Ubuntu Router Network Gateway
In this article you will learn how to setup your very own Ubuntu router internet gateway. The Ubuntu router / gateway will act exactly like any other router that you can purchase at the store, except your linux box will have more functionality and extra security. What you will need to build your Ubuntu router:
- Extra computer
- (2) Ethernet cards
- Switch
- Ubuntu 10.04 LTS Server Edition
- Putty
This article will explain how to setup a fresh install of Ubuntu 10.04 server edition, configuring a dhcp server for a local network, while a including a firewall from the nasty internet. The first thing that you are going to do is a fresh install of the Ubuntu server edition, but selecting only Open SSH server during the software installation section of the Ubuntu install. After the installation completes and your pc reboots, you are then going to want to set a root password (su).
sudo passwd root
After you have a set a root password, login into root by typing the following command:
su
After you are in super user mode (root) we are then going to want to update our Ubuntu distro. Type the following commands to update the os and other programs.
apt-get update
apt-get upgrade
After your computer updates, restart it.
reboot
Setup Network Cards
vi /etc/network/interfaces
In the example below my eth0 represents the network interface that connects to the internet and the eth1 interface connects to switch. The switch then connects to all of your other networked devices, such as your gaming system and other networked devices. I added the following code into the /etc/network/interfaces file:
auto eth1
iface eth1 inet static
address 192.168.10.1
netmask 255.255.255.0
network 192.168.10.0
broadcast 192.168.10.255
/etc/init.d/networking restart
The next following step is not required, but I like to set a hostname for my Ubuntu router, all you have to do is install apache and you could have your own personal intranet or web server.
vi /etc/hosts
echo homeserver.gateway.2wire.net > /etc/hostname
/etc/init.d/hostname.sh start
hostname
hostname -f
Once you have completed the following above, you can use putty to access your linux machine from your windows based pc. This will allow you to copy and paste the following code, to speed up the process of creating your linux gateway. The first thing that you must do to use putty to configure your Ubuntu router, is set a static ip on your windows machine, since we don’t have a dhcp server installed yet. Set a static ip address for Microsoft Vista. If you don’t want to use putty you can just type out the rest of the code, putty just makes it easier. Once you have chosen your terminal program that you are going to use, again login under root. It is now time to install some software that we will need to setup the gateway.
apt-get install dhcp3-server bind9 vim perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libmd5-perl
Enable packet forwarding
vi /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
echo 1 > /proc/sys/net/ipv4/ip_forward
Install Webmin
Webmin is another good program to use to configure you Ubuntu gateway and other server programs that you might use. If you use webmin, you will be able to easily configure you server, using any web browser you choose.
cd /opt
mkdir webmin
cd /opt/webmin
wget http://prdownloads.sourceforge.net/webadmin/webmin-1.430.tar.gz
tar xzvf webmin-1.430.tar.gz
cd webmin-1.430/
./setup.sh
During installation you will be asked a few questions, just press enter a few times. The only thing that you want to change is the port number, user name and password and also say yes to SSL.
Configure dhcp
- Network address – 192.168.10.0
- Netmask – 255.255.255.0
- Address ranges -192.168.10.100 – 192.168.10.200
After you have entered the above click on the create button. You should now see an icon that reads 192.168.10.0, click on this new icon and then click on the Edit Client Options button.
- Subnet mask – 255.255.255.0
- Default routers – 192.168.10.1
- Broadcast address – 192.168.10.255
- DNS servers – 192.168.10.1
After you have the above into the client options windows click the save button twice, which should return you to the main Dhcp server window. Inside the dhcp server screen, you see a button called Edit Network Interface, click this button and select eth1 then click save. Now click on the Start Sever button to start you dhcp server, if you see no errors, you are good.
Configure firewall
Once you have setup you dhcp server, click on the Networking tab, then click on the Linux Firewall link. You will now need to select “Do network address translation on external interface:” on eth0, then click on Setup Firewall. Once you are inside the firewall program, change the drop down list from Network Address Translation (NAT) to Packet filtering (filter). You will now need to add the following rules to your firewall.
Input:
- Accept if input interface is lo
- Accept if input interface is eth0 and state of connection is ESTABLISHED, RELATED
- Accept if input interface is eth1
- Click on Apply Configurations.
