Last active
August 1, 2018 06:10
-
-
Save dweinstein/5281959 to your computer and use it in GitHub Desktop.
wireless ethernet NAT'd join (internet sharing) for my laptop running ArchLinux. This is so I can connect a desktop to my wireless network via laptop wifi. The desktop is assumed to use dhcp to get an IP address. Therefore, this script assumes that /etc/dhcpd.conf is configured with an appropriate subnet, and that /etc/conf.d/dhcp (on archlinux)…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# dhcpd.conf | |
# | |
# configuration file for dhcpd, which I generally use | |
# when NAT'ing wifi/ethernet for internet sharing. | |
# intended for /etc/dhcpd.conf | |
# option definitions common to all supported networks... | |
option domain-name "local."; | |
option domain-name-servers 10.0.1.1, 8.8.8.8; | |
default-lease-time 600; | |
max-lease-time 7200; | |
# Use this to enble / disable dynamic dns updates globally. | |
#ddns-update-style none; | |
# If this DHCP server is the official DHCP server for the local | |
# network, the authoritative directive should be uncommented. | |
#authoritative; | |
# Use this to send dhcp log messages to a different log file (you also | |
# have to hack syslog.conf to complete the redirection). | |
log-facility local7; | |
# A slightly different configuration for an internal subnet. | |
subnet 10.0.2.0 netmask 255.255.255.0 { | |
range 10.0.2.2 10.0.2.200; | |
option routers 10.0.2.1; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
# NAT for WiFi / ethernet internet sharing | |
ETHDEV=eno1 | |
WLANDEV=wlp3s0 | |
NETMASK=255.255.255.0 | |
ETHDEV_IP=10.0.2.1 | |
echo | |
echo Configuring laptop as a ${WLANDEV} to ${ETHDEV} NAT router: | |
echo WAN = ${WLANDEV}, DHCP | |
echo LAN = ${ETHDEV}, ${ETHDEV_IP}, ${NETMASK} | |
echo | |
echo Note: | |
echo [?] Assuming /etc/dhcpd.conf is configured. | |
echo [?] Assuming /etc/conf.d/dhcp is configured to provide DHCP service | |
echo on ${ETHDEV} interface | |
# flush iptables | |
echo [*] Flushing ip tables... | |
iptables -F | |
# disable current dhcp server | |
echo [*] Restarting DHCP daemon... | |
systemctl restart dhcpd4.service | |
# Accept all traffic | |
iptables -P INPUT ACCEPT | |
iptables -P OUTPUT ACCEPT | |
iptables -P FORWARD ACCEPT | |
# General new connection rate limiting for DOS and Brute Force protection | |
iptables -I INPUT -p TCP -m state --state NEW -m limit --limit 30/minute --limit-burst 5 -j ACCEPT | |
# Configure a port for the LAN hooked to ${ETHDEV} | |
ifconfig ${ETHDEV} ${ETHDEV_IP} netmask ${NETMASK} up | |
# Enable IP forwarding | |
echo [*] Enabling IPv4 Forwarding... | |
sysctl net.ipv4.ip_forward=1 | |
# Create a NAT firewall | |
# WAN = ${WLANDEV}, LAN = ${ETHDEV} | |
echo [*] Creating a NAT firewall... | |
iptables -t nat -A POSTROUTING -o ${WLANDEV} -j MASQUERADE | |
iptables -A FORWARD -i ${WLANDEV} -o ${ETHDEV} -m state --state RELATED,ESTABLISHED -j ACCEPT | |
iptables -A FORWARD -i ${ETHDEV} -o ${WLANDEV} -j ACCEPT | |
# Another step is to tell the routing table on which interface to listen | |
# to for the 255.255.255.255 broadcasts (dhcp): | |
echo [*] Updating routing table to listen on ${ETHDEV} for | |
echo broadcasts to 255.255.255.255 | |
ip route add 255.255.255.255 dev ${ETHDEV} | |
echo | |
echo Now the LAN machine should be able to connect to the wild wild world via the laptop. | |
echo |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment