Monday, June 13, 2011

IP Masquerading - To share internet connection within a private network

So I have this setup,

SERVER1 - This connects to the LAN/Internet connection

SERVER2 and SERVER3 is connected to SERVER1, where SERVER1 is acting their gateway.

So SERVER1 is using CLASS A IP Address, using 10.0.2.45

while SERVER2 and SERVER3 is using CLASS C, having SERVER2 as 192.168.10.2 and SERVER3 as 192.168.10.3 and SERVER1 as their gateway using 192.168.10.1 IP.

Server3 has 2 interfaces, one connects to the LAN and one connects to the private network of SERVER2 and SERVER3.

So to achieve SERVER2 and SERVER3 must have internet connection,
first in SERVER1, login as root and then check if the ip forwarding is enabled by,

$> cat /proc/sys/net/ipv4/ip_forward


if the result is 1, leave it behind, else,

$> echo "1" > /proc/sys/net/ipv4/ip_forward

then, do

$> iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE

I'm not going to explain fully what does the command do, you can check this by doing "man iptables".
So the "-o eth2", this is the interface that is dedicated to the LAN/internet connection. Since SERVER1 has two interfaces (namely eth0, and eth2), the eth0 is connected to SERVER2 and SERVER3 machines. So here, you should use the interface that has the internet connection to share.

Now in SERVER2 and SERVER3,
edit first /etc/resolv.conf and add the DNS that SERVER1 is using. Currently, I have SERVER1 dns to 10.0.2.1 so edit and add the line below,

nameserver 10.0.2.1

then save /etc/resolv.conf.

Now, ping google.com, hopefully this works in your end.


You can also add 8.8.8.8 which is a free DNS used by Google.

Hope this helps.

No comments: