HOWTO: ubuntu/debian + mobile broadband + local wired subnet = internet access

This post describes one way to quickly set up a two-computer network such that both machines on the network can access the outside internet. The use case in mind here is you’re at a cafe with a friend, the wifi there sucks, you have your mobile broadband connection and you want to share it with your friend.

Note that there are many ways to get to the desired end result here. This solution has your local laptop doing NAT and forwarding packets at the IP layer.

Supplies:

  • your debian/ubuntu laptop
  • a “mobile broadband” connection with some provider, like Verizon or T-Mobile
  • an ethernet cord

Step 0: Get your mobile broadband connection working, possibly with T-Mobile.

Step 1: Set up your machine to run a dhcp server for your local wired network

  • sudo apt-get install isc-dhcp-server
  • Edit /etc/dhcp/dhcpd.conf. Here are the relevant parts of mine. (Yes, the ‘authoritative’ directive is commented out, I’m not sure how essential this is or not – but I’m trying avoid the dhcp server from taking over my local machine’s default route.) 
    default-lease-time 600;
max-lease-time 7200;
#authoritative;
log-facility syslog;
subnet 172.16.16.0 netmask 255.255.255.0 {
  range 172.16.16.10 172.16.16.250;
  option domain-name-servers 208.67.222.222; # opendns
  option routers 172.16.16.1;
}
  • Edit /etc/defaults/isc-dhcp-server: 
    mike@110psi:$ cat /etc/default/isc-dhcp-server | tail -n 1
INTERFACES="eth4"
  • sudo ifconfig eth4 172.16.16.1 netmask 255.255.255.0
  • sudo /etc/init.d/isc-dhcpd-server restart

At this point you should physically connect your friend’s laptop to yours using an ethernet cable. To watch the connection happen: tail -f /var/log/syslog. You should be able to go between the two computers and ping each other. If you can’t, then you want to debug this until you can… the rest of this recipe won’t have any effect if your local wired net is broken.

Step 2: Fix up your routing table

Between pppd, your local dhcp server, and you issuing manual ifconfig commands, it’s easy for your local routing table to get in a bad state. Here’s what you want it to look like:

mike@110psi:~$ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.0.0.1        0.0.0.0         255.255.255.255 UH        0 0          0 ppp0
172.16.16.0     0.0.0.0         255.255.255.0   U         0 0          0 eth4
0.0.0.0         0.0.0.0         0.0.0.0         U         0 0          0 ppp0

If you need to remove/add/edit routes, the tool you want to use is ‘route’. For example:

sudo route del default
sudo route add default gw 10.0.0.1

Step 3: Set up your computer to do some NAT

I scripted this out. Here’s the script:

#!/bin/sh
# nat and firewall
# for now, just nat.

ipt=/sbin/iptables
EXTIF=ppp0
INTIF=eth4

case "$1" in
	start)
		echo "Starting firewall:"

		echo -ne "\tClearing existing rules..."
		$ipt -F INPUT
		$ipt -F OUTPUT
		$ipt -F FORWARD
		$ipt -t nat -F
		echo " done."

		echo -ne "\tInput / Output rules..."
		$ipt -P INPUT ACCEPT
		$ipt -P OUTPUT ACCEPT
		echo " done."

		echo -ne "\tForwarding rules, and /proc/sys/net/ipv4/ip_forward..."
		echo "1" > /proc/sys/net/ipv4/ip_forward
		#$ipt -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
		$ipt -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
		$ipt -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
		echo " done."

		echo -ne "\tEnabling MASQUERADE on $EXTIF..."
		$ipt -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
		echo " done."

		echo "Firewall.sh is up."
	;;
	stop)
		echo -n "Stopping firewall...";
		$ipt -F INPUT
		$ipt -F OUTPUT
		$ipt -F FORWARD
		$ipt -P INPUT ACCEPT
		$ipt -P FORWARD ACCEPT
		$ipt -P OUTPUT ACCEPT
		$ipt -t nat -F
		echo "0" > /proc/sys/net/ipv4/ip_forward
		echo " done.";
		echo "Firewall.sh is down."
	;;
	*)
		N=/etc/init.d/firewall.sh
        	echo "Usage: $N {start|stop}" >&2
		exit 1
	;;
esac

Start your NAT up with “sudo ./nat-script-name.sh start”.

Step 4: debug it because it doesn’t work.

