[ubuntu-uk] [OT] Basic network gateway server setup

Tyler J. Wagner tyler at tolaris.com
Tue Aug 31 23:09:50 BST 2010 

On Tuesday 31 Aug 2010 22:58:13 Eddie B wrote:
> I'm trying to do something that is probably really simple. I have a
> server which has two interfaces. eth0 obtains an IP (192.168.1.20) by
> DHCP for the internet from a router sitting on 192.168.1.1. The
> server, as such, is able to get onto the internet. eth1 connects into
> a hub, via which all other workstations will connect. eth1 has a
> static IP, 192.168.2.1.
> 
> So far I've got the workstations obtaining correct IP addresses (pool
> starting 192.168.2.100), so I assume the DHCP server is working
> properly, but no more than that. Can't even ping the server at
> 192.168.2.1 - “Reply from 192.168.2.1: Destination host unreachable”.
> 
> My hunch is that it's something to do with the routing tables, or
> maybe the DHCP on eth0, but I can't find a proper answer anywhere on
> Google. I was hoping to find some sort of sample config, as surely
> this is not an uncommon situation, but maybe I'm not searching for the
> right terms.

Eddie,

What you are trying to do is make this server act as a router (also called a 
gateway). It sounds like you have the right idea. Start at the ping issue, as 
that's not routing, just networking.

Where is the DHCP server for the 192.168.2.0 network (the "inside" network)? 
Typically this would be on your server on 192.168.2.1. I recommend dnsmasq for 
a simple DHCP setup like this.

Secondly, don't forget to enable IP forwarding. See /etc/sysctl.conf, and 
uncomment this line:

net.ipv4.ip_forward=1

Then run:

sudo sysctl -p

Without that you won't forward traffic from inside to outside.

The last thing you need to do is NAT your inside traffic to your outside IP 
192.168.1.20. Where to do this is up to you, but you need to run this iptables 
command at bootup:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 

I wrote a blog post about doing this for virtual machines in Virtualbox. The 
setup should be the same for you, except you can ignore the Virtualbox and 
brctl stuff. Replace "vnet0" with eth1, and ignore the "bridge" lines:

http://www.tolaris.com/2009/03/05/using-host-networking-and-nat-with-
virtualbox/

Regards,
Tyler

-- 
"The map is not the territory."
   -- Alfred Korzybski

More information about the ubuntu-uk mailing list