Sharing a 3G Modem connection with Ubuntu Jaunty

Where I live there is no broadband available and I rely on a Vodacom 3G modem to connect to the internet. I wanted to share the connection with other computers and guests visiting our house. Here is what I did:

Setup the gateway machine

I installed a small wireless router that also includes a 4 port hub. I ensured that any computer connecting to it will get its address via dhcp, and that my ‘gateway computer’ always gets the same IP address. The gateway computer is the one where the 3G modem is plugged in to and that is also connected to the household network. My gateway computer has a wireless card for its connection to the household network, so I obtained the mac address for the wireless adapter like this:

sudo ifconfig

And got the ‘HWaddr’ from the listing that followed:

wlan0     Link encap:Ethernet  HWaddr 00:14:c1:32:ed:ec
          inet addr:192.168.1.105  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::214:c1ff:fe32:edec/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:551 errors:0 dropped:0 overruns:0 frame:0
          TX packets:858 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:147611 (147.6 KB)  TX bytes:117464 (117.4 KB)

I then used the DHCP Server option in my wireless router to specify that the mac address 00:14:c1:32:ed:ec always gets assigned the IP Address 192.168.1.253. This address is outside of the normal address range given to DHCP clients. We use a fixed address so that we can specify this as the gateway machine for other clients on the network. After making these changes on the router, I stopped and started networking using the gnome network manager applet and rechecked my ifconfig:

wlan0     Link encap:Ethernet  HWaddr 00:14:c1:32:ed:ec
          inet addr:192.168.1.253  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::214:c1ff:fe32:edec/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:579 errors:0 dropped:0 overruns:0 frame:0
          TX packets:914 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:153373 (153.3 KB)  TX bytes:127111 (127.1 KB)

Setup routing on your gateway machine

The next thing to do is right click on the network manager applet and choose edit connections. Now choose the wireless tab (or wired if you gateway machine connects to your household router using a cable connection). Next click on the network to select it and then click edit. In the dialog that appears, go to the ‘IPv4 Settings’ tab, and click on the ‘Routes’ button. In the dialog that appears there, tick the option marked ‘Use this connection only for resources on its network’. Now press OK, Apply, Close in succession to close the network manager dialogs. Finally right click the network manager icon and disable networking, then right click again and re-enable it. What have we just done? We have told Linux not to try to use the internal wireless/wired network for internet traffic on the gateway machine. We can verify this by looking at the routing table. First make sure your 3G connection is up too using the network manager. Now do:

route -n

Your output should look something like this (note that you actual network addresses may vary):

[~] route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.64.64.64     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.1.0     0.0.0.0         255.255.255.0   U     2      0        0 wlan0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 wlan0
0.0.0.0         10.64.64.64     0.0.0.0         UG    0      0        0 ppp0

The significant thing here is that the 0.0.0.0 destination is set to use your ppp0 interface (the 3G modem) and traffic on the 192.168.1.0 network is set to use the internal network (in my case wlan0 – this may be eth0 if you are using a wired connection).

Connection sharing

Next we are going to install firestarter, which is a user friendly firewall gui.

sudo apt-get install firestarter

The firestarter installation should go quickly, after which you can launch the program using System -> Administration -> Firestarter. In the wizard that appears, make the following choices:

Internet connected device: Dialup device (ppp0)
Tick the item marked : Start the firewall on dial-out
Tick the item marked: IP address is assigned via DHCP

Press next

Tick the item marked: Enable internet connection sharing
Choose an appropriate local area internet device: I chose ‘Wireless device (wlan0)’

Press next

Tick ‘Start firewall now’

Press finish.

Test that your internet is still working after doing this by opening a browser and surfing to a page (e.g. a random google search).

If all that is working, you are ready to go on and configure your clients!

Configuring clients

We are going to statically assign IPv4 settings for each client. If your wireless router supports setting, dns, default gateway etc for the dhcp server it is much simpler to do it there and let all your clients just use DHCP. However mine doesnt so I need to be carefull to assign each device a unique IP address. Here are the settings I use for clients:

Static Address
IP Address: 192.168.1.2xx (replace XX with a unique number for each client
Subnet Mask: 255.255.255.0
Primary DNS: 208.67.222.222
Secondary DNS: 208.67.208.208
Default Gateway: 192.168.1.253 (this is our gateway machines local network address)

All you need to do then is enable networking on your client and try to connect to the internet. If all went well you should be googling away before you can say ‘boo to a ghost’.