Internet sharing worked, but something like a DNS problem

hack3rcon · July 16, 2023, 6:25am

Hello,
I want to share internet from my Linux box to other clients. My Linux box has two NICs as below:

enp0s3 (Internet)
enp0s8 (Local NIC)

I used the following iptables rules for sharing the internet:

# iptables -A FORWARD -i enp0s3 -o enp0s8 -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A FORWARD -i enp0s8 -o enp0s3 -j ACCEPT
# iptables -A FORWARD -j LOG
# iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE

Clients have internet, but they can’t ping targets by their names. Something like the DNS problem.

C:\Windows\system32>ping 4.2.2.1

Pinging 4.2.2.1 with 32 bytes of data:
Reply from 4.2.2.1: bytes=32 time=109ms TTL=125
Reply from 4.2.2.1: bytes=32 time=112ms TTL=125
Reply from 4.2.2.1: bytes=32 time=121ms TTL=125
Reply from 4.2.2.1: bytes=32 time=106ms TTL=125

Ping statistics for 4.2.2.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 106ms, Maximum = 121ms, Average = 112ms

C:\Windows\system32>ping google.com
Ping request could not find host google.com. Please check the name and try again.

C:\Windows\system32>

How to solve it?

Thank you.

ersen · July 16, 2023, 6:47am

What do your clients use for DNS? If it is your Linux box, does it have a DNS service running? What happens if you manually set your client’s DNS to a public DNS server?

hack3rcon · July 16, 2023, 6:54am

Hello,
Thank you so much for your reply.
I added the DNS manually as below, but it made no difference:

Capture-

DNS service? Not really. Need I it?

barryascott · July 16, 2023, 7:15am

Yes you must have a DNS server installed and configured.

I use bind daemon but it takes a lot of config, however i want its features,
no use of ISP DNS, register names from local devices.

You might want to stsrt with dnsmasq that is easier to setup.

Did you setup DHCP server for you lan?

hack3rcon · July 16, 2023, 7:20am

Hello,
Thank you so much for your reply.
without a DNS service, is it not possible? How about iptables?

barryascott · July 16, 2023, 7:24am

If your router does not provide DNS then you cannot configure the clients to use the router as their DNS server.

What DNS server does your router use?

You will have to set each client to use a public DNS server.
If you are using DHCP then you can configure the client DNS via DHCP.
Otherwise you will have to set up each client manually.

hack3rcon · July 16, 2023, 7:43am

Hello,
Thanks again.
I have not any router. This is a simple internal network. In the Dnsmasq configuration file, what is the interface=? It must be my local NIC or NAT?

vgaetera · July 16, 2023, 8:36am

You make it seem more complicated than it really is.
Connection sharing works basically OOTB, just make the downstream connection shared:

# IPv4
sudo nmcli connection modify CONNECTION ipv4.method shared
sudo nmcli connection up CONNECTION

# IPv6
sudo nmcli connection modify CONNECTION ipv6.method shared \
    ipv6.addresses fd00::1/64
sudo nmcli connection up CONNECTION
sudo firewall-cmd --permanent \
    --add-rich-rule="rule family=ipv6 masquerade"
sudo firewall-cmd --reload

I’ve tested both IPv4 and IPv6 sharing on a default Fedora 38 setup, and it works just fine.
DNS is served by dnsmasq that is automatically started and configured by NetworkManager.

computersavvy · July 17, 2023, 12:52am

If the internal network has internet connectivity then there is certainly a router somewhere. It may be ones own host, but routing does occur.

If no internet connection then it is relatively simple to create a /etc/hosts file that contains name + ip address pairs for the internal network and copy that to each internal host for use on the LAN.

hack3rcon · July 17, 2023, 7:40am

Hello,
Thank you so much for all replies.
I installed the Dnsmasq and configured it and added the Linux IP to the client DNS server address and problem solved.