Setting up Ubuntu Server as a Router with DHCPD and 3 Ethernet devices
Posted
by
cengbrecht
on Ask Ubuntu
See other posts from Ask Ubuntu
or by cengbrecht
Published on 2012-11-24T17:38:02Z
Indexed on
2012/11/29
5:20 UTC
Read the original article
Hit count: 326
My configuration:
- Ubuntu 12.04
- DHCP3-server
- eth0, eth1, eth2
- Edit: removed br0&br1
eth0 is the external connection
eth1 & eth2 are the internal network
eth1 and eth2 are supposed to be seperate networks of student/teachers respectivly.
What I would like to have is the internet from external device bridged to device 1 and 2, with the DHCP server controlling the two internal devices. Its already working with DHCP, the part I am stuck on is bridging for internet.
I have setup a script that I found here: Router
With the original script he linked here: Ubuntu Router Guide
echo -e "\n\nLoading simple rc.firewall-iptables version $FWVER..\n"
IPTABLES=/sbin/iptables
#IPTABLES=/usr/local/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
EXTIF="eth0"
INTIF="eth1"
INTIF2="eth2"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"
echo " Internal Interface: $INTIF2"
EXTIP=`ifconfig $EXTIF | grep 'inet addr:' | sed 's#.*inet addr\:\([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*#\1#g'`
echo " External IP: $EXTIP"
#======================================================================
#== No editing beyond this line is required for initial MASQ testing ==
The rest of the script below this is as is.
I can get ip from the eth1 & eth2 devices, and my computer can see them, and them it, however, internet is not being passed through.
If you need more information please just let me know.
EDIT:
So I had a 255.255.254.0 network, I believe that was causing the issue. Not sure if it will matter on the second card, I will test later.
After changing the subnet to 255.255.255.0 the pings will pass through, however, I cannot get DNS requests to pass?
My new Config for Firewall Rules
# /etc/iptables.up.rules
# Generated by iptables-save v1.4.12 on Wed Nov 28 19:43:28 2012
*mangle
:PREROUTING ACCEPT [39:4283]
:INPUT ACCEPT [39:4283]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [12:4884]
:POSTROUTING ACCEPT [13:5145]
COMMIT
# Completed on Wed Nov 28 19:43:28 2012
# Generated by iptables-save v1.4.12 on Wed Nov 28 19:43:28 2012
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -j LOG
-A FORWARD -m state -i eth1 -o eth0 --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -m state -i eth2 -o eth0 --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -m state -i eth0 -o eth1 --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -m state -i eth0 -o eth2 --state NEW,ESTABLISHED,RELATED -j ACCEPT
COMMIT
# Completed on Wed Nov 28 19:43:28 2012
# Generated by iptables-save v1.4.12 on Wed Nov 28 19:43:28 2012
*nat
:INPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.25
COMMIT
# Completed on Wed Nov 28 19:43:28 2012
Not sure what else you may need, but I am using Webmin to control the server(Needed for the operators on site to know how to use it.)
If you could explain it as standard CLI commands, or edits to this file directly then we should be ok. :)
And thanks again Erik, I do believe your edits did help.
© Ask Ubuntu or respective owner