Wikia

How To Wiki

How to set up a NAT router on a Linux-based computer

Talk0
1,791pages on
this wiki

Redirected from How to set up a NAT router on a linux-based computer

Network address translation (NAT) router

Requirements Edit

  • You are familiar with Linux or UNIX.
  • You know what "router", "NAT", "IP" and "net-mask" means
  • You have 3 working ethernet cards, that are installed and recognized by your computers. We do not explain how to install ethernet cards, but we do explain how to configure them from the beginning...

Steps Edit

preparing Edit

Supposing you have 2 computers : computer A and computer B.

A has internet on the eth0 card through other NAT router in this example (but we don't care about this). If A is connected directly to the internet in your case, then you will have to change the ips of your computers in order to make it work...

A has 2 network cards :

  • eth0 (ip:192.168.1.3)
  • eth1 (ip:192.168.0.1)

B has 1 network card

  • eth0 (ip:192.168.0.2)

The main NAT router thought which A gets the internet on the other end of the eth0 cable is ip 192.168.1.1. In most situations, if A is not behind NAT but directly to the internet, it will be your gateway's IP (that you obtain with the DHCP client for example).

We want to make B have internet access through A.

We want to use the eth1 card from A to share the internet connection with B. We link A and B with a cable that connects its eth1 card to the eth0 card of B.

Ethernet card configuration Edit

  • We configure the eth1 address on A :
ifconfig eth1 192.168.0.1 netmask 255.255.255.0

If we type route on A, we should have something similar to :

# route
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth1
default         192.168.1.1     0.0.0.0         UG    0      0        0 eth0

The network 192.168.1.0 is the network that we use for the internet access (the eth0 card of A) and the 192.168.0.0 represents the network that links A with B (eth1 card of A).

  • Now that we have an ip address assigned to A network card, we must do something similar to B :
ifconfig eth0 192.168.0.2 netmask 255.255.255.0

test the configuration so far Edit

Now we can test that the connection between A and B works. Disable all the firewalls you might have to test this.

  • From the machine A, we test if we can reach B :
# ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=1.27 ms
64 bytes from 192.168.0.2: icmp_seq=2 ttl=64 time=0.658 ms

You should see the "X bytes from ...". If you have "network unreachable" or if you don't see anything in about 5 seconds, there is a configuration problem.

  • From the machine B, we test if we can reach A :
# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=0.737 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=0.633 ms

You should see the "X bytes from ...". If you have "network unreachable" or if you don't see anything in about 5 seconds, there is a configuration problem.

configure B for NAT Edit

  • Now we have to tell B that we want to use the card eth0 from A (labeled 192.168.0.1) for everything :
route add default gw 192.168.0.1

If we type route on B, we should have something similar to :

# route
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
default         192.168.0.1     0.0.0.0         UG    0      0        0 eth0

configure A for NAT Edit

Now that we have a connection from A to B, we can tell A to share internet connection with B.

  • Go to computer A and share its internet connection with B by typing the two commands :
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT

configure DNS (domain name resolution) Edit

At this point, you should be able to reach internet ip addresses from B, but you could not reach something like www.gnu.org. That's because you need to tell to B where to find the server that converts domain names like www.gnu.org into an ip address.

  • Copy the file /etc/resolv.conf from A to B.

If you don't have that file or if in the file you have 127.0.0.1, ask your provider to find out what dns servers you have or look into your router configuration (if you have one). Once you find out your dns ip addresses, put them in /etc/resolv.conf at B.

The dnsmasq program is an alternative to writing fixed IP addresses into /etc/resolv.conf. To install it use your general installation program, for instance on machine A:


sudo apt-get install dnsmasq

To check this is running, run the netstat command and see if dnsmasq on machine A is listening on port 53:


netstat -luntp

final test Edit

  • Now we can test that we have internet on B by pinging a internet website :
ping gnu.org

Quick scripts Edit

If you don't want to understand all the steps above, you can launch those scripts as root on the hosts :

  • Run this script on the host A :
#!/usr/bin/env bash
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
ifconfig eth1 192.168.0.1 netmask 255.255.255.0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
#Commands Credit: Farukesh, DITISS, CDAC


  • Run this script on the host B where xx.xx.xx.xx is your dns server :
#!/usr/bin/env bash
ifconfig eth0 down
ifconfig eth0 192.168.0.2 netmask 255.255.255.0
route del -net default 2>/dev/null
route add default gw 192.168.0.1 2>/dev/null
echo "nameserver xx.xx.xx.xx" > /etc/resolv.conf

See also Edit

From HowTo Wiki, a Wikia wiki.

Around Wikia's network

Random Wiki