I have almost reached my 1000th Ubuntu Day! Yay! And I have updated this post to commemorate my achievement of sharing my Internet Connection with my sisters Windows XP PCs.


Wait, wait, I need to update this. It has got to be written that I made it work after weeks and weeks of toil.

Okay deep breaths. 

First, a little background: I've been trying to Setup Samba and Internet Connection Sharing for my mixed Local Area Network: Windows XP, Windows XP, and Ubuntu. Go here to see details of my problem and a diagram of our Local Area Network.

Here goes.


It worked for me. It might not for you. So don't blame me if you broke your PC too.

The solution for me was threefold. I followed these 3 guides and I believe that they all played a part in solving my problem. Without each I would not have solved it.

Internet Connection Sharing:


Setting Up Samba to Enable File Sharing Between Windows and Ubuntu in a Local Area Network.


I will put these forum posts here to preserve their value so to speak - after I eat dinner!

UPDATE: Dinner is over!

First ICS HowTo Forum Post by SpaceTeddy:

I keep reading that people want to share their internet connection through an Ubuntu computer. So, i will put down a few basic steps that one has to do to turn any ubuntu installation into a basic gateway for other computers.
The Settings i am going to write down here are permanent ! so please remember this if you use a mobile device that it will always (!) act as a gateway for the configured network card.

In the following, i will refer to the network device that is connected to the internet as eth1. It is not compulsory that the internet device is called that - other possible names are: eth0, ath0, ppp0, ... and many more.
The computer/network with the clients is, in my case, connected to the network device eth0. This can also vary quite a lot, too.
Please make sure you know what device is which for you, and adjust all commands and configurations accordingly.

The basic scheme of what this setup looks like is:

PC-Client <---> PC-Gateway (ubuntu) <---> Internet

Your ubuntu Computer has internet connection and you know which network device provides this functionality.

NOTE: how you are connected to the internet does not matter (ethernet, cable, wifi, dsl), as long as you have a second network device besides the one you are connection this should work.

Configuring the network card
the network card that serves the clients (eth0) needs a static ip address. This can be done outside of network manager and would be recommended that way, since you might need nm to still connect the gateway to the internet itself.
Note that this will result in network-manager to completely ignore the network card that you configured for the client network, thus rendering eth0 unavailable in nm.

edit the network configuration file and set eth0 to a static ip. to open the config use this command

gksu /etc/network/interfaces
now, to configure eth0, you will need add a few lines to the file. Also, this configuration ONLY works on ethernet cards, NOT on wireless. If you need a wireless card to be manually configures, there are a few sticky threads in this forum that will explain how to do it. I'll try to update this later and make sure i have an example for wireless cards ready aswell

add the following lines to the file
auto eth0
iface eth0 inet static
This will set a static ip address for eth0 ( and take the network card out of nm. these changes only take effect after rebooting. To temporarily use these settings, issue this command:
sudo ifconfig eth0
Enable IP forwarding
Port forwarding is turned off in ubuntu by default. But it is needed so that the Computer will forward pakets it receives. To enable port forwarding, issue the following command
gsku gedit /etc/sysctl.conf
and look for the following line
once that one is found, remove the # so that it reads to be
These changes will take effect with the next reboot. if you want them to take effect right now, use these commands
sudo sysctl -w net.ipv4.ip_forward=1
it has been reported multiple times that the sysctl.conf got ignored. You can check that issueing this command after a reboot:
sudo sysctl net.ipv4.ip_forward
if the answer is still 0. you will need to add a line to /etc/rc.local. open it to edit with
sudo gedit /etc/rc.local
and add this line BEFORE the exit 0 in the file
sysctl -w net.ipv4.ip_forward=1
then reboot and check with the above command if it still returns 0. ONLY do this change if you have to, as this is an ugly hack to force setting...
Configuring iptables (paket filter)
In order to allow pakets to pass though the router, we need to add a couple of iptables rules to the filter so that everything may pass our machine. Also we need to rewrite the pakets so that they can find their way back to us.
open the file /etc/rc.local with
gksu gedit /etc/rc.local
and add the following lines
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables --table nat -A POSTROUTING -o eth1 -j MASQUERADE
Doing it this way is neither elegant nor very secure, but it is basic and it should work. If you are worried about security issues, i suggest you read up in iptables and how to confugure the rules more secure than simply letting anything pass through.
again, these changes only take effect after a reboot.
to make the changes take effect right now, use these commands
sudo iptables -P FORWARD ACCEPT
sudo iptables --table nat -A POSTROUTING -o eth1 -j MASQUERADE
Configuring the client
There are two ways to configure the client - one is a static, manual config. If you would like to do this, then give the client an ip-address in the network (i.e., the gateway and a dns server from your computer (they can be found in the file /etc/resolv.conf)

