Quite often, we wish to connect two computers back to back using an Ethernet LAN cable. It may be because we wish to transfer files between the two computers or because one of these has the Internet access and we wish to have one more access point to the Net. The step by step instructions on how to do this are given below. Let's assume that one of these computers, with access to the Internet, is running Linux. The second computer could be a Linux or Windows based one.
The first machine, running Linux, is named Host A. In the figure above, it is part of the network, 192.168.1.0. We will connect Host A with the second computer, named Host B, in a separate network 192.168.2.0. Host A would be used as a router to route packets from network 192.168.2.0 to network 192.168.1.0 and then to the Internet via the WiFi router at 192.168.1.1.
This tutorial assumes that you have a working WiFi connectivity to the Internet in the first computer.
1. Connect the two hosts with an Ethernet LAN cable
Earlier, it was necessary to use a crossover cable for connecting two computers. The common Ethernet cable used for connecting a computer with a router is a straight cable, with the wires connected to the same pins of the connectors at the two ends. Since the transmitter wires need to be connected to the receiver and vice-versa, the crossing of wires is done internally inside the router. In case of a computer to computer connection, a crossover cable is used, where the crossing is to be done in the cable itself. In a crossover cable, the transmitter pins of one connector are connected to the receiver pins of the connector at the other end and vice-versa.
As mentioned before, to connect two computers as in the setup shown in the above figure, a crossover Ethernet cable would have been necessary. However, modern Ethernet interfaces, especially the relatively newer devices, use Auto-MDIX technology to sense whether crossover is required and do the crossover internally, if necessary. So, if the ports support Auto-MDIX, which is often the case these days, a straight cable would work as well. And, of course, a crossover cable would always work. Also, if one computer supports Auto-MDIX and the other does not, a crossover cable gives a better connection than a straight cable. So, to summarize, if both computers support Auto-MDIX, either a default straight cable cable or a crossover cable can be used. Otherwise, that is, if either or both computers do not support Auto-MDIX, a crossover cable should be used.
2. First computer configuration
The major software configuration is to to be done at Host A, which we are going to configure as a router for sending IP packets from the new network, 192.168.2.0 to the network 192.168.1.0. The configuration steps are,
2.1 Enable IP forwarding
By default, packet forwarding is disabled in Linux systems. To enable it, open the file /etc/sysctl.conf in your favorite editor and add the line, net.ipv4.ip_forward = 1. For example,
$ sudo vi /etc/sysctl.conf # Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1
2.2 Install dnsmasq
Install dnsmasq to serve IP addresses to the 192.168.2.0 network.
$ sudo apt-get install dnsmasq
Next, we need to configure dnsmasq. For that, we need to find the network devices in the system. We can find the network devices with the ip link command. For example,
$ ip link 1: lo:
mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp1s0: mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000 link/ether 34:17:eb:8e:16:f5 brd ff:ff:ff:ff:ff:ff 3: wlp2s0: mtu 1500 qdisc mq state UP mode DORMANT group default qlen 1000 link/ether 4c:bb:58:42:5b:41 brd ff:ff:ff:ff:ff:ff
In this example, the first device lo is the loopback device. The second device, enp1s0, corresponds to the ethernet NIC. The third device, wlp2s0 is for the Wi-Fi.
In the rest of this tutorial we will use enp1s0 for the Ethernet network device and wlp2s0 for the WiFi for the first computer. These may be different in your computer and you would need to replace these with the values obtained by running the ip link command in the steps given below.
Next we need to configure dnsmasq. Configuring dnsmasq by editing the /etc/dnsmasq.conf file,
$ sudo vi /etc/dnsmasq.conf # Add the lines, interface=enp1s0 dhcp-range=192.168.2.100,192.168.2.200,24h
2.3 Configure the enp1s0 interface
The next step is to configure the enp1s0 interface. This is done by editing the /etc/network/interfaces file.
$ sudo vi /etc/network/interfaces auto lo iface lo inet loopback # Add the lines, auto enp1s0 iface enp1s0 inet static address 192.168.2.1 network 192.168.2.0 netmask 255.255.255.0 broadcast 192.168.2.255
Next, create the file, /etc/network/if-pre-up.d/router_firewall, using a text editor with superuser privileges (e.g., sudo vi /etc/network/if-pre-up.d/router_firewall), and with contents as given below. As mentioned above, this file uses enp1s0 for Ethernet NIC device file and wlp2s0 for the WiFi device file, which you might need to change if the values on your computer are different.
#!/bin/bash # # script for source Network Address Translation using iptables # iptables -F iptables -t nat -F iptables -X iptables -N val_input iptables -N val_output # allow packets with NEW, ESTABLISHED and RELATED states iptables -A val_input -m state --state NEW,ESTABLISHED,RELATED -i lo -j RETURN iptables -A val_output -m state --state NEW,ESTABLISHED,RELATED -o lo -j RETURN iptables -A val_input -m state --state NEW,ESTABLISHED,RELATED -i enp1s0 -j RETURN iptables -A val_output -m state --state NEW,ESTABLISHED,RELATED -o enp1s0 -j RETURN iptables -A val_input -m state --state NEW,ESTABLISHED,RELATED -i wlp2s0 -j RETURN iptables -A val_output -m state --state NEW,ESTABLISHED,RELATED -o wlp2s0 -j RETURN iptables -A val_input -j DROP iptables -A val_output -j DROP iptables -A INPUT -p tcp -j val_input iptables -A OUTPUT -p tcp -j val_output iptables -t nat -A POSTROUTING -o wlp2s0 -j MASQUERADE
iptables commands are described in the iptables tutorial. Next, make the file, /etc/network/if-pre-up.d/router_firewall, executable.
sudo chmod +x /etc/network/if-pre-up.d/router_firewall
2.4 Configure the nameservers
Suppose your ISP has given the the nameserver IP addresses as 203.0.113.1 and 203.0.113.2. Configure these as nameserver addresses. In Ubuntu 12.04, it is done by editing the /etc/resolvconf/resolv.conf.d/head file.
$ sudo vi /etc/resolvconf/resolv.conf.d/head # Add the lines, substituting the IP addresses below with the # IP addresses of the actual nameservers, nameserver 203.0.113.1 nameserver 203.0.113.2
Reboot Host A so that the settings take effect.
3. Second computer configuration
In the Host B, the interface eth0 should be configured to take IP address via the Dynamic Host Configuration Protocol, DHCP. For example, the /etc/network/interfaces file on the second computer might contain,
# interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback auto enp3s0 iface enp3s0 inet dhcp
where, enp3s0 is the network device file for the Ethernet NIC on the second computer. You may also like to review the contents of the DHCP client configuration file, /etc/dhcp/dhclient.conf and make sure that there is no directive that conflicts with our configuration.