How to : Configure Ubuntu as a Router

Introduction

If you are having two network interface cards or some other component that connects you to the internet along with a network interface card installed in your ubuntu system, it can be transformed into an immensely powerful router. You can establish basic NAT (Network Address Translation), activate port forwarding, form a proxy, and prioritize traffic observed by your system so that your downloading stuff do not intervene with gaming. This article will explicate setting up your ubuntu system as a router which can later be configured as a firewall with prior knowledge of 'IPTables'. The resulting setup will help you to control traffic over ports and make your system less vulnerable to security breaches.

Gateway Setup

Pre-requisites:

• Computer with Ubuntu OS
• Two network cards
• Internet connectivity
• Knowledge of iptables

We will need two network cards installed in the computer. One network card connects to the Internet. We will call this card eth1. The other card connects to our internal network. We will call this as eth0.

Host A (192.168.1.8) ⇐⇒ Eth1 ⇐⇒ Ubuntu Gateway ⇐⇒ Eth0 ⇐⇒ Host B (10.10.6.205)

In summary:

• eth1 = Network adapter connected to internet (external).
• eth0 = Network adapter connected to a computer in the same subnet (internal).
• 10.10.6.0 = Subnet for eth0
• 192.168.1.8 = IP address of Host A, any computer in the internet.
• 10.10.6.203 = IP address of eth0.
• 10.10.6.204 = IP address of eth1.
• 10.10.6.205 = IP address of Host B, any computer in the same subnet.

Configuring Network Interface Cards

Each network interface has to be assigned with a static IP address. The method of allocating static IP addresses to the interfaces differs for desktop edition and server edition of Ubuntu. Both the methods are elaborated below.


For Ubuntu- Desktop edition:

System Settings ⇒ Network ⇒ Select Interface ⇒ Options

For Ubuntu- Server edition:

1. Open Terminal (Ctrl+Alt+T)

2. Enter following command to edit 'interfaces' file:

sudo vim /etc/network/interfaces

3. Edit the file with the following lines:


auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 10.10.6.203
netmask 255.255.255.0
gateway 10.10.6.203

auto eth1
iface eth1 inet static
address 10.10.6.204
netmask 255.255.255.0
gateway 10.10.6.2

Enable IP forwarding

Configure the Ubuntu system so as to initiate routing between two interfaces by enabling IP forwarding:

sudo sh -c “echo 1 /proc/sys/net/ipv4/ip forward’’

Edit /etc/sysctl.conf, and (up to 10.04) add these lines:

net.ipv4.conf.default.forwarding=1
net.ipv4.conf.all.forwarding=1

From 10.10 onwards, it is sufficient to edit /etc/sysctl.conf and uncomment:

# net.ipv4.ip forward=1

so that it reads:

net.ipv4.ip forward=1

 

IP Masquerading

To enable IP masquerading, enter following set of commands in terminal:

sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

sudo iptables -A FORWARD -i eth1 -o eth0 -m state -–state RELATED,ESTABLISHED -j ACCEPT

sudo iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

Result

Do not forget to save these IPTables rules. Unless they are saved, they will be lost after next system reboot as they are stored in volatile memory.

# iptables-save > /etc/iptables.rules

Above command will activate previously saved IPTables rules when system reboots making the changes permanent.


Credits: Mr. Mahesh Doijade (TechDarting.com)