Break the problem into pieces:

  • debug the connection between the two computers (/var/log/syslog, ifconfig, isc-dhcp-server and ping are your friends here)
  • debug your local routing table (using netstat and route commands)
  • debug your connection to your mobile broadband provider (pppd, wvdial, minicom, ping, etc)

If you find some variant of this recipe works better for your local machine, please post it in the comments so we can all share. Good luck.

November 15, 2010 | Mike Fogel | Tags: , , , , | 2 Comments »

Pushing on the Edges

I got to say, the Internet, as a singular invention, just keeps climbing up that list of the ‘most important’ inventions of all time.  I expect in about 15 years time it’ll pass up electricity, the internal combustion engine and the printing press to take the number one spot.  Right about when some 90% of the earth’s population has high-speed wireless access (via your ‘phone’ more so than your laptop, though it’ll be a semi-hybrid of the two anyway) to the internet.

What will change when we hit that point?  Well, consider that:

  • The invention of writing effectively allowed humankind to ‘remember’ knowledge reliably for timescales longer than a generation.  That changed a lot.
  • The invention of the printing press effectively allowed groups of people to ‘discuss’ (mainly a one-to-many transmission) knowledge on the timescale of days to years, depending.  That arguably changed more.
  • The internet stands poised to allow 6+ billion minds to all digest and contribute to our collective body of thought – on the timescale of seconds.

Methinks that while I don’t know what change that last one will bring, I’m confident it’ll be solidly redonkulous.

This all makes a key assumption: that we’ll get to 90% global penetration of the Internet, in a form that’s still a relatively free, simple, and open communication, many-to-many style.  So are we really moving that way?  Well, this photo was taken last week in Siwa, an oasis some 300km out a not-entirely paved two lane dead-end road into the Egyptian Sahara desert by Libya.

internet access in siwa, middle of f-ing nowhere

It’s a little hard to see in between all the crumbling rubble – but the sign on that building in the lower left says (in arabic and english but not siwi) “Cafe” and “Net”.  Yup, free wifi with your foul.  We are definetely pushing those edges, we are pushing the Internet out to the edges of our civilization harder and faster than clean water or basic shelter.  And while that might not make a ton of sense – it sure is damn exciting.

December 20, 2008 | Mike Fogel | Tags: , , , | No Comments »

Drowning in Wifi

At some point, this just starts getting ridiculous.  Wifi access, anyone?

wifi networks

Yup, you’ll notice that 1200 vertical pixels isn’t enough to even display them all.  A little iwlist wlan0 scan reveals 32 networks in range.  Talk about redundant access.  80% of these likely funnel through the same 3 or 4 bottlenecks a few hops up anyway.  But, I have to say… 32 networks?  Sweeeeeet!

Taken at the intersection of Cowper and University, Palo Alto, at Gyros and Gyros, sitting and enjoying a lamb & beef gyros – inside.

Best name for a Wifi network ever: MyLawsuit.  lol! Only topped by… MyDivorce.

October 12, 2008 | Mike Fogel | Tags: , , | No Comments »

Wireless on the Stena Line

I’m on the Stena Line ferry right now heading from Hoek Van Holland to Harwich, England. They have wireless!

Kinda.

As is common in captive-audience no-competition environments, (read: airports) wireless goes for outrageous prices. But even given that peer set, this is ridiculous. The only logical justification I’ve been able to come up with for charging this much for access is to purposely limit the number of users so that the satellite link doesn’t get clogged. But I doubt that’s the case. I’m willing to bet 100 bucks (and my pride) that they’re off the ‘maximum profit peak’ (I dunno econ) by at least a factor of two.

As an end-user, you have two choices:

  • One device, one hour: 6 euro (~8.50 USD)
  • One device, three hours: 9 euro (~13 USD)

I have two devices (a phone/camera and a laptop) I need to both be connected to the internet to publish content effectively. I want to be connected the whole trip. It’s a 6.5 hour ride. I arrived an hour early. So for internet access, I need:

Two devices, three three hour segments each, for a total cost of… 2×3x9 = 54 euro (~77 USD). Are you on crack?! I paid 33 euro for this trip! I have a sneaking suspicion that the person/people making the decisions here know about as much about the internet and computing as John McCain

So, hello VIP lounge!

Only 16 euro, and for the whole trip I get as much bandwidth as a I can drain, free drinks, plush seats, and no screaming kids and drunk guys. Except maybe me. Rock n’ roll. This could get addicting…

September 19, 2008 | Mike Fogel | Tags: , , , , , | 1 Comment »