Ubuntu Server As Gateway:
This post “Ubuntu Router” is step by step guide which is intended for users who would like to set up ubuntu server acting as a router.
Follow the below steps to make Ubuntu server work as a gateway/next hop to reach internet.
Note: If configuring Ubuntu vm server on a hypervisor like “KVM”, then we need to disable anti-spoofing at that particular VM.
- Enable IP packet forwardingIn “/etc/sysctl.conf” file uncomment the “net.ipv4.ip forward” and set value 1.
- vi /etc/sysctl.conf
- net.ipv4.ip forward=1
- Configure 2 Nic’s and assign IP addresses
- First nic assume eth0 outside facing with public IP address
- Second nic assume eth1 inside facing with private IP address
- Creating Iptables rules to performing NAT operationNAT facilitates re-writing of source/destination address of ip packets, we can accomplish this with help of Linux kernel utility called “iptables”
- Enable forwards to accept packets
- Connect a private network to internet
- Save that iptables rules, so that they will persist after reboot
- sudo iptables -P FORWARD ACCEPT
- sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
- sudo iptables-save > /etc/iptables.rules
Iptables The command line utility for configuring the kernel -t nat Select table “nat” for configuration of NAT rules -A POSTROUTING Append a rule to the POSTROUTING chain (-A stands for “append”). -o eth0 this rule is for packets that leave on the second network interface i.e. public ip enabled NIC (-o stands for “output”) -j MASQUERADE The action that should take place is to ‘masquerade’ packets, i.e. replacing the sender’s address by the router’s address.
- cmd’s to check o/p:
- iptables –L
- iptables –S
- iptables -t nat -v -L POSTROUTING -n –line-number
- Next add this router server’s private ip address as a gateway on other server, so that they will send packets to this server.
- route add default gw <private ip address of router>
- route -n
- Add the Global DNS server details ( This step is optional if DNS server details are already set )
- Add below lines to resolv.conf file
- sudo vi /etc/resolv.conf
- nameserver 220.127.116.11
- nameserver 18.104.22.168