If you have multiple client, or do not want to configure something staticially, you might want to look at setting up a basic dhcp server which issues network configurations to clients.
to install the server, type the following
sudo apt-get install dhcp3-server
this should install the dhcp-server on your machine. The start will fail, but that is nothing to worry about.
before the dhcp server itself can be configured, we need one more little bit of information. We need to know what dns servers are used so we can push then to the clients that will be configured via this server. to find out the currently used dns server, use this command
cat /etc/resolv.conf
and note down the ip addresses that are written at the nameserver statement

The next step is to configure the dhcp-server so it knows what ip-addresses to dish out and what settings.
for that, edit the file /etc/dhcp3/dhcpd.conf with this command
gksu gedit /etc/dhcp3/dhcpd.conf
save the content in a different file (for later reference or if you want to do more with it later on), and then replace it with the following basic setup:
ddns-update-style none;
option domain-name "mynetwork";
option domain-name-servers Nameserver1, Nameserver2;
option routers;

default-lease-time 42300;
max-lease-time 84600;

log-facility local7;

subnet netmask {
The Bold entries in the config file have to replaced by the nameserver ip addresses that you previously got. if you only have one, remove the second one.

the last thing to do before the server can be started is to tell it what interface to listen on. This can be configures in the file /etc/default/dhcp3-server.
open it with
gksu gedit /etc/default/dhcp3-server
and edit the line with the INTERFACES="" to read
the dhcp-server will be automaticially started upon reboot. to manually start it now use this command
sudo /etc/init.d/dhcp3-server start
That is all you need for a basic setup of things.
Please be reminded that you need to always check the network devices in your computer aginst the ones in the config. If you configure blindly from this and your devices are swapped or named different, you can break you computers network entirely.

Second ICS HowTo Forum Post by anaoum:



The following will explain how to share your Internet connection:

Note: Type all the following commands in a root terminal, DO NOT use sudo.

1. Start by configuring the network card that interfaces to the other computers on you network:

# ifconfig ethX ip

where ethX is the network card and ip is your desired server ip address (Usually is used)

2. Then configure the NAT as follows:

# iptables -t nat -A POSTROUTING -o ethX -j MASQUERADE

where ethX is the network card that the Internet is coming from

# echo 1 > /proc/sys/net/ipv4/ip_forward

3. Install dnsmasq and ipmasq using apt-get:

# apt-get install dnsmasq ipmasq

4. Restart dnsmasq:

# /etc/init.d/dnsmasq restart

5. Reconfigure ipmasq to start after networking has been started:

# dpkg-reconfigure ipmasq

6. Repeat steps 1 and 2.

7. Add the line "net.ipv4.ip_forward = 1" to /etc/sysctl.conf

# gedit /etc/sysctl.conf

8. Reboot. (Optional)

I hope this helps.

Good luck!

Third Samba Setup Forum Post by Stormbringer

HOWTO: Setup Samba peer-to-peer with Windows

As many fellow Ubuntu users seem to have trouble setting up samba peer-to-peer with Windows I decided to write a small howto on this matter.

NOTE: I am aware that there's a wiki-page as well as several other howto's around - but by looking at the constant "how do I setup samba" posts that are floating around in the forum I simply see the need for a more thourough guide on this matter.

Feel free to contribute and suggest - it'll only help to make this howto a better guide.

The goal of this howto is to have samba act like a Windows Workstation in the LAN. As a "value added bonus" we will use samba to do netbios name resolution so that you can use the names of the workstations for network drive mapping instead of their ip-addresses (i.e.: \MY_WINDOWS_BOX\SHARE) - but only for as long as your Linux box has an static ip-address and is up and running.

This guide is based on Ubuntu 6.06 LTS and intended for all architectures (i386, AMD64, ...) - if you are still using Breezy it's safe to follow this guide as there should be no differencies.

A second guide on how to setup samba as Primary Domain Controller along with several other services such as DHCP, DNS and NTP will follow later on as this topic will be a little more thourough.

1. Prerequisites

- Your Linux box should have an static ip-address.
In case you're getting your ip from a router/server via DHCP make sure it's configured to provide a fixed dhcp-lease. If that's no valid option you cannot use WINS ... more on this way down.

- You need to have samba installed.
If you haven't done so already open a terminal and type:

sudo apt-get install samba
Don't close the terminal upon installation - we still need the commandline to get several tasks done!

2. Getting samba configured

First, let us make sure samba isn't running:

sudo /etc/init.d/samba stop
As a starting point I included an smb.conf below, and there are only a few simple things you may need to tweak.

Since the installation of samba just installed a rather useless template file we're going to rename it - we keep the file just in case.

sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.template
Next we create a new empty file

sudo touch /etc/samba/smb.conf
And finally we need to open the file inside an editor

sudo gedit /etc/samba/smb.conf
NOTE: If you're on KDE replace "gedit" with "kate"

Copy / Paste the contents of the code-section below into your editor and read on ...

    ; General server settings
    netbios name = YOUR_HOSTNAME
    server string =
    workgroup = YOUR_WORKGROUP
    announce version = 5.0

    passdb backend = tdbsam
    security = user
    null passwords = true
    username map = /etc/samba/smbusers
    name resolve order = hosts wins bcast

    wins support = yes

    printing = CUPS
    printcap name = CUPS

    syslog = 1
    syslog only = yes

; NOTE: If you need access to the user home directories uncomment the
; lines below and adjust the settings to your hearts content.
    ;valid users = %S
    ;create mode = 0600
    ;directory mode = 0755
    ;browseable = no
    ;read only = no
    ;veto files = /*.{*}/.*/mail/bin/

; NOTE: Only needed if you run samba as a primary domain controller.
; Not needed as this config doesn't cover that matter.
    ;path = /var/lib/samba/netlogon
    ;admin users = Administrator
    ;valid users = %U
    ;read only = no

; NOTE: Again - only needed if you're running a primary domain controller.
    ;path = /var/lib/samba/profiles
    ;valid users = %U
    ;create mode = 0600
    ;directory mode = 0700
    ;writeable = yes
    ;browseable = no

; NOTE: Inside this place you may build a printer driver repository for
; Windows - I'll cover this topic in another HOWTO.
    path = /var/lib/samba/printers
    browseable = yes
    guest ok = yes
    read only = yes
    write list = root
    create mask = 0664
    directory mask = 0775

    path = /tmp
    printable = yes
    guest ok = yes
    browseable = no

; Uncomment if you need to share your CD-/DVD-ROM Drive
;[DVD-ROM Drive]
    ;path = /media/cdrom
    ;browseable = yes
    ;read only = yes
    ;guest ok = yes

    path = /media/samba/
    browseable = yes
    read only = no
    guest ok = no
    create mask = 0644
    directory mask = 0755
    force user = YOUR_USERNAME
    force group = YOUR_USERGROUP
Ok, I already mentioned that there are a few simple things you may need to tweak; so here they are:

-> netbios name = YOUR_HOSTNAME

Replace "YOUR_HOSTNAME" with your desired hostname (don't use spaces!). Best pratice would be to use the same name you configured upon installation.


netbios name = DAPPER

-> workgroup = YOUR_WORKGROUP

Replace "YOUR_WORKGROUP" with the name of your workgroup, but make sure you're using the same as configured in Windows.

To find out the Workgroup name in Windows follow these steps:

- Click "START"
- Click "Control Panel"
- Click "System"
- Click the 2nd Tab entitled "Computername" and find the name of the Workgroup there.


workgroup = MSHOME

-> wins support = yes

If your box doesn't have a static ip-address, or you cannot configure your router/server to provide you with a fixed dhcp-lease, change this configuration parameter to "no".

In this case you cannot use the benefits of WINS.

-> [MyFiles]

This is the name of the share. Leave it as it is or adjust it to whatever you prefer. Don't use more than 31 characters and try to avoid spaces!

-> path = /media/samba/

This suggests that you've mounted an hard drive or partition on /media/samba where all the shared files will be stored.

In case you don't have an extra hard drive/partition you may also create folder.

I assume you've been wise enough to put /home onto a separate partition having an reasonable amount of storage space.

To create the folder type (inside a new terminal) ...

sudo mkdir /home/samba
... and adjust "path =" to read ...

path = /home/samba/

Remember that this is just an example - you are free to put things wherever you like.

-> force user = YOUR_USERNAME
-> force group = YOUR_USERNAME

Well, this should say it all. Replace "YOUR_USERNAME" with the name you use for login (no spaces!).


force user = stormbringer
force group = stormbringer

Now we completed the part of editing smb.conf

Save the file and close gedit.

Since we are going to share the folder with other users we should now make sure that the permissions are set. Type:

sudo chmod 0777 /media/samba
NOTE: Don't forget to correct the path to the location you chose above!

That's it - now we need to start samba ...

1.1 Starting samba and setting up user accounts

Let us fire up samba for the first time. Type:

sudo /etc/init.d/samba start
There shouldn't be any errors - if you are presented with an error message make sure everything is correct (search for typos and/or invalid paths).

Time to add yourself as an samba user.

NOTE: You will be asked for a password - make sure you use the same as you use for login!

sudo smbpasswd -L -a your_username
sudo smbpasswd -L -e your_username
In case you need other users to be able to access the share you need to add them to your system AND samba as well. Make sure you use the very same Windows usernames and passwords!

NOTE: Windows XP doesn't set passwords for its useraccount per default. If you haven't set a password on your XP box just press enter when prompted to enter a password for the user account you're about to create!

In the following example we will add an user called "mark" ...


sudo useradd -s /bin/true mark
sudo smbpasswd -L -a mark
sudo smbpasswd -L -e mark
The "-s /bin/true" in the first line prevents the users from being able to access the commandline of your linux box ("-s" stands for "shell"). I strongly advise you to follow this recommendation! Don't change that setting to a valid login-shell unless you really know what you are doing!

Repeat this step until you configured all user accounts!

Now that we configured samba and created the user accounts we are done with the Linux-part - there's one more thing to do in Windows.

2. Changing network settings in Windows

Now we should let Windows know that there's a WINS server active in the network.

If you had to change "wins support" to "no" above skip this step!

- Click "START"
- Click "Control Panel"
- Click "Network Connections"
- Find your "LAN Connection"
- Right-click the icon and select "Properties"
- Select the "TCP/IP" Protocol and click the "Properties" button
- Click "Advanced"
- Select the third Tab entitled "WINS"
- Click "Add"
- Type in the ip-address of your Linux box
- Click "Add"
- Select "Use NetBIOS over TCP/IP"
- Click "OK"
- Click "OK"
- Click "OK"
- Reboot Windows

Upon reboot you may now map the network drive within Windows.

With WINS enabled:
- Click "START"
- Right-click "My Computer"
- Select "Map network drive"
- Choose the drive letter
- Type \\DAPPER\MyFiles
NOTE: Adjust this to the hostname and sharename you chose above!
- Click "Finish"

With WINS disabled:
- Click "START"
- Right-click "My Computer"
- Select "Map network drive"
- Choose the drive letter
- Type \\\MyFiles
NOTE: To find out the ip-address of your Linux box type "ifconfig" inside a terminal and find the ip for the correct interface (i.e. eth0). Don't forget to adjust the sharename to the name you chose above.
- Click "Finish"

That's it - samba is up and running now.

3. Security consideration

This is the right time to think about security right away.

In case your computer has more than one network connection (i.e. wired and wireless ethernet) you may want to restrict access to samba.

If not especially configured samba will bind its service to all available network interfaces.

So, let us assume you only want your wired network to have access and that the network card is called eth0.

Add the following lines to the [general] section of your smb.conf to achieve that goal:

interfaces = lo, eth0
bind interfaces only = true
If you did it correctly it should look similar to this:

    ; General server settings
    netbios name = YOUR_HOSTNAME
    server string =
    workgroup = YOUR_WORKGROUP
    announce version = 5.0
    interfaces = lo, eth0
    bind interfaces only = true
Now only the local loopback interface (dubbed "lo") and eth0 are able to access samba - there's no need to fear that someone might break into your system by wireless as the interface isn't bound to the service.

4. Final words

If you happen to have any questions feel free to ask - I'll try to help as soon as possible.

If you find any mistakes in this howto please let me know so that I can fix them.

Feel free to contribute and suggest - help to make this howto a better guide.

5. Addendum: Useful links

Here are some links you may find useful.

The onsite links refer to other samba-guides and to ubuntu_daemon's "Important Links" thread.

- Onsite
Ubuntu Help: Windows Networkworking
Ubuntu Documentation: Setting up Samba

READ THIS FIRST prior to posting - IMPORTANT links (by ubuntu_daemon)

The offsite links refer to the offical Samba homepage and to a selected choice of their official documentation; these links are useful if you like to dig yourself into the mysteries of samba's configuration and usage as well as troubleshooting problems.

- Offsite
Samba Homepage

Practical Exercises in Successful Samba Deployment
The Official Samba-3 HOWTO and Reference Guide
Using Samba, 2nd Edition

Whew. That was a mouthful.

After doing all of those steps. I removed firestarter - which I suspect may also be a culprit to my ICS woes.

I did:

$ sudo apt-get purge firestarter

Configuring Windows XP as a host.