Home Audience Admin How to Configure Ubuntu as a Router

How to Configure Ubuntu as a Router

7
775
Ubuntu as Router
Did you know that we can Ubuntu as router? Surprised? Read on to discover how to achieve this with just a few simple steps.

If you have two network interface cards installed in your Ubuntu system, one of which connects you to the Internet and the other to a local network, then your system can be transformed into an immensely powerful router. You can establish basic NAT (Network Address Translation), activate port forwarding, form a proxy, and prioritise traffic to and from your system so that your downloading does not interfere with your gaming. This article describes how to set up your Ubuntu system as a router, which can later be configured as a firewall. It requires prior knowledge of iptables. The resulting set-up will help you to control traffic over ports and make your system less vulnerable to security breaches.

Figure 1
Figure 1 : Ubuntu as a router

Gateway set-up for Configuring Ubuntu as Router

The pre-requisites to setting up a gateway are:

  • A computer with Ubuntu OS
  • Two network cards
  • Internet connectivity
  • Knowledge of iptables

Two network cards will have to be installed in the computer. One connects to the Internet, which we will call eth1. The other connects to our internal network.
We will call this card eth0.

Host A (192.168.1.8) ? ? Eth1 ? ? Ubuntu Gateway ? ? Eth0 ? ?
Host B (10.10.6.205)

To summarise:

  • eth1 = Network adapter connected to the Internet (external)
  • eth0 = Network adapter connected to a computer in the same subnet (internal)
  • 10.10.6.0 = Subnet for eth0
  • 192.168.1.8 = IP address of Host A, any computer in the Internet
  • 10.10.6.203 = IP address of eth0.
  • 10.10.6.204 = IP address of eth1.
  • 10.10.6.205 = IP address of Host B, any computer in the same subnet.
Figure 2 : Configuration of eth0
Figure 2: Configuration of eth0
fig3
Figure 3 : Setting up network on eth0
fig4
Figure 4: Configuration of eth 1
fig5
Figure 5: Setting up network on eth 1

Configuring network interface cards

Each network interface has to be assigned a static IP address. How to do this differs for the desktop edition and the server edition of Ubuntu. Both the methods are described below. You can refer Figure 2 to 5.

For Ubuntu s desktop edition:  Click on System Settings->Network->Select Interface->Options

For Ubuntu s server edition: You need to follow the steps given below.

1. Open the terminal, by pressing Ctrl+Alt+T
2. Enter the following command to edit the interfaces file:

sudo vim /etc/network/interfaces

3. Edit the file with the following lines:

auto lo  
iface lo inet loopback  
auto eth0  
iface eth0 inet static  
address 10.10.6.203  
netmask 255.255.255.0  
gateway 10.10.6.203
auto eth1  
iface eth1 inet static  
address 10.10.6.204  
netmask 255.255.255.0  
gateway 10.10.6.2

Enable IP forwarding

Configure the Ubuntu system so as to initiate routing between two interfaces by enabling IP forwarding:

sudo sh -c “echo 1 /proc/sys/net/ipv4/ip forward’’

Edit /etc/sysctl.conf, and add the following lines (for versions up to Ubuntu 10.04):

net.ipv4.conf.default.forwarding=1  
net.ipv4.conf.all.forwarding=1

From Ubuntu 10.10 onwards, it is sufficient to edit /etc/sysctl.conf and uncomment:

# net.ipv4.ip forward=1

so that it reads as follows:

net.ipv4.ip forward=1
fig6
Figure 6: Enable IP forwarding
fig7
Figure 7 : Result

IP masquerading

To enable IP masquerading, enter the following set of commands at the terminal:

sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
sudo iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

Do not forget to save these iptables rules, or they will be lost after the next system reboot as they are stored in volatile memory.

# iptables-save > /etc/iptables.rules

The above command will activate previously saved iptables rules when the system reboots, making the changes permanent.

7 COMMENTS

    • Once, you get Ubuntu set up as a router, I suggest you use Uncomplicated FireWall or ufw.

      1) To install:
      sudo apt-get install ufw

      2) More info:

      man ufw

      It is fairly easy to add rules if you have a working knowledge of ipv4/6

LEAVE A REPLY

Please enter your comment!
Please enter your name here