User Tools

Site Tools


how_to_make_a_quick_nat_router_on_ubuntu
no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


how_to_make_a_quick_nat_router_on_ubuntu [2010/12/03 23:30] (current) – created tkbletsc
Line 1: Line 1:
 +If you've got an Ubuntu box with two NICs and you want a quick NAT router, do the following. This guide assumes that eth0 is your **local network** and eth1 is your **internet connection**.  Reverse "eth0" and "eth1" in these directions if that's not the case.  This has been tested on Ubuntu 8.04.
  
 +1. Remove network manager.  It sucks anyway, and has very little use if you're not on a laptop
 +
 +  $ sudo apt-get remove network-manager
 +
 +2. Configure both NICs.  Set the internet NIC (eth1 below) to automatic DHCP mode, and the local NIC (eth0 below) to a static IP of 192.168.0.1 with netmask 255.255.255.0. To do this, you can either (a) use the GUI in System | Admin | Network, or (b) as root, edit /etc/network/interfaces so it looks like:
 +
 +<file>
 +auto lo
 +iface lo inet loopback
 +
 +# internet
 +auto eth1
 +iface eth1 inet dhcp
 +pre-up iptables-restore < /etc/iptables.rules
 +pre-up echo 1 > /proc/sys/net/ipv4/ip_forward
 +
 +# local
 +iface eth0 inet static
 +address 192.168.0.1
 +netmask 255.255.255.0
 +auto eth0
 +</file>
 +
 +3. If you used the GUI in step 2, you'll need to edit /etc/network/interfaces and add the following lines after your "iface" line for the internet interface:
 +
 +  pre-up iptables-restore < /etc/iptables.rules
 +  pre-up echo 1 > /proc/sys/net/ipv4/ip_forward
 +
 +Either way, your completed file should look like the example in step 2.
 +
 +4. Put the following rules into /etc/iptables.rules:
 +
 +<file>
 +#!/usr/bin/env iptables-restore
 +#
 +# NAT with eth1=remote and eth0=local, adapted from:
 +#   http://danieldegraaf.afraid.org/info/iptables/examples
 +# specifically,
 +#   http://danieldegraaf.afraid.org/info/iptables/nat2
 +#
 +*filter
 +:FORWARD DROP [0:0]
 +:INPUT DROP [0:0]
 +:OUTPUT ACCEPT [0:0]
 +-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 +-A FORWARD -i eth0 -j ACCEPT
 +# (1/2) To forward a port, you need to add TWO lines.  First, here:
 +#   -A FORWARD -p tcp --dport <WAN_PORT> -j ACCEPT
 +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 +-A INPUT -i lo -j ACCEPT
 +# To accept a port on the router, add a line like:
 +#   -A INPUT -p tcp --dport 25 -j ACCEPT
 +# To open ALL ports:
 +#   -A INPUT -j ACCEPT
 +-A INPUT -j ACCEPT
 +COMMIT
 +*nat
 +:PREROUTING ACCEPT [0:0]
 +:POSTROUTING ACCEPT [0:0]
 +:OUTPUT ACCEPT [0:0]
 +# (2/2) To forward a port, you need to add TWO lines.  Second, here:
 +#   -A PREROUTING -i eth1 -p tcp --dport <WAN_PORT> -j DNAT --to-destination <LAN_IP>
 +-A POSTROUTING -o eth1 -j MASQUERADE
 +COMMIT
 +</file>
 +
 +The comments tell you how to add port forwarding.  This configuration leaves all ports open on the router.
 +
 +Steps 1-5 take care of enabling NAT routing itself.  We just need to add a DHCP server so new hosts will get IPs.
 +
 +5. Install dhcp3-server:
 +
 +  $ sudo apt-get install dhcp3-server
 +
 +6. Add our NAT subnet to the config file "''/etc/dhcp3/dhcpd.conf''". To get the domain name servers, "cat /etc/resolv.conf" and copy the IPs and use them in the "domain-name-servers" line.
 +
 +<file>
 +subnet 192.168.0.0 netmask 255.255.255.0 {
 +  range 192.168.0.100 192.168.0.200;
 +  option routers 192.168.0.1;
 +  option domain-name-servers 152.1.1.248, 152.1.1.161;
 +}
 +</file>
 +
 +7. Restart the DHCP server:
 +
 +  $ sudo /etc/init.d/dhcp3-server restart
 +
 +8. Make sure it started okay by checking the syslog:
 +
 +  $ less /var/log/syslog
 +
 +You should see something like:
 +<file>
 +May 16 13:26:42 if dhcpd: Internet Systems Consortium DHCP Server V3.0.6
 +May 16 13:26:42 if dhcpd: Copyright 2004-2007 Internet Systems Consortium.
 +May 16 13:26:42 if dhcpd: All rights reserved.
 +May 16 13:26:42 if dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
 +May 16 13:26:42 if dhcpd: Wrote 0 leases to leases file.
 +May 16 13:26:42 if dhcpd: 
 +May 16 13:26:42 if dhcpd: No subnet declaration for eth1 (152.14.92.129).
 +May 16 13:26:42 if dhcpd: ** Ignoring requests on eth1.  If this is not what
 +May 16 13:26:42 if dhcpd:    you want, please write a subnet declaration
 +May 16 13:26:42 if dhcpd:    in your dhcpd.conf file for the network segment
 +May 16 13:26:42 if dhcpd:    to which interface eth1 is attached. **
 +May 16 13:26:42 if dhcpd: 
 +</file>
 +
 +That error about "No subnet declaration for eth1" is good -- we don't **want** to do DHCP server on our internet uplink!
 +
 +9. Connect a machine to the LAN side and boot it up.  It should get an IP and be able to access the internet.
how_to_make_a_quick_nat_router_on_ubuntu.txt · Last modified: 2010/12/03 23:30 by tkbletsc

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki