- 论坛徽章:
- 0
|
如何让局域网中的用户共享宽带上网。
要设置两个地方,一个是route,一个是IPTABLE。route中设置好网关等东东,IPTABLE中把MASQUERADE打开,具体步骤如下:
1. On the linux box (that is directly connected to the internet, and is
supposed to do the internet sharing), start a terminal. Run the command
su
and then type the root password to become root.
2. Open the file /etc/rc.d/rc.local in your favorite text editor and
add this on a new line at the bottom
/etc/rc.d/rc.ipmasq
and save the file.
3. Then, create a new file called rc.ipmasq in the /etc/rc.d/ directory
and open this file in a text editor and add these lines
#!/bin/sh
IPTABLES=/sbin/iptables
#All The lines below are NAT routing
# flush any old rules
$IPTABLES -F -t nat
# turn on NAT (IP masquerading for outgoing packets)
$IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE
# enable IP forwarding (of incoming packets)
echo 1 >; /proc/sys/net/ipv4/ip_forward
Save this file.
This script assumes that eth0 is the ethernet adaptor connected to the internet (say, thru a DSL/cable modem). Change it depending on your configuration (eth1, eth2 and so on). If the connection to the internet is not thru an ethernet device (as in the case of ordinary dialup or USB modem), you have to use ppp0 (or ppp1, ppp2 and so on). The network connections to the internet and intranet should already be up (how to do that is outside the scope of this document).
4. Make this script file executable by running
chmod 755 /etc/rc.d/rc.ipmasq
5. Then run the command /etc/rc.d/rc.ipmasq to enable the internet
sharing.
6. Now you can stop being root by running exit
The above script will work after the following have been already done:
Set up the network on all the computers in the LAN. Make sure every computer can be reached from another computer by "ping".
On each client computer, set the gateway to the internal IP address of the linux computer that is connected directly to the internet. Under DNS put in the primary and/or secondary DNS IP addresses of your ISP (Internet Service Provider).
Now you should be able to browse the internet from the other computers on your internal network.
It is strongly recommended that you also use a firewall on the linux
gateway. This above script will work with the firewall script without
any changes being required. |
|