Great guide. Very brief and simple. If multiple interfaces are used for NAT is it possible to limit bandwidth on each interfaces? For example if my internet connection has speed of 4 mbps, can I divide it into 2 mbps each on 2 NAT interfaces.
Great guide! I followed your steps but still can’t seem to get addresses from the internal NIC to route externally. I can assign dhcp addresses perfectly fine but the computers can access the internet. If I ping an external address, say red.com I get a non-authoritative response at the external address but still can’t get to the site
Great!
I tried to set up my linux as a router now about 7 hours, 6 of these without any success – on 7th hour i found your guide.
Many times: thank you!
To connect ssh without putty in ubuntu (and most of other unix-based OS) you can just write shell command like “ssh username@serverip”.
If vim feels difficult to use then try pico / nano.
Anyway this guide is usefull, im going to try share hsupa connection so if there is any tips i can use for that…
This was a very clear and concise article. Thank you for putting it up!
The one thing I got caught up on was on the last step Configure firewall.
All the computer were able to connect to my eth1 port, and could find IP addresses for domain names, but weren’t able to ping or access anything outside of eth0/1. Before creating the rules step, I found the solution from here: http://www.docstoc.com/docs/29075317/Setting-ubuntu-as-router
The important bit for to follow was in webmin go to network, then firewall, and ‘Do network address translation on external interface for eth0′ before all the other steps.
This was a really life saver as well, THANKS!!!
http://www.linuxquestions.org/questions/linux-networking-3/ubuntu-router-firewall-827899/
Hi – this is very helpful. I go the the last step. After configuring the firewall, I clicked on “Apply Configuration” and got the following error:
Failed to apply configuration:
iptables-restore v1.4.4: Can’t use -i with OUTPUT
Error occurred at line:13
Try ‘iptables-restore -h’ or ‘iptables-restore –help’ for more information.
Can someone tell me what I should do to resolve this problem?
Thanks!
Siew
If you installed Webmin on your computer, just login. Select Linux Firewall under the Networking tab, then click Reset Firewall. I just updated the post after realizing you were having a problem. Try the new directions for setting up the firewall.
Configure firewall
Once you have setup you dhcp server, click on the Networking tab, then click on the Linux Firewall link. You will now need to select “Do network address translation on external interface:” on eth1, then click on Setup Firewall. Once you are inside the firewall program, change the drop down list from Network Address Translation (NAT) to Packet filtering (filter). You will now need to add the following rules to your firewall.
Input:
Accept if input interface is lo
Accept if input interface is eth0 and state of connection is ESTABLISHED,RELATED
Accept if input interface is eth1
Click on Apply Configurations.
I have read a lot about connecting broadband router to home server. Nearly all new installation by ISP to home comes with router with a modem built in, so you will not have modem outlet, and all the outlets are after the gateway ready to be connected to your PCs with UTP cables or wirelessly. Normally, you see only the internal network IPs but not the external dynamic IP (WAN) though you could read it by program such as IP2. A pure broadband modem is difficult to come by these days. Is there any way to bypass the integrated hardware router in the modern ISP supplied router (modem + router) and get our server’s NIC to connect to WAN? ISP supplied manual will not tell you how. I am new and would appreciate help.
You need to put the isp provided gateway (router) into DMZ mode. The way the gateway works is that it takes your isp provided ip address and translates it to a local area connection. So if you put the gateway in DMZ mode, you can assign the isp provided ip address to your server. This is really not that safe since all ports will be open to the server. Your better off assigning a local area static ip address on your server, then open the ports that you will need for your server. For instance if your are running a web server, you can just open up port 80 on the gateway to allow access to your web server.
For example if your isp provided ip address is 99.150.4.130, and you local area network is 192.168.1.0. You can set a static ip address on your server to 192.168.1.10. Then you open port 80 on the gateway firewall. You will be able to type 99.150.4.130 into your web browser to view your web server, if you happen to be at a different location. If you are at home, you could type either 99.150.4.130 or 192.168.1.10 into your browser to view your web server. Search google for “port numbers” to find out what ports you need to open up.
The last part:
Configure firewall
Once you have setup you dhcp server, click on the Networking tab, then click on the Linux Firewall link. You will now need to select “Do network address translation on external interface:†on eth1
the eth1 should be correct to eth0. cause eth0 is the external interface.
and thanks for this article. It helps me finished my first step on Ubuntu based home Router/NAS. And I will try to make it more security to hold my staffs.
Thanks for the correction, my bad.