IntroductionIf you are having two network interface cards or some other component that connects you to the internet along with a network interface card installed in your ubuntu system, it can be transformed into an immensely powerful router. You can establish basic NAT (Network Address Translation), activate port forwarding, form a proxy, and prioritize traffic observed by your system so that your downloading stuff do not intervene with gaming. This article will explicate setting up your ubuntu system as a router which can later be configured as a firewall with prior knowledge of 'IPTables'. The resulting setup will help you to control traffic over ports and make your system less vulnerable to security breaches.
- Computer with Ubuntu OS
- Two network cards
- Internet connectivity
- Knowledge of iptables
Host A (192.168.1.8) ⇐⇒ Eth1 ⇐⇒ Ubuntu Gateway ⇐⇒ Eth0 ⇐⇒ Host B (10.10.6.205)
- eth1 = Network adapter connected to internet (external).
- eth0 = Network adapter connected to a computer in the same subnet (internal).
- 10.10.6.0 = Subnet for eth0
- 192.168.1.8 = IP address of Host A, any computer in the internet.
- 10.10.6.203 = IP address of eth0.
- 10.10.6.204 = IP address of eth1.
- 10.10.6.205 = IP address of Host B, any computer in the same subnet.
Configuring Network Interface CardsEach network interface has to be assigned with a static IP address. The method of allocating static IP addresses to the interfaces differs for desktop edition and server edition of Ubuntu. Both the methods are elaborated below.
For Ubuntu- Desktop edition:
System Settings ⇒ Network ⇒ Select Interface ⇒ Options
For Ubuntu- Server edition:
1. Open Terminal (Ctrl+Alt+T)
2. Enter following command to edit 'interfaces' file:
sudo vim /etc/network/interfaces
3. Edit the file with the following lines:
iface lo inet loopback
iface eth0 inet static
iface eth1 inet static
Enable IP forwarding
Configure the Ubuntu system so as to initiate routing between two interfaces by enabling IP forwarding:
sudo sh -c “echo 1 /proc/sys/net/ipv4/ip forward’’
Edit /etc/sysctl.conf, and (up to 10.04) add these lines:
From 10.10 onwards, it is sufficient to edit /etc/sysctl.conf and uncomment:
# net.ipv4.ip forward=1
so that it reads:
IP MasqueradingTo enable IP masquerading, enter following set of commands in terminal:
sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
sudo iptables -A FORWARD -i eth1 -o eth0 -m state -–state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
Do not forget to save these IPTables rules. Unless they are saved, they will be lost after next system reboot as they are stored in volatile memory.
# iptables-save > /etc/iptables.rules
Above command will activate previously saved IPTables rules when system reboots making the changes permanent.
Credits: Mr. Mahesh Doijade (TechDarting.com)