Ubuntu Router

Ubuntu Router:

Ubuntu Server As Gateway:

Ubuntu Router

Introduction:

This post “Ubuntu Router” is step by step guide which is intended for users who would like to set up ubuntu server acting as a router.

Follow the below steps to make Ubuntu server work as a gateway/next hop to reach internet.

Note: If configuring Ubuntu vm server on a hypervisor like “KVM”, then we need to disable anti-spoofing at that particular VM.

Steps:

  1. Enable IP packet forwardingIn “/etc/sysctl.conf” file uncomment the “net.ipv4.ip forward” and set value 1.
    • cmd:
      • vi /etc/sysctl.conf
      • net.ipv4.ip forward=1
  2. Configure 2 Nic’s and assign IP addresses
    • First nic assume eth0 outside facing with public IP address
    • Second nic assume eth1 inside facing with private IP address
  3. Creating Iptables rules to performing NAT operationNAT facilitates re-writing of source/destination address of ip packets, we can accomplish this with help of Linux kernel utility called “iptables”
    • Enable forwards to accept packets
    • Connect a private network to internet
    • Save that iptables rules, so that they will persist after reboot
    • cmd:
      • sudo iptables -P FORWARD ACCEPT
      • sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
      • sudo iptables-save > /etc/iptables.rules
    • Iptables The command line utility for configuring the kernel
      -t nat Select table “nat” for configuration of NAT rules
      -A POSTROUTING Append a rule to the POSTROUTING chain (-A stands for “append”).
      -o eth0 this rule is for packets that leave on the second network interface i.e. public ip enabled NIC (-o stands for “output”)
      -j MASQUERADE The action that should take place is to ‘masquerade’ packets, i.e. replacing the sender’s address by the router’s address.
    • cmd’s to check o/p:
      • iptables –L
      • iptables –S
      • iptables -t nat -v -L POSTROUTING -n –line-number
  4. Next add this router server’s private ip address as a gateway on other server, so that they will send packets to this server.
    • cmd:
      • route add default gw  <private ip address of router>
      • route -n
  5. Add the Global DNS server details ( This step is optional if DNS server details are already set )
    • Add below lines to resolv.conf file
    • cmd:
      • sudo vi /etc/resolv.conf
      • nameserver 8.8.8.8
      • nameserver 8.8.4.4