Re: Ubuntu Server as a Firewall/NAT/more network fun
If it's a LAN within a LAN, how important is it to have a firewall active?
The NAT/routing is easy. First open /etc/sysctl.conf and look for the ipv4 forwarding option called something like net.ipv4.ip_forward=1. Enable that line (remove the # symbol at front). Save and close the file. Restart networking or the whole server.
After that you only need a MASQUERADE rule in iptables. Lets assume eth0 will be the connection to the main network, eth1 to the smaller network within. Try:
Code:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
At this moment the machine on behind eth1 should have internet/access to the main network using this server as gateway (its IP on eth1).
You will put that iptables rule into a file later, and make it execute on boot.
So, that should do the routing/NAT part.
For the DNS, it depends if you want full DNS control or simply forwarding requests to public servers. For forwarding, it would be easier to use dnsmasq. For full dns service, it's probably better to use bind9.
For dhcp use what ever you feel comfortable with. Don't forget to configure it to send dhcp leases only on eth1, that is probably what you want. You don't want this server sending leases to the main eth0 network.
Darko.
-----------------------------------------------------------------------
Ubuntu 18.04 LTS 64bit
Bookmarks