Wednesday 4 April 2012

Old netbook as a tethered Internet gateway


I had an ancient Asus EEE700 useless even as a netbook for the road. I wondered if I could turn it into an emergency gateway to my Android smartphone for when my ADSL connection goes down. It has Crunchbang Linux installed which is basically Debian. Here's what I did, for the learning experience:


First you need to disable NetworkManager. Easiest way to do this is to first install the sysv-rc-conf package, and then use its ncurses interface to shut NetworkManager down. Next you need to configure usb0 (the tethered interface) and eth0, the gateway interface by editing /etc/network/interfaces. You might want to preserve an old version of this file to restore to the default setup. Here are the stanzas used:


allow-hotplug usb0
iface usb0 inet dhcp


auto eth0
iface eth0 inet static
        address GW
        netmask 255.255.255.0

GW should be replaced by whatever gateway address is suitable for your LAN. If your ADSL router is 10.0.1.254, perhaps 10.0.1.253 is suitable.

Here are the rules to make it a NATting gateway, taken from Masquerading Made Simple. I have replaced ppp0 with usb0 everywhere:


iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o usb0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward


And to secure it:


iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW ! -i usb0 -j ACCEPT
iptables -P INPUT DROP   #only if the first two are succesful
iptables -A FORWARD -i usb0 -o usb0 -j REJECT


You could save the setup using iptables-save, like this:


iptables-save > /etc/gateway.iptables


Then make a shell script to start the gateway for convenience:


#!/bin/sh
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables-restore < /etc/gateway.iptables


Now tether the netbook to the Android smartphone. When you do ip addr, you should see that it has obtained a private address from your smartphone, and your eth0 address should be static.


Next, on your workstation change the default gateway. From a Linux command line it's


route add default gw 10.0.1.253


When you access the Internet, you should see the traffic icons on your smartphone flash. In addition if you go to a website that tells you your IP address, like whatismyipaddress.com, you should see the external address of your smartphone.


When your ADSL service comes back, delete the route with:


route del default gw


Oh yes, this setup does double NAT, since your smartphone does one NAT.





At
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)