{"id":8830,"date":"2021-05-14T15:05:52","date_gmt":"2021-05-14T12:05:52","guid":{"rendered":"https:\/\/kifarunix.com\/?p=8830"},"modified":"2024-03-18T22:27:38","modified_gmt":"2024-03-18T19:27:38","slug":"configure-ubuntu-20-04-as-linux-router","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/configure-ubuntu-20-04-as-linux-router\/","title":{"rendered":"Configure Ubuntu 20.04 as Linux Router"},"content":{"rendered":"\n<p>Follow through this tutorial to learn how to configure Ubuntu 20.04 as Linux router. Linux is awesome, It can function as &#8220;anything&#8221;, -:). Just like how you can use any other router to route your traffic between local networks and even to the internet.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#configuring-ubuntu-20-04-as-linux-router\">Configuring Ubuntu 20.04 as Linux Router<\/a><ul><li><a href=\"#assign-static-ip-addresses-to-the-linux-router\">Assign Static IP Addresses to the Linux Router<\/a><ul><li><a href=\"#ip-address-details-on-the-ubuntu-router\">IP Address details on the router<\/a><ul><li><a href=\"#host-on-172-16-1-0-24-network\">Host on 172.16.1.0\/24 Network:<\/a><\/li><li><a href=\"#host-on-172-16-0-0-24-network\">Host on 172.16.0.0\/24 Network:<\/a><\/li><\/ul><\/li><\/ul><\/li><li><a href=\"#enable-kernel-ip-forwarding-on-ubuntu-linux-router\">Enable Kernel IP forwarding on Ubuntu Linux Router<\/a><\/li><li><a href=\"#configure-na-ting-and-forwarding-on-linux-router\">Configure NATing and Forwarding on Linux Router<\/a><ul><li><a href=\"#configure-packet-forwarding\">Configure Packet Forwarding<\/a><\/li><li><a href=\"#configure-na-ting\">Configure NATing<\/a><\/li><li><a href=\"#save-iptables-rules-permanently-in-linux\">Save iptables rules Permanently in Linux<\/a><\/li><\/ul><\/li><li><a href=\"#other-tutorials\">Other Tutorials<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"configuring-ubuntu-20-04-as-linux-router\">Configuring Ubuntu 20.04 as Linux Router<\/h2>\n\n\n\n<p>There is more to configuring a Linux system to function as a router. However, in this tutorial, we will be covering how to configure Linux router to route traffic to Internet via WAN interface as well as route traffic between LAN via LAN interfaces.<\/p>\n\n\n\n<p id=\"basic-net-arc\"><a href=\"#basic-net-arc\">Below is our basic setup diagram;<\/a><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"836\" height=\"423\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/linux-router_setup.png\" alt=\"Configure Ubuntu 20.04 as Linux Router\" class=\"wp-image-8832\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/linux-router_setup.png?v=1620982504 836w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/linux-router_setup-768x389.png?v=1620982504 768w\" sizes=\"(max-width: 836px) 100vw, 836px\" \/><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\" id=\"assign-static-ip-addresses-to-the-linux-router\">Assign Static IP Addresses to the Linux Router<\/h3>\n\n\n\n<p>As per our setup, our Linux router has three interfaces attached:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>enp0s3<\/strong>: WAN Interface with IP 192.168.100.101 (bidged, static)<\/li>\n\n\n\n<li><strong>enp0s8<\/strong>: LAN, 172.16.0.1\/24, (static)<\/li>\n\n\n\n<li><strong>enp0s9<\/strong>: LAN 172.16.1.1\/24, (static)<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"ip-address-details-on-the-ubuntu-router\">IP Address details on the Ubuntu router<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ip add<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n    link\/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n    inet 127.0.0.1\/8 scope host lo\n       valid_lft forever preferred_lft forever\n    inet6 ::1\/128 scope host \n       valid_lft forever preferred_lft forever\n2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000\n    link\/ether 08:00:27:df:2c:b4 brd ff:ff:ff:ff:ff:ff\n    inet 192.168.100.101\/24 brd 192.168.100.255 scope global dynamic enp0s3\n       valid_lft 86100sec preferred_lft 86100sec\n    inet6 fe80::a00:27ff:fedf:2cb4\/64 scope link \n       valid_lft forever preferred_lft forever\n3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000\n    link\/ether 08:00:27:12:62:bf brd ff:ff:ff:ff:ff:ff\n    inet 172.168.0.1\/24 brd 172.168.0.255 scope global enp0s8\n       valid_lft forever preferred_lft forever\n    inet6 fe80::a00:27ff:fe12:62bf\/64 scope link \n       valid_lft forever preferred_lft forever\n4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000\n    link\/ether 08:00:27:66:4b:4f brd ff:ff:ff:ff:ff:ff\n    inet 172.16.1.1\/24 brd 172.16.1.255 scope global enp0s9\n       valid_lft forever preferred_lft forever\n    inet6 fe80::a00:27ff:fe66:4b4f\/64 scope link \n       valid_lft forever preferred_lft forever\n<\/code><\/pre>\n\n\n\n<p>IP addresses assignment;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cat \/etc\/netplan\/00-installer-config.yaml<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>network:\n  version: 2\n  renderer: networkd\n  ethernets:\n    enp0s3:\n      dhcp4: no\n      addresses: [192.168.100.101\/24]\n      gateway4: 192.168.100.1\n      nameservers:\n              addresses:\n                      - 192.168.100.1\n                      - 8.8.8.8\n    enp0s8:\n      dhcp4: no\n      addresses: [172.16.0.1\/24]\n    enp0s9:\n      dhcp4: no\n      addresses: [172.16.1.1\/24]\n<\/code><\/pre>\n\n\n\n<p>IP Address details on Other LAN Servers;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"host-on-172-16-1-0-24-network\">Host on 172.16.1.0\/24 Network:<\/h5>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ip add<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n    link\/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n    inet 127.0.0.1\/8 scope host lo\n       valid_lft forever preferred_lft forever\n    inet6 ::1\/128 scope host \n       valid_lft forever preferred_lft forever\n2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000\n    link\/ether 08:00:27:79:66:34 brd ff:ff:ff:ff:ff:ff\n    inet 172.16.1.10\/24 brd 172.16.1.255 scope global enp0s3\n       valid_lft forever preferred_lft forever\n    inet6 fe80::a00:27ff:fe79:6634\/64 scope link \n       valid_lft forever preferred_lft forever\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cat \/etc\/netplan\/00-installer-config.yaml<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>network:\n  version: 2\n  renderer: networkd\n  ethernets:\n    enp0s3:\n      dhcp4: no\n      addresses:\n              - 172.16.1.10\/24\n      gateway4: 172.16.1.1\n      nameservers:\n              addresses:\n                      - 172.16.1.1\n                      - 8.8.8.8\n<\/code><\/pre>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"host-on-172-16-0-0-24-network\">Host on 172.16.0.0\/24 Network:<\/h5>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ip add<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n    link\/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n    inet 127.0.0.1\/8 scope host lo\n       valid_lft forever preferred_lft forever\n    inet6 ::1\/128 scope host \n       valid_lft forever preferred_lft forever\n2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000\n    link\/ether 08:00:27:3e:fe:0e brd ff:ff:ff:ff:ff:ff\n    inet 172.16.0.10\/24 brd 172.16.0.255 scope global noprefixroute enp0s3\n       valid_lft forever preferred_lft forever\n    inet6 fe80::eb09:7797:df2d:d54b\/64 scope link noprefixroute \n       valid_lft forever preferred_lft forever\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cat \/etc\/sysconfig\/network-scripts\/ifcfg-enp0s3<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>TYPE=Ethernet\nPROXY_METHOD=none\nBROWSER_ONLY=no\nBOOTPROTO=none\nIPADDR=172.16.0.10\nPREFIX=24\nGATEWAY=172.16.0.1\nDEFROUTE=yes\nIPV4_FAILURE_FATAL=no\nIPV6INIT=yes\nIPV6_AUTOCONF=yes\nIPV6_DEFROUTE=yes\nIPV6_FAILURE_FATAL=no\nIPV6_ADDR_GEN_MODE=stable-privacy\nNAME=enp0s3\nUUID=ea93c07b-a40e-4e1f-a850-f97e2a762f9a\nDEVICE=enp0s3\nONBOOT=yes\nDNS1=172.16.0.1\nDNS2=8.8.8.8\nNM_CONTROLLED=no\n<\/code><\/pre>\n\n\n\n<p>At this point;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>no LAN  device has Internet access<\/li>\n\n\n\n<li>only devices on same LAN can access each other<\/li>\n\n\n\n<li>No device can access devices on different LAN<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1893\" height=\"736\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/test-connectivity-linux-router-1.png\" alt=\"\" class=\"wp-image-8837\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/test-connectivity-linux-router-1.png?v=1620992697 1893w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/test-connectivity-linux-router-1-768x299.png?v=1620992697 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/test-connectivity-linux-router-1-1536x597.png?v=1620992697 1536w\" sizes=\"(max-width: 1893px) 100vw, 1893px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"enable-kernel-ip-forwarding-on-ubuntu-linux-router\">Enable Kernel IP forwarding on Ubuntu Linux Router<\/h3>\n\n\n\n<p>Next, you need to enable IP forwarding in order for the Linux router box for it to function as a router, receive and forward packets.<\/p>\n\n\n\n<p><strong>Once this is done, devices on both 172.16.0.0\/24 and 172.16.1.0\/24 should be able to communicate.<\/strong><\/p>\n\n\n\n<p>To enable IP forwarding, you need to uncomment the line <code><strong>net.ipv4.ip_forward=1<\/strong><\/code> on the <code><strong>\/etc\/sysctl.conf<\/strong><\/code> configuration file.<\/p>\n\n\n\n<p>So, first check if the said line is already defined on the configuration file;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>grep net.ipv4.ip_forward \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#net.ipv4.ip_forward=1<\/code><\/pre>\n\n\n\n<p>if the line is present in the config file and comment, simply uncomment by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sed -i '\/net.ipv4.ip_forward\/s\/^#\/\/' \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n<p>Otherwise, just insert the line;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo 'net.ipv4.ip_forward=1' &gt;&gt; \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n<p>Next, apply the changes;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sysctl -p<\/code><\/pre>\n\n\n\n<p>Check the status by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sysctl net.ipv4.ip_forward<\/code><\/pre>\n\n\n\n<p>Value should be 1.<\/p>\n\n\n\n<p>Verify IP forwarding between the two LANs.