Monday, June 13, 2011

IP Masquerading - To share internet connection within a private network

So I have this setup,

SERVER1 - This connects to the LAN/Internet connection

SERVER2 and SERVER3 is connected to SERVER1, where SERVER1 is acting their gateway.

So SERVER1 is using CLASS A IP Address, using

while SERVER2 and SERVER3 is using CLASS C, having SERVER2 as and SERVER3 as and SERVER1 as their gateway using IP.

Server3 has 2 interfaces, one connects to the LAN and one connects to the private network of SERVER2 and SERVER3.

So to achieve SERVER2 and SERVER3 must have internet connection,
first in SERVER1, login as root and then check if the ip forwarding is enabled by,

$> cat /proc/sys/net/ipv4/ip_forward

if the result is 1, leave it behind, else,

$> echo "1" > /proc/sys/net/ipv4/ip_forward

then, do

$> iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE

I'm not going to explain fully what does the command do, you can check this by doing "man iptables".
So the "-o eth2", this is the interface that is dedicated to the LAN/internet connection. Since SERVER1 has two interfaces (namely eth0, and eth2), the eth0 is connected to SERVER2 and SERVER3 machines. So here, you should use the interface that has the internet connection to share.

Now in SERVER2 and SERVER3,
edit first /etc/resolv.conf and add the DNS that SERVER1 is using. Currently, I have SERVER1 dns to so edit and add the line below,


then save /etc/resolv.conf.

Now, ping, hopefully this works in your end.

You can also add which is a free DNS used by Google.

Hope this helps.

No comments: