{"id":280,"date":"2016-03-17T18:24:52","date_gmt":"2016-03-17T17:24:52","guid":{"rendered":"http:\/\/104.198.79.120\/?p=280"},"modified":"2016-03-17T22:36:55","modified_gmt":"2016-03-17T21:36:55","slug":"ubuntu-lts-14-04-server-router-from-scratch","status":"publish","type":"post","link":"https:\/\/wp.gaborhargitai.hu\/ubuntu-lts-14-04-server-router-from-scratch\/","title":{"rendered":"Ubuntu LTS 14.04 Server Router From Scratch"},"content":{"rendered":"

Building your very own Ubuntu Server from Scratch is as great way to get a grasp at how things work under the hood, not to mention you’ll end up with a router that does what it is told to do and nothing more.<\/p>\n

I’m going to assume you have a working WAN side connection and are able to access the Internet.<\/p>\n

The interface mapping is:<\/p>\n

eth0 -> LAN side\r\neth1 -> WAN side<\/pre>\n
Enable PACKET Forwarding<\/h4>\n
Edit \/etc\/sysctl.conf<\/strong> and uncomment (or add) the following line:<\/p>\n
net.ipv4.ip_forward=1<\/code><\/p>\n
So far, so good!<\/p>\n
Setting up IPTABLES<\/h4>\n
The heart of every router is the firewall and in our case, this means we have deal with iptables<\/strong>. The good part is that it does exactly what we tell it to do. Create \/etc\/iptables.rules<\/strong> and add the following to it:<\/p>\n
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE\r\niptables -A FORWARD -i eth1 -o eth0 -m state -\u2013state RELATED,ESTABLISHED -j ACCEPT\r\niptables -A FORWARD -i eth0 -o eth1 -j ACCEPT<\/pre>\n
And now modify the \/etc\/network\/interfaces<\/strong> file as follows:<\/p>\n
iface eth0 inet static\r\n  address 192.168.1.1\r\n  netmask 255.255.255.0\r\n  network 192.168.1.0\r\n  broadcast 192.168.1.255\r\n  post-up iptables-restore < \/etc\/iptables.rules<\/pre>\n
Which will cause the networking to refresh the iptables config every time the interface comes online. Neat!<\/p>\n
Setting up DHCP<\/h4>\n
Install the package that handles the DHCP service using this command:<\/p>\n
apt-get install isc-dhcp-server bind9<\/code><\/p>\n
After which the first thing is to bind DHCP to an interface (or multiple ones, at that). Look up \/etc\/default\/isc-dhcp-server<\/b> and modify it so that it contains your network interface (preferably the LAN side, if we are talking about homo\/SOHO usage):<\/p>\n
INTERFACES=\"eth0\"<\/pre>\n
Be extra sure to assign a static IP address to this interface<\/strong><\/p>\n
Next up is the DHCP config itself, which contains the networks and the IP scopes as well: \/etc\/dhcp\/dhcpd.conf<\/b><\/p>\n
ddns-update-style none;\r\ndefault-lease-time 600;\r\nmax-lease-time 7200;\r\nauthoritative;\r\nlog-facility local7;\r\noption subnet-mask 255.255.255.0;\r\noption broadcast-address 192.168.1.255;\r\noption routers 192.168.1.1;\r\noption domain-name-servers 8.8.8.8;\r\noption domain-name \"ubuntu.router\";\r\n\r\nsubnet 192.168.1.0 netmask 255.255.255.0 {\r\n  range 192.168.1.10 192.168.1.230;\r\n}<\/pre>\n
Now we need to restart the service so the changes would take effect:<\/p>\n
\/etc\/init.d\/isc-dhcp-server restart<\/code><\/p>\n
You should be able to browse the Internet with any connected DHCP client.<\/p>\n
Do not forget to harden the security<\/strong> of your shiny new router!<\/p>\n","protected":false},"excerpt":{"rendered":"
Building your very own Ubuntu Server from Scratch is as great way to get a grasp at how things work under the hood, not to mention you’ll end up with a router that does what it is told to do and nothing more. I’m going to assume you have a working WAN side connection and […]<\/p>\n","protected":false},"author":1,"featured_media":289,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[8,6,7],"tags":[],"_links":{"self":[{"href":"https:\/\/wp.gaborhargitai.hu\/wp-json\/wp\/v2\/posts\/280"}],"collection":[{"href":"https:\/\/wp.gaborhargitai.hu\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wp.gaborhargitai.hu\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wp.gaborhargitai.hu\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wp.gaborhargitai.hu\/wp-json\/wp\/v2\/comments?post=280"}],"version-history":[{"count":10,"href":"https:\/\/wp.gaborhargitai.hu\/wp-json\/wp\/v2\/posts\/280\/revisions"}],"predecessor-version":[{"id":291,"href":"https:\/\/wp.gaborhargitai.hu\/wp-json\/wp\/v2\/posts\/280\/revisions\/291"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wp.gaborhargitai.hu\/wp-json\/wp\/v2\/media\/289"}],"wp:attachment":[{"href":"https:\/\/wp.gaborhargitai.hu\/wp-json\/wp\/v2\/media?parent=280"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wp.gaborhargitai.hu\/wp-json\/wp\/v2\/categories?post=280"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wp.gaborhargitai.hu\/wp-json\/wp\/v2\/tags?post=280"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}