Internet Connection Sharing: Difference between revisions

From NixOS Wiki
imported>Jooooscha
m replace nix-env with nix shell
imported>Onny
Init instruction share connection via ethernet
Line 1: Line 1:
Short example configurations for internet connection sharing.
The following example will describe how to share an active internet connection over a WiFi hotspot or alternatively via ethernet.  


== Usage ==
== Share via WiFi ==
 
=== Usage ===


Share an existing internet connection of a wired interface <code>eth0</code> using a wifi hotspot on <code>wlan0</code> with the access point name <code>MyAccessPoint</code>.
Share an existing internet connection of a wired interface <code>eth0</code> using a wifi hotspot on <code>wlan0</code> with the access point name <code>MyAccessPoint</code>.
Line 10: Line 12:
</syntaxhighlight>
</syntaxhighlight>


== Configuration ==
=== Configuration ===


Persistent share an existing internet connection of a wired interface <code>eth0</code> using a wifi hotspot on <code>wlan0</code> with the access point name <code>My Wifi Hotspot</code>. The network is protected with a simple WPA2 pre-shared key <code>12345678</code>.
Persistent share an existing internet connection of a wired interface <code>eth0</code> using a wifi hotspot on <code>wlan0</code> with the access point name <code>My Wifi Hotspot</code>. The network is protected with a simple WPA2 pre-shared key <code>12345678</code>.
Line 24: Line 26:
   };
   };
};
};
</syntaxhighlight>
=== Share via ethernet ===
Share an existing internet connection of a wireless interface <code>wlan0</code> to clients connected on a ethernet device <code>eth0</code>.
<syntaxhighlight lang="bash">
ip link set up eth0
ip addr add 10.0.0.1 dev eth0
# Enable packet forwarding
sysctl net.ipv4.ip_forward=1
# Enable NAT for leaving packets
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
# Forward packets coming from eth0
iptables -I DOCKER-USER -i eth0 -j ACCEPT
# Forward packets that are part of an existing connection (forwards responses)
iptables -I DOCKER-USER -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# Start dnsmasq for DHCP
dnsmasq -d -i eth0 -F $client,$client,1m -O option:dns-server,1.1.1.1,1.0.0.1 &
# Cleanup
ip addr del $host dev $link
ip link set down $link
iptables -t nat -D POSTROUTING -o $wanlink -j MASQUERADE
iptables -D DOCKER-USER -i $link -j ACCEPT
iptables -D DOCKER-USER -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
</syntaxhighlight>
</syntaxhighlight>


[[Category:Networking]]
[[Category:Networking]]

Revision as of 11:12, 17 April 2023

The following example will describe how to share an active internet connection over a WiFi hotspot or alternatively via ethernet.

Share via WiFi

Usage

Share an existing internet connection of a wired interface eth0 using a wifi hotspot on wlan0 with the access point name MyAccessPoint.

nix shell nixpkgs#linux-wifi-hotspot
sudo create_ap wlan0 eth0 MyAccessPoint

Configuration

Persistent share an existing internet connection of a wired interface eth0 using a wifi hotspot on wlan0 with the access point name My Wifi Hotspot. The network is protected with a simple WPA2 pre-shared key 12345678.

services.create_ap = {
  enable = true;
  settings = {
    INTERNET_IFACE = "eth0";
    WIFI_IFACE = "wlan0";
    SSID = "My Wifi Hotspot";
    PASSPHRASE = "12345678";
  };
};

Share via ethernet

Share an existing internet connection of a wireless interface wlan0 to clients connected on a ethernet device eth0.

ip link set up eth0
ip addr add 10.0.0.1 dev eth0

# Enable packet forwarding
sysctl net.ipv4.ip_forward=1

# Enable NAT for leaving packets
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
# Forward packets coming from eth0
iptables -I DOCKER-USER -i eth0 -j ACCEPT
# Forward packets that are part of an existing connection (forwards responses)
iptables -I DOCKER-USER -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

# Start dnsmasq for DHCP
dnsmasq -d -i eth0 -F $client,$client,1m -O option:dns-server,1.1.1.1,1.0.0.1 &

# Cleanup
ip addr del $host dev $link
ip link set down $link
iptables -t nat -D POSTROUTING -o $wanlink -j MASQUERADE
iptables -D DOCKER-USER -i $link -j ACCEPT
iptables -D DOCKER-USER -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT