How to Configure your Debian Etch or Ubuntu 8.04 box as an Internet Gateway/Router using IP Masquerading

This is a step by step tutorial how to make an Internet Gateway using Debian Etch or Ubuntu 8.04 LTS machine.

1. Configure your NIC

Add two network cards to your pc and install Debian or Ubuntu (I will prefer Debian Etch or Ubuntu 8.04 LTS). Configure the ip address of your network cards.

vi /etc/network/interfaces

Your network card configuration should be look like this:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
    address 192.168.0.2
    netmask 255.255.255.0
    gateway 192.168.0.1

auto eth1
iface eth1 inet static
    address 192.168.1.1
    netmask 255.255.255.0
eth0: public ip (WAN) ip address assigned by your ISP
eth1: private ip (LAN) you should assign static ip address to your private network.

Edit your /etc/resolv.conf file and add the ip address of your DNS server.

vi /etc/resolv.conf

Your resolv.conf file should look like this:

nameserver XXX.XXX.XXX.XXX
nameserver XXX.XXX.XXX.XXX
Those two lines are your primary and secondary DNS server, replace the XXX.XXX.XXX.XXX with the real ip address from your ISP. Delete the second line if you have just one DNS server.

2. Host configuration

Edit your hostname information in /etc/hostname

echo server.example.com > /etc/hostname

Edit your /etc/hosts file similar to this:

vi /etc/hosts
127.0.0.1       localhost.localdomain   localhost       server
192.168.0.100   server.example.com     server

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Reload your network configuration.

/etc/init.d/networking restart

3. Flush iptables configurations

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

4. Enable IP forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

5. Enable ip masquerading

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables-save > /etc/iptables.conf

We will create a script to make sure that ip_forwarding and the iptables config loads at every
startup. To do this, we will create /etc/init.d/iptables

vi /etc/init.d/iptables

and put the following into it.

#! /bin/sh
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables-restore < /etc/iptables.conf

Save the file, then make it executable:

chmod +x /etc/init.d/iptables

Make the iptables starts on boot

update-rc.d iptables defaults

Reboot your computer and configure the clients connected to your server. You can also install DHCP server to automatically manage your clients connection.

6. Install DHCP server

Install dhcp3 server using this command:

apt-get install dhcp3-server

Backup your dhcp server configuration

cp /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.bak

Edit your original dhcpd.conf and copy this configuration. This will work in a simple Internet Gateway.

authoritative;
subnet 192.168.1.0 netmask 255.255.255.0 {
        range                           192.168.1.100 192.168.1.200;
        option domain-name-servers      XXX.XXX.XXX.XXX,XXX.XXX.XXX.XXX;
        option routers                  192.168.1.1;
        default-lease-time              600;
        max-lease-time                  7200;
}
In the option domain-name-servers, replace the XXX.XXX.XXX.XXX,XXX.XXX.XXX.XXX with your DNS server ip address located in your /etc/resolv.conf file.

Start your dhcp server by typing this command.

/etc/init.d/dhcp3-server start

Thats it and you have a working internet gateway with dhcp server.