Setting up Wireless to Wired Internet sharing or why Ubuntu/Debian/Linux still isn’t ready for the desktop

In part three of my computer related posts, let me document the final part of my AILX/Router saga. The situation is as follows. I have an internet connection that I can only get via wireless that I want to share. I have a router that does a great job sharing, but since the internet is restricted using RADIUS authentication via an HTTP login page, I can’t exactly do that through the router’s webpage. Therefore I need a computer to login to the wireless and output the internet to a wired port that goes into my router to be shared.

Internet -> (via wifi and auth) computer -> (via wired) router -> (via wifi) internet for everyone!

I tried with firestarter but had no luck. It ends up being firewall and iptables frontend and I just don’t need that/it always messes things up.

I just re-installed Debian Lenny on my AILX board to use Network Manager to share the connection and low and behold! It doesn’t work. I followed every instruction to the T (including the ICS wiki from Ubuntu using my Ubuntu based netbook as the test computer) and nothing got even close to working. Not even a little bit. I sat at my desk after a day of trudging through documentation and wiki’s a sad and broken man.

Finally, my inner geek got the best of me and wouldn’t let me quit without trying a non-GUI solution. On the same Ubuntu ICS wiki ( https://help.ubuntu.com/community/Internet/ConnectionSharing ) there was a solution for sharing internet using iptables commands. Their example used two wired ethernet connections… hmm….

I changed a few lines and used the following instead of their example:

sudo iptables -A FORWARD -i wlan0 -o eth0 -s 172.16.4.56/16 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTING -t nat -j MASQUERADE

wlan0 is my wireless interface and eth0 is the ethernet port that I’m sending the internet out from. I set it with a static IP of 172.16.4.56 – random, I know, but I was just trying things out. With one more command…

sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

I was nearly done! All I did was configure my router (DDWRT) to use the following settings on the WAN port:

Static IP

WAN IP: 172.16.4.55

Subnet Mask: 255.255.0.0

Gateway: 172.16.4.56

Static DNS: 8.8.8.8

Static DNS: 8.8.4.4

This uses google as my DNS servers (faster here in Thailand) and gives my WAN port an IP one number lower than the address on my ‘routing’ pc.

TADA! It works like a charm. Who needs GUI configuration anyway?! Only Windows and OS X users I guess.

To make the changes stick even after a reboot:

Ptables settings need to be set-up at each boot (they are not saved automatically), with the following commands:

Save the iptables:

sudo iptables-save | sudo tee /etc/iptables.sav

Edit /etc/rc.local and add the following lines before the “exit 0” line:

iptables-restore < /etc/iptables.sav

Edit /etc/sysctl.conf and add these lines:

net.ipv4.conf.default.forwarding=1
net.ipv4.conf.all.forwarding=1

W00T! That should make it work like a charm. As of now, I’ve only tested it on my netbook, I’m going to set my AILX box up quickly and give it a go! I’ll report back and let you know if it works! 🙂