The Complete Magazine on Open Source

How to Configure Ubuntu as a Router

28.93K 3


Did you know that your Ubuntu system could be configured to act as an immensely powerful router? Surprised? Read on to discover how to achieve this with just a few simple steps.

If you have two network interface cards installed in your Ubuntu system, one of which connects you to the Internet and the other to a local network, then your system can be transformed into an immensely powerful router. You can establish basic NAT (Network Address Translation), activate port forwarding, form a proxy, and prioritise traffic to and from your system so that your downloading does not interfere with your gaming. This article describes how to set up your Ubuntu system as a router, which can later be configured as a firewall. It requires prior knowledge of ‘iptables’. The resulting set-up will help you to control traffic over ports and make your system less vulnerable to security breaches.

Figure 1

Figure 1 : Ubuntu as a router

Gateway set-up
The pre-requisites to setting up a gateway are:

  • A computer with Ubuntu OS
  • Two network cards
  • Internet connectivity
  • Knowledge of iptables

Two network cards will have to be installed in the computer. One connects to the Internet, which we will call eth1. The other connects to our internal network.
We will call this card eth0.

Host A ( ? ? Eth1 ? ? Ubuntu Gateway ? ? Eth0 ? ?
Host B (

To summarise:

  • eth1 = Network adapter connected to the Internet (external)
  • eth0 = Network adapter connected to a computer in the same subnet (internal)
  • = Subnet for eth0
  • = IP address of Host A, any computer in the Internet
  • = IP address of eth0.
  • = IP address of eth1.
  • = IP address of Host B, any computer in the same subnet.

Figure 2 : Configuration of eth0


Figure 3 : Setting up network on eth0


Figure 4 : Configuration of eth 1



Figure 5 : Setting up network on eth 1

Configuring network interface cards  
Each network interface has to be assigned a static IP address. How to do this differs for the desktop edition and the server edition of Ubuntu. Both the methods are described below. You can refer Figure 2 to 5
For Ubuntu’s desktop edition:  Click on System Settings ?Network ?Select Interface ?Options
For Ubuntu’s server edition: You need to follow the steps given below.
1.     Open the terminal, by pressing Ctrl+Alt+T
2.     Enter the following command to edit the ‘interfaces’ file:

sudo vim /etc/network/interfaces

3.     Edit the file with the following lines:

auto lo  
iface lo inet loopback  
auto eth0  
iface eth0 inet static  
auto eth1  
iface eth1 inet static  

Enable IP forwarding
Configure the Ubuntu system so as to initiate routing between two interfaces by enabling IP forwarding:

sudo sh -c “echo 1 /proc/sys/net/ipv4/ip forward’’

Edit /etc/sysctl.conf, and add the following lines (for versions up to Ubuntu 10.04):


From Ubuntu 10.10 onwards, it is sufficient to edit /etc/sysctl.conf and uncomment:

# net.ipv4.ip forward=1

…so that it reads as follows:

net.ipv4.ip forward=1

Figure 6 : Enable IP forwarding


Figure 7 : Result

IP masquerading
To enable IP masquerading, enter the following set of commands at the terminal:

sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
sudo iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

Do not forget to save these iptables rules, or they will be lost after the next system reboot as they are stored in volatile memory.

# iptables-save > /etc/iptables.rules

The above command will activate previously saved iptables rules when the system reboots, making the changes permanent.