward
;;
stop)
echo "Stopping Firewall ..."
echo "0" >/proc/sys/net/ipv4/ip_forward
$IPTABLES -F
$IPTABLES -X
$IPTABLES -Z
$IPTABLES -t nat -F
#Defaultpolicies ändern
# $IPTABLES -P INPUT ACCEPT
# $IPTABLES -P OUTPUT ACCEPT
# $IPTABLES -P FORWARD ACCEPT
;;
restart)
$0 stop && $0 start
;;
status)
#output active rules
$IPTABLES -L -v
#output nat rules
$IPTABLES -t nat -L -v
;;
*)
echo "Aufruf: $0 {start|stop|restart|status}"
;;
esac
))
* Setup networking on Bob (192.168.0.101) to use Alice (192.168.0.123) as a gateway:
- Prepare networking((
## /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.0.101
netmask 255.255.255.0
gateway 192.168.0.123
))
- Setup DNS. A copy of Alice's /etc/resolv.conf should be fine, as it contains the DNS server received via ppp.