Last updated on October 12, 2020 by Dan Nanni
In this tutorial, I'll explain how to share a single Internet connection among multiple devices on Linux. While consumer-grade WiFi routers have become mainstream nowadays, making this problem a non-issue, suppose you don't have one at home. However, say you have a Linux box already assembled with a modem and a LAN card. The modem is connected to the Internet with a dynamic public IP address, and the LAN card connected to your switch/hub. Other devices (Linux/Windows PC, laptop) are connected to the switch without having any Internet connection. To share the Internet connection of the Linux box, you have to turn the box into a gateway, so that it can relay traffic to and from other devices.
The following procedure is required on the Linux box (the connection sharing gateway).
In order to set up Internet connection sharing, you need to enable IP forwarding on the Linux box with a kernel parameter. Startup kernel parameters are stored in
Open this file, and locate a line that says
# net.ipv4.ip_forward = 0. Remove hash mark (i.e., uncomment it), and set the value to
1. It should look like the following:
net.ipv4.ip_forward = 1
You may also activate IP forwaring at run time by the following command, but this change does not survive reboots:
$ sudo sysctl -w net.ipv4.ip_forward=1 $ sudo sysctl -p
Another important part of Internet connection sharing is NAT configuration which can be done using
iptables maintains four firewall tables:
In this tutorial we will use only two tables:
First, flush all active firewall rules.
$ sudo iptables -X $ sudo iptables -F $ sudo iptables -t nat -X $ sudo iptables -t nat -F
INPUT table, you have to set chain
ACCEPT target, so all packets passed through the box will be processed correctly.
$ sudo iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT $ sudo iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
NAT table, you have to enable IP masquerading for your WAN interface. We assume that the WAN interface is
ppp0. To enable IP masquerading on
ppp0 interface, you can use the following command:
$ sudo iptables -t nat -I POSTROUTING -o ppp0 -j MASQUERADE
After all configuration is completed on the Linux box, you have to configure the DNS server and default gateway of other devices (Linux/Windows PC, laptop), so that they point to the Linux box. Note that you don't need to set up a DNS server on the Linux box. Every DNS request from other devices are automatically forwarded by the Linux box to your upstream ISP.
If you are using Linux on the other devices, you can use the following command to change their default gateway and DNS servers. I assume that you are using
192.168.1.0/24 private IP address segment, and that
192.168.1.1 is the IP address assigned to the Linux box.
$ sudo ip route del default $ sudo ip route add default via 192.168.1.1 $ sudo sh -c "echo 'nameserver 192.168.1.1' > /etc/resolv.conf"
If you have other Linux devices, you can repeat the command above on other devices.
If you have a Windows device, you can change the default gateway and the DNS server via network connection properties on the control panel.
Here is the complete script which sets up Internet connection sharing on the Linux box. The WAN interface (
ppp0) needs to be replaced according to your environment.
$ sudo vi /usr/local/bin/ishare
#!/bin/bash ## Internet connection shating script sysctl -w net.ipv4.ip_forward=1 sysctl -p iptables -X iptables -F iptables -t nat -X iptables -t nat -F iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -t nat -I POSTROUTING -o ppp0 -j MASQUERADE
Save the above script to
/usr/local/bin/ishare, and then change the executable bit by the following command.
$ sudo chmox +x /usr/local/bin/ishare
If you want the script executed every startup, you can register the script to
/etc/rc.local, and add the following line before statement
This website is made possible by minimal ads and your gracious donation via PayPal or credit card
Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.