-- Leo's gemini proxy
-- Connecting to gmi.noulin.net:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
date: 2023-11-01 21:21:44
categories: linux
firstPublishDate: 2023-11-01 21:21:44
I have a mobile phone, a laptop, a network hub and a desktop computer. I configure the mobile phone as a hot spot and connect the laptop to the hot spot with wifi, the laptop is connected to internet with the mobile phone. With a network cable the laptop is connected to the hub and the desktop computer is also connected to the hub. The laptop has 2 network interfaces and is connected to both internet and the desktop computer.
I want to connect the desktop computer to the internet using the laptop as a gateway.
┌╌╌╌╌╌╌╌╌┐
╎Internet╎
└╌╌╌┬╌╌╌╌┘
╎
╎
╎
┏━━━━━┿━━━━━━┓ ╭──────────╮ ╭──────────╮
┃Mobile phone┃ │Computer A│ │Computer B│
┗━━━━━┯━━━━━━┛ │Laptop │ │Desktop │
│ │(Gateway) │dhcp │ │
│ ╰─┬──────┬─╯server ╰────┬─────╯
│ │ │ │
└─────────────┘ └──────────HUB───────┘
Wifi wlp7s0b1 Wired enp6s0 Wired eno1
192.168.223.129 192.168.0.1 192.168.0.2
static ip set by dhcpd
I created the figure with patate:
Computer A Laptop (gateway) has 2 network interfaces:
wlp7s0b1 wifi connected to the mobile phone hot spot, the ip 192.168.223.129 is set by the mobile phone
enp6s0 wired network connected to the hub and desktop, I set a static ip (192.168.0.1)
Computer B Desktop has 1 wired network interfaces:
eno1: The ip is set automatically by the dhcp server in the laptop
I choose the network 192.168.0.0/24 for the LAN.
There are 3 steps to configure the laptop to be used as a gateway:
Set static ip for the enp6s0 interface
Setup iptables to forward packets to internet
Setup a dhcp server
In the laptop, I choose to configure network 192.168.0.0/24 and ip 192.168.0.1, devices connected to the hub will have ips in this network. The ips are distributed automatically by the dhcp server.
vi /etc/network/interfaces auto enp6s0 iface enp6s0 inet static address 192.168.0.1 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255
Reconfigure the interface:
ifdown enp6s0 ifup enp6s0
Configure the linux kernel to allow forwarding packets and make it persistent:
echo 1 > /proc/sys/net/ipv4/ip_forward vi /etc/sysctl.conf net.ipv4.ip_forward=1 sysctl -p #Output net.ipv4.ip_forward = 1 #Apply: sysctl --system
Setup iptables:
iptables -t nat -A POSTROUTING -o wlp7s0b1 -j MASQUERADE iptables -A FORWARD -i enp6s0 -o wlp7s0b1 -j ACCEPT iptables -A FORWARD -i wlp7s0b1 -o enp6s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
`iptables -t nat -A POSTROUTING -o wlp7s0b1 -j MASQUERADE`
This says: on the network address translation table, after we have figured out the routing of a packet on output enp6s0, replace the return address information with our own so the return packets come to us. Also, remember that we did this (like a lookup table that remembers this connection). Connections coming from the LAN (192.168.0.0/24) to the internet are recorded in the gateway (laptop) NAT table.
`iptables -A FORWARD -i enp6s0 -o wlp7s0b1 -j ACCEPT`
Allow packets that want to come from enp6s0 (the LAN) to go out wlp7s0b1 (the wifi interface connected to internet).
`iptables -A FORWARD -i wlp7s0b1 -o enp6s0 -m state --state RELATED,ESTABLISHED -j ACCEPT`
Use that lookup table we had from before to see if the packet arriving on the external interface actually belongs to a connection that was already initiated from the internal.
I setup a dhcp server in the gateway to automatically configure the network for the devices connected to the LAN. The dhcp server sets up a default nameserver, the default nameserver in the laptop is:
cat /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.223.198
The devices in the LAN use the nameservers 192.168.223.198 and 8.8.8.8 (google, if the first one doesn't work). Install and configure the ISC dhcp server (I used Debian Bullseye for this setup):
apt-get install isc-dhcp-server
vi /etc/dhcp/dhcpd.conf
#Uncomment #authoritative to make it authoritative
option domain-name-servers 192.168.223.198, 8.8.8.8;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.1 192.168.0.100;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.1;
}
Setup the network interface for the dhcp server, I disable ipv6 since it is not used in this setup:
vi /etc/default/isc-dhcp-server INTERFACESv4="enp6s0" #INTERFACESv6="enp6s0" - comment out to disable ipv6 dhcp server
Start the dhcp server:
/etc/init.d/isc-dhcp-server start
Run these commands to restart the dhcp server:
/etc/init.d/isc-dhcp-server stop kill `cat /var/run/dhcpd.pid` rm /var/run/dhcpd.pid /etc/init.d/isc-dhcp-server start
Now the devices on the LAN have their network interface automatically configured by the dhcp server like a regular router.
Another article describing the same setup:
Hashtag #networking
-- Response ended
-- Page fetched on Tue May 21 16:29:11 2024