There are a few ways to set up a Linux machine as route. Here is a relatively straight forward and common method. This method requires that the system use iptables for Network Address Translation (NAT).
This step by step small howto will help you to setup Linux router only in 2 minutes.
Configuration steps
=> First enable packet forwarding
=> Next setup Network Address Translation using IPTABLES MASQUERADE targets
=> Save the changes
=> Verify everything is working
I’m assuming that your setup is as follows:
A) You are using any Linux distro
B) eth0 is internet interface (connected to router for example) and eth1 connected to your internal lan (connected to your HUB/Switch for example).
My Linux eth0 --> Internet box eth1 --> Lan
Step # 1 Turn on ip forwarding in kernel
1) Open linux kernel configuration file (you must be a root user or use su – command to become a root user):
# vi /etc/sysctl.conf
2) Add/modify following line:
net.ipv4.ip_forward = 1
Step # 2 Restart network
# /etc/init.d/network restartOR# service network restart
Step # 3 Setup IP forwarding and Masquerading (to act as router), you need to use NAT option of iptables as follows (add following rules to your iptables shell script) :
# iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
# iptables --append FORWARD --in-interface eth1 -j ACCEPT
Step # 4 You are done! Test it with ping or dig:
# ping your-isp.com
# dig yahoo.com
Step # 5 Point all desktop client to your eth1 IP address as Router/Gateway. Or use DHCP to distribute this information (recommended)
Step # 6 Put code described in step # 3 to script and call it from /etc/rc.local file.
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 30 comments... add one ↓
40 Linux Server Hardening Security Tips [2019 edition]
Linux: 25 Iptables Netfilter Firewall Examples For New SysAdmins
Top 25 Nginx Web Server Best Security Practices
30 Best Sources For Linux / *BSD / Unix Documentation On the Web
Linux 25 PHP Security Best Practices For Sys Admins
30 Linux System Monitoring Tools Every SysAdmin Should Know
Linux Building Rules For The Cluster With Firewall Builder
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
very useful, you got really good stuff. Keep it up.
Hi ,
I put this rules, My client m/c able to ping to my internet router but not ping to any internet site like yahoo.com or google.com.
Give me solution for this problem.
abe configuration to daal …..tabhi to solution milega na…
thanks for solution.
good tutorial,but i have a problem,i can ping IP of http://www.google.com, but i can`t ping http://www.google.com
Set up DNS name server by editing /etc/resolv.conf file:
vi /etc/resolv.confModify/set as follows:
HTH
using a client pc (xp box) i can ping my linux box 2 lan cards but i can’t connect to internet
help pls. 😉 thanks!
How to do this if we are running windows?
I do the above steps but cannot get internet from client machnies working in windows
1. Those having problems like “…can ping the IP address but can’t ping the site…” you can use the DNS server 4.2.2.2 in /etc/resolv.conf(open as root)
2. those who can’t even ping the IP address ensure you have the right gateway specified in your network setttings.
Hi,
But what Gatway is used for eth1.
Cheer’s ,
Nandkishor
Use Eth 0 gateway.
Will it work with a , it’s a dedicated line?
I would be more than happy to pay you to make my headache go away!!!
🙂
I’m so frustrated with routing and switching I could scream. I can’t ping any LAN computer from the router box.
My DSL modem is having static IP, example 210.127.9.22
how to configure eth0 and eth1?
Guz Job well done on this tutorial.Am wondering whether when you are MASQUERADING AND FORWARDING you need to retain the comments on your script as shown that is
——————————————-
# iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE
# iptables –append FORWARD –in-interface eth1 -j ACCEPT
———————————————-
The comment symbol #
cheers
simo
i can ping the linux server from clients. but can’t connect to internet from clients. in my network ETH1 is internet & ETHO is the link to client.. i am using debian etch. please help
i interchanged the ETH0 ETH1 during step3. still same problem …………….
Hello
I got everything working on CentOS 5.3. However iptables rules will not get saved unless you do # /etc/init.d/iptables save
This will make your settings survive a reboot.
* DNS is not working even when specifying it in /etc/resolv.conf
I had to install bind on the router in cash-only mode.
Hi ,
My client m/c able to ping to my internet router but not ping to any internet site like yahoo.com or google.com.
Give me solution for this problem.
Dears,
I have bought D-Link 2520U ADSL modem,
my laptop model is SONY VGN-CR140E,
and I use ubuntu 9.04, but I can not set up this modem on my laptop by LAN port. In fact I am beginner.
Please help me to solve this problem.
Thanks a lot.
Hi,
Thanks for good tutorial, but I am confused about what is gateway address for eth1. Plz help
Avin Tokade
pls, inform step by step, setup linux router configuration steps
pls, inform step by step, setup linux router configuration steps
and of the material about the configuration of linux machine as router
i am able to ping to my gateway of router but not ping to any internet site like yahoo.com or google.com.
thanks man. this is really good tutorial. I set up my Linux Router in just about minute after reading your post.
Hi Vivek,
Great tutorial.
I have configured a Linux router with DHCP server and it is working great.
When I blocked an IP using the following rule on Server, I am not able to ping the IP from the linux router however this IPs are pinging from other systems on that LAN
iptables -A OUTPUT -s -j DROP
iptables -A INPUT -d -j DROP
I am not sure why this is happening , any input on this will be very helpful.
Also if you have any suggestion on an easy firewall on top of iptables on the Linux router ?
Thanks
Seena
Thank you !!! You really save my ass out. Been struggling for a whole day just try to ping google from client and now it works. :-x…..
I have configured my Linux box as Router and I also used Squid (transparent mode) to improve our network bandwidth. Now I want to in my network client must pass my authentication (Username/ Password) but I found Squid Transparent mode not support authentication.
Is there anyway to implement authentication for client ? Any third-party utility ?
Eth1 must have a gateway thru Eth0.