Saturday, 27 July 2013

How to : Configure Ubuntu as a Router

Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router,

Introduction

If you are having two network interface cards or some other component that connects you to the internet along with a network interface card installed in your ubuntu system, it can be transformed into an immensely powerful router. You can establish basic NAT (Network Address Translation), activate port forwarding, form a proxy, and prioritize traffic observed by your system so that your downloading stuff do not intervene with gaming. This article will explicate setting up your ubuntu system as a router which can later be configured as a firewall with prior knowledge of 'IPTables'. The resulting setup will help you to control traffic over ports and make your system less vulnerable to security breaches.


Gateway Setup

Pre-requisites:
  • Computer with Ubuntu OS
  • Two network cards
  • Internet connectivity
  • Knowledge of iptables
We will need two network cards installed in the computer. One network card connects to the Internet. We will call this card eth1. The other card connects to our internal network. We will call this as eth0.

Host A (192.168.1.8) ⇐⇒ Eth1 ⇐⇒ Ubuntu Gateway ⇐⇒ Eth0 ⇐⇒ Host B (10.10.6.205)



Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router,


In summary:

  • eth1 = Network adapter connected to internet (external).
  • eth0 = Network adapter connected to a computer in the same subnet (internal).
  • 10.10.6.0 = Subnet for eth0
  • 192.168.1.8 = IP address of Host A, any computer in the internet.
  • 10.10.6.203 = IP address of eth0.
  • 10.10.6.204 = IP address of eth1.
  • 10.10.6.205 = IP address of Host B, any computer in the same subnet.

Configuring Network Interface Cards

Each network interface has to be assigned with a static IP address. The method of allocating static IP addresses to the interfaces differs for desktop edition and server edition of Ubuntu. Both the methods are elaborated below.


For Ubuntu- Desktop edition:

System Settings ⇒ Network ⇒ Select Interface ⇒ Options






For Ubuntu- Server edition:

1. Open Terminal (Ctrl+Alt+T)

2. Enter following command to edit 'interfaces' file:

sudo vim /etc/network/interfaces

3. Edit the file with the following lines:


auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 10.10.6.203
netmask 255.255.255.0
gateway 10.10.6.203

auto eth1
iface eth1 inet static
address 10.10.6.204
netmask 255.255.255.0
gateway 10.10.6.2


Enable IP forwarding


Configure the Ubuntu system so as to initiate routing between two interfaces by enabling IP forwarding:

sudo sh -c “echo 1 /proc/sys/net/ipv4/ip forward’’

Edit /etc/sysctl.conf, and (up to 10.04) add these lines:

net.ipv4.conf.default.forwarding=1
net.ipv4.conf.all.forwarding=1

From 10.10 onwards, it is sufficient to edit /etc/sysctl.conf and uncomment:

# net.ipv4.ip forward=1

so that it reads:

net.ipv4.ip forward=1


IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding, IP Forwarding,

 

IP Masquerading

To enable IP masquerading, enter following set of commands in terminal:

sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

sudo iptables -A FORWARD -i eth1 -o eth0 -m state -–state RELATED,ESTABLISHED -j ACCEPT

sudo iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT


Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router, Ubuntu as a router,
Result

Do not forget to save these IPTables rules. Unless they are saved, they will be lost after next system reboot as they are stored in volatile memory.

# iptables-save > /etc/iptables.rules

Above command will activate previously saved IPTables rules when system reboots making the changes permanent.


Credits: Mr. Mahesh Doijade (TechDarting.com)

Share This Post:

14 comments:

  1. shouldn't eth0 be in the same network as the client? Is presume the client would use eth0 as its def gw?

    ReplyDelete
  2. Well, in above experimentation, eth0 (the router in fact) and the client were in the same network. And IP address of eth0 was the default gateway for the client.
    Plus 1 for you. :)

    ReplyDelete
  3. I cannot find the gateway 10.10.6.2 from your connection diagram or summary. Can you show me where it is.

    ReplyDelete
    Replies
    1. This experiment was performed in the college campus and the gateway 10.10.6.2 was located between the Switch and Host A.

      Delete
  4. shoudn't the eth0 gateway be (10.10.6.204) ? or it is right as you did it ?

    ReplyDelete
  5. Getting an error:
    firewall:~$ sudo iptables -A FORWARD -i eth1 -o eth0 -m state -state RELATED,ESTABLISHED -j ACCEPT
    Bad argument `RELATED,ESTABLISHED'
    Try `iptables -h' or 'iptables --help' for more information.

    Any ideas?

    ReplyDelete
  6. Hi. Theres a mistype with your tuto, it should be: sudo iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

    Thanks for the tuto, saved my day!

    ReplyDelete
  7. when i enter the command: sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
    i get this message: iptable: no chain\target\match by that name
    what should i do?

    ReplyDelete
    Replies
    1. Try updating your kernel version and reboot your system.

      Delete
  8. Lots of crap may happen while using abovemention configuration.

    First of all, it may be OK to enable Path MTU Discovery with MSS Clamping (http://lartc.org/howto/lartc.cookbook.mtu-mss.html). Otherwise half of sites won't work.

    Secondly, sometimes it's necessary to disable TCP timestamps (http://www.tmltechnologies.com/html-2012/index.php/linux-rescue-kits/82-secret/91-disable-tcp-timestamps-on-linux). Otherwise you may face specific TCP ports unreachability.

    Other tricks may involve MTU lowering.

    Consider that.

    ReplyDelete
  9. I read your post. Thanks so much!
    I have problems for my network: Host A, RedHat Linux (2 Lan Cards), Host B.
    _ Host A: 192.168.1.2 netmask 255.255.255.0 gw 192.168.1.1 (connect to eth0 - RedHat).
    _ RedHat Linux: eth0 192.168.1.1 netmask 255.255.255.0
    eth1 192.168.2.1 netmask 255.255.255.0
    _ Host B: 192.168.2.2 netmask 255.255.255.0 gw 192.168.2.1 (connect to eth1 RedHat).
    From Host A, I can ping to eth0, eth1 but I can't ping to Host B
    And From Host B, I can ping to eth0, eth1 but I can't ping to Host A
    Can you help me?

    ReplyDelete
  10. If Host A and Host B are in the same network, there is no need of a router!
    I tryied with host A and host B in differents networks but it doesn't work :(
    Any tips???

    ReplyDelete
  11. Here eth1 should be in 192.168.1.x network. then only Host A can reach eth1 as a Gateway. It should not be in 10.0.6.x

    ReplyDelete

    Total Pageviews