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1900\" height=\"446\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/LAN-connection.png\" alt=\"\" class=\"wp-image-8836\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/LAN-connection.png?v=1620992673 1900w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/LAN-connection-768x180.png?v=1620992673 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/LAN-connection-1536x361.png?v=1620992673 1536w\" sizes=\"(max-width: 1900px) 100vw, 1900px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configure-na-ting-and-forwarding-on-linux-router\">Configure NATing and Forwarding on Linux Router<\/h3>\n\n\n\n<p>NATing and Forwarding can  be handled using <code><strong>iptables<\/strong><\/code> or via the iptables front-end utility like <code><strong>UFW<\/strong><\/code>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-packet-forwarding\">Configure Packet Forwarding<\/h4>\n\n\n\n<p>Configure the packets received from router LAN interfaces (<strong>enp0s8<\/strong> and <strong>enp0s9<\/strong>) to be forwarded through the WAN interface, which in our case is <code><strong>enp0s3<\/strong><\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>iptables -A FORWARD -i enp0s8 -o enp0s3 -j ACCEPT<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>iptables -A FORWARD -i enp0s9 -o enp0s3 -j ACCEPT<\/code><\/pre>\n\n\n\n<p>Similarly, configure packets that are associated with existing connections received on a WAN interface to be forwarded to the LAN interfaces;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>iptables -A FORWARD -i  enp0s3 -o enp0s8 -m state --state RELATED,ESTABLISHED -j ACCEPT<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>iptables -A FORWARD -i  enp0s3 -o enp0s9 -m state --state RELATED,ESTABLISHED -j ACCEPT<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-na-ting\">Configure NATing<\/h4>\n\n\n\n<p>Next, configure NATing;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE<\/code><\/pre>\n\n\n\n<p>To ensure that the two local networks can also communicate, run the commands below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>iptables -t nat -A POSTROUTING -o enp0s9 -j MASQUERADE<\/code><\/pre>\n\n\n\n<p>Consult <strong><code>man iptables<\/code><\/strong> for more information.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"save-iptables-rules-permanently-in-linux\">Save iptables rules Permanently in Linux<\/h4>\n\n\n\n<p>In order to permanently save iptables rules, simply install the <strong><code>iptables-persistent<\/code><\/strong> package and run the <strong><code>iptables-save<\/code><\/strong> command as follows.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt install iptables-persistent<\/code><\/pre>\n\n\n\n<p>The current rules will be saved during package installation but can still save them thereafter by running the command;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>iptables-save &gt; \/etc\/iptables\/rules.v4<\/code><\/pre>\n\n\n\n<p>Your LAN systems should be now be able to connect to internet via the Linux router;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1884\" height=\"487\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/lan-internet-connection.png\" alt=\"\" class=\"wp-image-8838\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/lan-internet-connection.png?v=1620992757 1884w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/lan-internet-connection-768x199.png?v=1620992757 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/lan-internet-connection-1536x397.png?v=1620992757 1536w\" sizes=\"(max-width: 1884px) 100vw, 1884px\" \/><\/figure>\n\n\n\n<p>And there you go. You vms can now route traffic through your Linux router.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"other-tutorials\">Other Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/basic-operation-of-firewalld-in-linux\/\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"rank-math-link\">Basic Operation of Firewalld in Linux<\/a><\/p>\n\n\n\n<p><a aria-label=\" (opens in a new tab)\" href=\"https:\/\/kifarunix.com\/install-pfsense-firewall-on-kvm\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"rank-math-link\">Install pfSense Firewall on KVM<\/a><\/p>\n\n\n\n<p><a aria-label=\" (opens in a new tab)\" href=\"https:\/\/kifarunix.com\/install-and-configure-endian-firewall-on-virtualbox\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"rank-math-link\">Install and Configure Endian Firewall on VirtualBox<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Follow through this tutorial to learn how to configure Ubuntu 20.04 as Linux router. Linux is awesome, It can function as &#8220;anything&#8221;, -:). Just like<\/p>\n","protected":false},"author":3,"featured_media":8841,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,44,121],"tags":[3530,3533,1107,3531,3532,3529,3535,3534,1200],"class_list":["post-8830","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-firewall","category-howtos","tag-configure-linux-router","tag-iptables","tag-linux","tag-linux-router-ip-forwarding","tag-linux-router-nat","tag-linux-router-ubuntu-20-04","tag-linux-router-with-ubuntu","tag-router","tag-ubuntu-20-04","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/8830"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=8830"}],"version-history":[{"count":9,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/8830\/revisions"}],"predecessor-version":[{"id":21816,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/8830\/revisions\/21816"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/8841"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=8830"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=8830"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=8830"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}