NAT (Internet connection sharing) switching between multiple public interfaces

networking virtualbox iptables internet connection-sharing
5,484

Simple

Here's a very simple iptables ruleset that masquerades everything. This one works for many simpler setups. It won't work if the box is working as a full-blown router — it has a potentially nasty habit of NATting all traffic that leaves your computer.

iptables -A POSTROUTING -o eth+ -t nat -j MASQUERADE
iptables -A POSTROUTING -o wlan+ -t nat -j MASQUERADE

Full

If the simple solution fails to work, or if your configuration is more complex, this ruleset might help:

NATIF='vboxnet+'
MARK=1
iptables -A PREROUTING -t mangle -i $NATIF -j MARK --set-mark $MARK
iptables -A POSTROUTING -o eth+ -t nat -m mark --mark $MARK -j MASQUERADE
iptables -A POSTROUTING -o wlan+ -t nat -m mark --mark $MARK -j MASQUERADE

It marks packets coming in through any vboxnet* interface, then, later, masquerades (SNAT) any packets going out of eth* or wlan* with the mark set.

Also…

In addition to the iptables rules, you'll need to turn your host computer into a router by enabling packet forwarding. Put:

net.ipv4.ip_forward=1

in /etc/sysctl.conf, then say

sudo sysctl -p /etc/sysctl.conf.

Alternatively:

echo 1 | sudo tee /proc/sys/net/ipv4_ip_forward

The guest must also have a default route that gateways packets through the host's external interfaces (and for this, chances are host-only mode just won't work). Check its routing table (this depends on the guest OS).

Also, install wireshark or tshark and use them to examine packets. There's no better way to solve generic networking issues like this one.

Personally, I'd suggest changing the guest to use bridged mode networking and making available to it both of the host's interfaces. Then it can connect on its own, using the DHCP service on your router to get a local address on its own. No NAT needed.

Share:
5,484

Related videos on Youtube

Richard Hansen
Author by

Richard Hansen

Updated on September 18, 2022

Comments

  • Richard Hansen
    Richard Hansen over 1 year

    My Ubuntu 12.04 (precise) laptop has three network interfaces:

    1. eth0: wired interface sometimes connected to the Internet
    2. wlan0: wireless interface sometimes connected to the Internet
    3. vboxnet0: wired interface (actually a VirtualBox virtual interface) connected to another computer (actually a VirtualBox virtual machine with networking in host-only mode)

    I'd like to use iptables to set up NAT/IP masquerading to share whichever Internet connection is up (preferring the wired if both are up) with the other computer.

    The following works when eth0 is plugged in:

    echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward &&
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE &&
sudo iptables -A FORWARD -i eth0 -o vboxnet0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT &&
sudo iptables -A FORWARD -i vboxnet0 -o eth0 -j ACCEPT

    If I switch from wired to wireless, this obviously stops working.

    I tried:

    echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward &&
sudo iptables -t nat -A POSTROUTING -o '!vboxnet0' -j MASQUERADE &&
sudo iptables -A FORWARD -i '!vboxnet0' -o vboxnet0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT &&
sudo iptables -A FORWARD -i vboxnet0 -o '!vboxnet0' -j ACCEPT

    but it did not work. I could try to do some Network Manager scripts to change the iptables rules whenever an interfaces goes up or down, but I figured it would be possible without jumping through such hoops.

    Any suggestions?

  • Simon Gates
    Simon Gates almost 12 years
    I'll update it with the simpler solution, but I'd rather keep both if you don't mind. The mark-less (sic) method works fine for many simple configurations, but fails insidiously in more complex cases. This is how I first started using it, after all. :)
  • Richard Hansen
    Richard Hansen almost 12 years
    shouldn't $MASK be $MARK?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Sharing connection - IPTABLES
Virtualbox suddenly doesn't connect to networks
12.04 on VirtualBox -No internet access on Guest OS
Terminal commands equivalent to NetworkManager's "Use as Hotspot" option
No "eth0" listed in ifconfig -a, only enp0s3 and lo
No internet connection on Virtualbox (Windows 7 as guest, ubuntu 13.04 as host)
Oracle Virtual Box -- How To Connect Host OS To Internet Through Guest OS
Connect geny motion emulator to the internet
Accesing internet with Host-Only network VirtualBox
How to route traffic from a VirtualBox VM only over a VPN?