Setting up Ubuntu Server as a Router with DHCPD and 3 Ethernet devices

Posted by cengbrecht on Ask Ubuntu See other posts from Ask Ubuntu or by cengbrecht
Published on 2012-11-24T17:38:02Z Indexed on 2012/11/29 5:20 UTC
Read the original article Hit count: 326

Filed under:
|
|
|

My configuration:

  • Ubuntu 12.04
  • DHCP3-server
  • eth0, eth1, eth2
    • Edit: removed br0&br1

eth0 is the external connection
eth1 & eth2 are the internal network

eth1 and eth2 are supposed to be seperate networks of student/teachers respectivly.

What I would like to have is the internet from external device bridged to device 1 and 2, with the DHCP server controlling the two internal devices. Its already working with DHCP, the part I am stuck on is bridging for internet.

I have setup a script that I found here: Router
With the original script he linked here: Ubuntu Router Guide

    echo -e "\n\nLoading simple rc.firewall-iptables version $FWVER..\n"

    IPTABLES=/sbin/iptables
    #IPTABLES=/usr/local/sbin/iptables 
    DEPMOD=/sbin/depmod
    MODPROBE=/sbin/modprobe



    EXTIF="eth0"
    INTIF="eth1"
    INTIF2="eth2"
    echo "   External Interface:  $EXTIF"
    echo "   Internal Interface:  $INTIF"
    echo "   Internal Interface:  $INTIF2" 

    EXTIP=`ifconfig $EXTIF | grep 'inet addr:' | sed 's#.*inet addr\:\([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*#\1#g'`
    echo "   External IP:  $EXTIP"

    #======================================================================
    #== No editing beyond this line is required for initial MASQ testing == 

The rest of the script below this is as is.

I can get ip from the eth1 & eth2 devices, and my computer can see them, and them it, however, internet is not being passed through.

If you need more information please just let me know.

EDIT:

So I had a 255.255.254.0 network, I believe that was causing the issue. Not sure if it will matter on the second card, I will test later.

After changing the subnet to 255.255.255.0 the pings will pass through, however, I cannot get DNS requests to pass?

My new Config for Firewall Rules

    # /etc/iptables.up.rules
    # Generated by iptables-save v1.4.12 on Wed Nov 28 19:43:28 2012
    *mangle
    :PREROUTING ACCEPT [39:4283]
    :INPUT ACCEPT [39:4283]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [12:4884]
    :POSTROUTING ACCEPT [13:5145]
    COMMIT
    # Completed on Wed Nov 28 19:43:28 2012
    # Generated by iptables-save v1.4.12 on Wed Nov 28 19:43:28 2012
    *filter
    :FORWARD ACCEPT [0:0]
    :INPUT ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -A FORWARD -j LOG
    -A FORWARD -m state -i eth1 -o eth0 --state NEW,ESTABLISHED,RELATED -j ACCEPT
    -A FORWARD -m state -i eth2 -o eth0 --state NEW,ESTABLISHED,RELATED -j ACCEPT
    -A FORWARD -m state -i eth0 -o eth1 --state NEW,ESTABLISHED,RELATED -j ACCEPT
    -A FORWARD -m state -i eth0 -o eth2 --state NEW,ESTABLISHED,RELATED -j ACCEPT
    COMMIT
    # Completed on Wed Nov 28 19:43:28 2012
    # Generated by iptables-save v1.4.12 on Wed Nov 28 19:43:28 2012
    *nat
    :INPUT ACCEPT [0:0]
    :PREROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    -A POSTROUTING -o eth0 -j MASQUERADE
    -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.25
    COMMIT
    # Completed on Wed Nov 28 19:43:28 2012

Not sure what else you may need, but I am using Webmin to control the server(Needed for the operators on site to know how to use it.)

If you could explain it as standard CLI commands, or edits to this file directly then we should be ok. :)

And thanks again Erik, I do believe your edits did help.

© Ask Ubuntu or respective owner

Related posts about ethernet

Related posts about dhcp