I’m staying at Delight Resort on Koh Pha Ngan with my brother. Ferg paid 700 baht (~$20 USD) for a week of internet. I spent some time time working out how best to share the connection. Here’s my solution.
I connect to the internet on my laptop. Then I add a second IP on my wireless card and enable IP forwarding from that IP to the internet. Other machines on the network then connect to the internet via my laptop. This relies on a couple of things. Firstly, you need to be able to run 2 IPs on the same card. Secondly, the wireless network needs to allow machines to talk to each other.
Here’s the commands to set it up.
- Add a second IP on the wlan0 connection with the command:
$ sudo ifconfig wlan0:1 192.168.7.1
- Enable ip forwarding:
$ echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
- Add the iptables rule to masquerade (network address translate) traffic:
$ sudo iptables -t nat -A POSTROUTING -o wlan0 -s 192.168.7.0/24 -j MASQUERADE
Now connect the other machines to the network, then change their IPs to 220.127.116.11-255, their default gateway to 192.168.7.1. Leave the DNS server as the one supplied by the wifi access point, or if you have dnsmasq (or another dns server installed) set it to 192.168.7.1.
The first command `ipconfig wlan0:1 192.168.7.1` adds a new virtual ethernet device called wlan0:1 and sets the IP of that device to 192.168.7.1. This means you now have two IPs on the same NIC.
The second command enables ip forwarding in the kernel.
The third command adds the iptables magic. The command `iptables`. Modify the routing table called nat `-t nat`. Append a rule to the POSTROUTING chain `-A POSTROUTING`. On the wlan0 interface `-o wlan0`. Iptables doesn’t recognise virtual devices, so it’s not possible to specify `-o wlan0:1` here. Instead, we specify the source IP range `-s 192.168.7.0/24`. Then tell the rule to masquerade the IPs `-j MASQERADE`.
Somebody might find this useful. It took me a while to figure out. I was firstly using my wireless router as a second wireless card on my machine and sharing the connection that way. This seems much simpler.
For my non-technical readers, here’s a picture of me geeking out by the pool.