Sunday, January 10, 2010

Setting Up Gateway in Ubuntu

I just think how to set up simple gateway server for a LAN. After searched for a while, i found some useful guide (see references).
First, the server machine needs to have at least two interfaces, e.g. eth0 and eth1. In my case, I used eth0 for connecting to internet and eth1 for connecting LAN connection.
It is not necessarily use eth0 to be connected to Internet. It depends on your Internet connection. It could be wlan0, ppp0 etc. This also useful for connecting two different networks.

Assume that your machine will be used as a gateway. This guide will be based on the figure below:


IP address Configuration
In this guide, IP address for each host in LAN need to be configured manually, unless DHCP server is installed.

DNS Server and Gateway
All hosts in LANneed to have same DNS server as your machine has and add the IP address of your machine as a gateway in LAN hosts, so that the IP packets will be route to the Internet through your machine.

Configuration of 'Gateway' machine
Step 1: Find DNS server on your machine
$ cat /etc/resolv.conf

The output will be like this
# Generated by NetworkManager
nameserver 10.1.2.21
nameserver 10.0.0.92

Step 2: Enable IP forwarding
First, check the default value. There are two ways.
Note: 0 means it is disabled

1. using sysctl command.
$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

2. cat the file /proc/sys/net/ipv4/ip_forward.
$ cat /proc/sys/net/ipv4/ip_forward
0

Second, change the value temporarily, so that, it will reset to 0 when you have shutting down the machine.
$ sudo sysctl -w net.ipv4.ip_forward=1

Try to check again to see the changed value.

To permanently enable the IP forwarding, you need to edit sysctl configuration file. Use any familiar text editor such as nano, vi and gedit.
$ sudo gedit /etc/sysctl.conf

Find these two lines, and uncomment the second line (remove the # symbol)
Before:
# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

After:
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

or simply edit using this command:
$ sudo sed -i 's/#net.ipv4.ip_forward/net.ipv4.ip_forward/g' /etc/sysctl.conf

Then update the change made.
$ sudo sysctl -p /etc/sysctl.conf

Step 3: Configure NAT on IP tables
iptables is very useful for maintain tables of IPv4 packet filtering in linux kernel. It has lots of chain rule. For performing NAT we have the command above (see manual for details):
$ sudo iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE

-t nat, an option of IP table to perform NAT at each packet matching.
-A POSTROUTING. The –A is used for append chain rule of –t and we use POSTROUTING for altering packets as they are about to go out.

-s indicates as source address from where the IP packet can route through the NAT. it should be followed by IP address along with the netmask. In this command it shows and IP address of 192.168.1.0 with subnet mask 255.255.255.0, which need to be written as 192.168.1.0/24. This IP will be used in LAN from 192.168.1.1 - 192.168.1.254. Your machine can use 192.168.1.1 for eth0 interface. (Google IP and subnet mask tutorial)

-o is used for name of an interface via which a packet is going to be sent (POSTROUTING). In this example, we used eth0 since it is the only interface that can be connected to internet.

-j should be followed by target extension. In this option we choose MASQUERADE. This target is only valid in the NAT table, in the POSTROUTING chain. Masquerading is equivalent to specifying a mapping to the IP address of the interface the packet is going out.

Now, restart your network service (not necessary)
$ sudo /etc/init.d/networking restart

We are done configuring IP forwarding, NAT and gateway on your machines. The next step is configuring IP address on LAN hosts.

Configuration of Hosts in LAN
Enter IP address to the hosts in range 192.168.1.2 - 192.168.1.254.
in the gateway field, put the IP address of 'gateway' machine, which is 192.168.1.1

Then, restart the network for linux host. Note that the configuration will be the same for Windows hosts.
Done.

Check internet connection for the hosts in LAN
Hope this will help you. Enjoy!

References:

13 comments:

  1. Thanks , this worked

    ReplyDelete
  2. Great walkthrough especially the explanation of the iptables command. thank you.

    ReplyDelete
  3. Excellent... Its working great..

    ReplyDelete
  4. Awesome blog post nice quality .bast VPN A good VPN provider will offer servers in a large range of different countries.

    ReplyDelete
  5. ERP Accpac Support Services in Toronto​ ( formerly Accpac) dealer / reseller we provide sales and consulting services to the Greater Toronto area.Immediate Sage 300 ERP telephone assistance and remote support to solve issues on the spot.And ERP is designed from the ground up to meet the demanding needs of diverse business environments.This Blog Is Very Nice.

    ReplyDelete
  6. Good line and nice image this post. this post will be effectively Just about everything looks good displayed thanks for sharing.
    ___________

    هاست

    ReplyDelete
  7. This article is pretty interesting since there is so many useful information inside. We need more similar info on a daily basis. Hope you'll regularly update this web in the future. Thank you.


    Discount Curtains

    ReplyDelete
  8. Nice to read that such training centres are the place to be, because in reality, most students do not fit the format of education. Especially now in the digital era, schools need fresh approaches for education. Thanks for the article. World Wide Web

    ReplyDelete
  9. Remarkable video, actually a pleasant quality, this YouTube video touched me a lot in terms of features. Dive

    ReplyDelete
  10. I really like and appreciate your blog post, thanks again. Want some more stuff.
    Jaipur Room Rent

    ReplyDelete
  11. Goodness, incredible YouTube video about how to present virtual file, I totally got it. Abundantly refreshing keep it up.Lol Boosting

    ReplyDelete
  12. This post is awesome and beneficial in moving of all new Personal home pages related web programming engineers; they ought to consider it and play out the practice.Lol Elo Boosting

    ReplyDelete
  13. Greetings! I know this is to some degree off point yet I was considering which blog stage would you say you are using for this website page? I'm getting reinforced up of WordPress in light of the fact that I've had issues with software engineers and I'm looking for another stage. I would be amazing in case you could direct me to a conventional stage.Web development singapore

    ReplyDelete