If you have two network interface cards installed in your Ubuntu system, one of which connects you to the Internet and the other to a local network, then your system can be transformed into an immensely powerful router. You can establish basic NAT (Network Address Translation), activate port forwarding, form a proxy, and prioritise traffic to and from your system so that your downloading does not interfere with your gaming. This article describes how to set up your Ubuntu system as a router, which can later be configured as a firewall. It requires prior knowledge of iptables. The resulting set-up will help you to control traffic over ports and make your system less vulnerable to security breaches.
The pre-requisites to setting up a gateway are:
- A computer with Ubuntu OS
- Two network cards
- Internet connectivity
- Knowledge of iptables
Two network cards will have to be installed in the computer. One connects to the Internet, which we will call eth1. The other connects to our internal network.
We will call this card eth0.
Host A (192.168.1.8) ? ? Eth1 ? ? Ubuntu Gateway ? ? Eth0 ? ? Host B (10.10.6.205)
- eth1 = Network adapter connected to the Internet (external)
- eth0 = Network adapter connected to a computer in the same subnet (internal)
- 10.10.6.0 = Subnet for eth0
- 192.168.1.8 = IP address of Host A, any computer in the Internet
- 10.10.6.203 = IP address of eth0.
- 10.10.6.204 = IP address of eth1.
- 10.10.6.205 = IP address of Host B, any computer in the same subnet.
Configuring network interface cards
Each network interface has to be assigned a static IP address. How to do this differs for the desktop edition and the server edition of Ubuntu. Both the methods are described below. You can refer Figure 2 to 5
For Ubuntus desktop edition: Click on System Settings ?Network ?Select Interface ?Options
For Ubuntus server edition: You need to follow the steps given below.
1. Open the terminal, by pressing Ctrl+Alt+T
2. Enter the following command to edit the interfaces file:
sudo vim /etc/network/interfaces
3. Edit the file with the following lines:
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 10.10.6.203 netmask 255.255.255.0 gateway 10.10.6.203 auto eth1 iface eth1 inet static address 10.10.6.204 netmask 255.255.255.0 gateway 10.10.6.2
Enable IP forwarding
Configure the Ubuntu system so as to initiate routing between two interfaces by enabling IP forwarding:
sudo sh -c echo 1 /proc/sys/net/ipv4/ip forward
Edit /etc/sysctl.conf, and add the following lines (for versions up to Ubuntu 10.04):
From Ubuntu 10.10 onwards, it is sufficient to edit /etc/sysctl.conf and uncomment:
# net.ipv4.ip forward=1
so that it reads as follows:
To enable IP masquerading, enter the following set of commands at the terminal:
sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE sudo iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
Do not forget to save these iptables rules, or they will be lost after the next system reboot as they are stored in volatile memory.
# iptables-save > /etc/iptables.rules
The above command will activate previously saved iptables rules when the system reboots, making the changes permanent.