Configure Linux as a Router ( Gateway) for SOHO

Configure Linux as a Router ( Gateway) for SOHO

by -
0 1714

In this article, I am going to explain, how to set up network-address-translation (NAT) on a Linux system with iptables rules so that the system can act as a gateway and provide internet access to multiple hosts on a local network using a single public IP address. This is achieved by rewriting the source and/or destination addresses of IP packets as they pass through the NAT system.

 

556af08d5e43aa768260f9e589dc547f-3024

Installation

Note:  Article Tested on CentOS 5.4

Step by Step Installation:

Step 1: Configure Ethernet Cards, assumed than eth0 is connected to External Network and eth1 is connected to LAN ( Internal Network )

# vi /etc/sysconfig/network-scripts/ifcfg-eth0

# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.0.65    <—-  external IP Address here
NETMASK=255.255.255.0
ONBOOT=yes
HWADDR=00:0c:29:34:0c:62

———————————————————————-

# vi /etc/sysconfig/network-scripts/ifcfg-eth1

# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
DEVICE=eth1
IPADDR=192.168.1.65    <— Internal IP Address here
NETMASK=255.255.255.0
ONBOOT=yes
HWADDR=00:0c:29:34:0c:6c

———————————————————————–

#vi /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=class.kvit.in
GATEWAY=192.168.0.1  <— Place Default Gateway here

——————————————————————-

#vi /etc/resolv.conf

nameserver 8.8.8.8   <—–Primary DNS
nameserver 4.2.2.2   <—— Secondry DNS

—————————————————————————

#vi /etc/hosts

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               lab localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
192.168.1.65     class.kvit.in

——————————————————————-

# ping class.kvit.in
PING class.kvit.in (192.168.1.65) 56(84) bytes of data.
64 bytes from class.kvit.in (192.168.1.65): icmp_seq=1 ttl=64 time=0.055 ms
64 bytes from class.kvit.in (192.168.1.65): icmp_seq=2 ttl=64 time=0.034 ms
64 bytes from class.kvit.in (192.168.1.65): icmp_seq=3 ttl=64 time=0.029 ms
64 bytes from class.kvit.in (192.168.1.65): icmp_seq=4 ttl=64 time=0.036 ms
64 bytes from class.kvit.in (192.168.1.65): icmp_seq=5 ttl=64 time=0.028 ms

———————————————————————–

# service network restart

————————————————————————-

Step 2:  NAT ( Network Address Translation ) setup using IPTABLES

#iptables -F
#iptables -t nat -F
#iptables -t mangle -F

Now delete these chains:

#iptables -X
#iptables -t nat -X
#iptables -t mangle -X

Set up IP Masquerading

#iptables -t nat -A POSTROUTING  -j MASQUERADE

Step 3:  Enable Routing

Enables packet forwarding by kernel (save this setting in /etc/sysctl.conf file)

#echo 1 > /proc/sys/net/ipv4/ip_forward

Save and restart  services

#service iptables save
#service iptables restart

Check if iptables is set to start during boot up

#chkconfig  iptables on

Checking  Routing

# sysctl  -p
net.ipv4.ip_forward = 1     <—it was  0 by default
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456

Testing Router :

Go to any client PC  set networking setting  assume that

Client IP Address : 192.168.1.66
Subnet Mask: 255.255.255.0Gateway: 192.168.1.65
DNS : 8.8.8.8

Then Ping  any external address it should ping

Screenshot_1

C:\Users\vikas>ping yahoo.com

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=293ms TTL=50
Reply from 98.139.183.24: bytes=32 time=285ms TTL=50
Reply from 98.139.183.24: bytes=32 time=288ms TTL=50
Reply from 98.139.183.24: bytes=32 time=332ms TTL=50

Ping statistics for 98.139.183.24:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 285ms, Maximum = 332ms, Average = 299

 

How to provide Internet to limited no of Clients ?

# iptables -t nat -F
# service iptables save

# iptables -t nat -A  POSTROUTING  -s  192.168.1.67  -j  MASQUERADE
# iptables -t nat -A  POSTROUTING  -s  192.168.1.68  -j  MASQUERADE

It allows only two  PCs i.e 192.168.1.67 and 192.168.1.68 to surf internet

# service iptables save
# service iptables restart

 

That’s It !!

Enjoy Surfing ………….!!

CEO, KV IT-Solutions Pvt. Ltd. | vikas@kvit.in | 9810028374|
Linux Professional and an Industrial Trainer | 20 + years Experience in IT Industry

” We are born free, No Gate and Windows can snatch our freedom “

Download PDF

SIMILAR ARTICLES

0 889

0 572

NO COMMENTS

Leave a Reply

Required Captcha *