Ubuntu 12.04 IPv4 NAT Gateway and DHCP Server

Before I begin this post, I want to thank Internet Connection Sharing – Ubuntu 10.04 NAT Gateway Setup (Abridged Version) for providing the bulk of the tutorial. I have made some modifications for Ubuntu 12.04.

The setup is simple: a single Ubuntu server will act as a gateway and DHCP server for a local network. All other machines on the local network will receive their IPs from the DHCP server. To make things easier, I’ll call this Ubuntu server “Skyray” for the rest of the post.

Skyray has two network interfaces, eth0 and eth1. eth0 is on the 10.20.30.0/24 subnet and this is the Internet facing interface. eth1 is on the 172.22.22.0/24 subnet, where all other machines are also present. Basically, eth0 will connect to the Internet and eth1 will serve DHCP requests and act as the gateway.

/etc/network/interfaces

First you need to configure eth0 and eth1 for Skyray. Edit the file and make sure it has at least the following settings (or whatever settings are appropriate for your environment).

sudo vim /etc/network/interfaces

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
    address 10.20.30.77
    netmask 255.255.255.0
    gateway 10.20.30.1
    network 10.20.30.0
    broadcast 10.20.30.255
    dns-nameservers 10.20.30.15 10.20.30.16
    dns-search codeghar.com

auto eth1
iface eth1 inet static
    address 172.22.22.1
    netmask 255.255.255.0
    network 172.22.22.0
    broadcast 172.22.22.255

/etc/sysctl.conf

You need to enable IPv4 forwarding. To do so, edit this file.

sudo vim /etc/sysctl.conf

And uncomment the line

# net.ipv4.ip_forward=1

so that it now appears as

net.ipv4.ip_forward=1

Save the file and run the following command to make the change effective without a reboot.

sudo sysctl -w net.ipv4.ip_forward=1

/etc/rc.local

You’ll need to allow iptables rules for NAT to work. Edit the file and save it.

sudo vim /etc/rc.local

Make sure the following two lines appear before the exit 0 line in the file.

/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE

To make these iptables rules active without rebooting, run the following commands:

sudo iptables -P FORWARD ACCEPT

sudo iptables –-table nat -A POSTROUTING -o eth0 -j MASQUERADE

Install DHCP server

sudo aptitude install isc-dhcp-server

/etc/dhcp/dhcpd.conf

Configure your newly installed DHCP server. Edit the file and save.

sudo vim /etc/dhcp/dhcpd.conf

The file is very well commented and you can learn a lot reading it. Just make sure it has at least the following configuration.

ddns-update-style none;

# option definitions common to all supported networks...
option domain-name "codeghar.com";
option domain-name-servers 10.20.30.15, 10.20.30.16;

default-lease-time 3600;
max-lease-time 7200;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# This is a very basic subnet declaration.

subnet 172.22.22.0 netmask 255.255.255.0 {
  range 172.22.22.21 172.22.22.250;
  option subnet-mask 255.255.255.0;
  option broadcast-address 172.22.22.255;
  option routers 172.22.22.1;
}

/etc/default/isc-dhcp-server

We want to serve DHCP only on eth1 interface to we need to configure it that way. Edit the file and save it.

sudo vim /etc/default/isc-dhcp-server

The line will look like this before you change it

INTERFACES=""

And after you change it, it will look like this:

INTERFACES="eth1"

Now you should stop and start the DHCP server.

sudo service isc-dhcp-server stop (if the service is already running; skip if it’s not running)

sudo service isc-dhcp-server start

Conclusion

Now any machines you have on the 172.22.22.0/24 network will get their IP address from Skyray if they are set to DHCP. And Skyray will also serve as their gateway.

About these ads

46 Responses to Ubuntu 12.04 IPv4 NAT Gateway and DHCP Server

  1. Guh says:

    when i “sudo service isc-dhcp-server start”, i got this:
    start: Job failed to start

    What is wrong?

  2. Guh says:

    Nevermind, i got something wrong uncommented in the conf file, now it fixed.

    Thank You VERY MUCH for the tutorial :)

  3. Anonymous says:

    Do i have to uninstall networkmanager?

  4. mvpfin says:

    Nice tutorial, thank you kindly!

  5. Tnx for your tutorial. dhcp server is working find but clients do not have any internet access.

  6. Anonymous says:

    Thanks. Works fine for me too, but no internet access on clients.

  7. Shubhendu says:

    when i “sudo service isc-dhcp-server start”, i got this:
    start: Job failed to start

    plz some 1 help me how to restart my services

  8. John Smith says:

    Where does the dhcpd pass the packets in order to reach www?

  9. James Webb says:

    DHCP works great, but clients have no internet access, how do i fix this???

  10. Anon says:

    Similar to some of the other commenters, I am also having problems with internet access. I think it has something to do with the clients not being able to find the DNS. For example, “ping yahoo.com” failed, but “ping 209.191.122.70″ (an IP address for yahoo) returned a successful response.

  11. Anon says:

    I was able to fix internet connectivity by modifying /etc/network/interfaces to add the following line after the “auth eth0″ and “iface…” lines:
    dns-nameservers 8.8.8.8 8.8.4.4

    Thsese are two public DNSs that Google maintains (https://developers.google.com/speed/public-dns/), so I would think they are relatively reliable.

    CAUTION: I probably don’t know what I am doing, since I had to seek out this blog in the first place to get my LAN gateway set up.

  12. Anonymous says:

    Clients receive dhcp addresses, but use of dns unavailable. Please post an addendum greatly appreciated. clients should not have to specify it’s own dns servers, and also NAT packet forwarding is not working on the server/gateway in this setup.

  13. nsmgo says:

    Here’s what i needed to add to /etc/rc.local to get forwarding to work for clients:

    /sbin/iptables -P FORWARD ACCEPT
    /sbin/iptables -A FORWARD -i eth1 -j ACCEPT
    /sbin/iptables -A FORWARD -i eth2 -j ACCEPT
    /sbin/iptables –table nat -A POSTROUTING -o eth0 -j MASQUERADE

    thanks to:
    http://ubuntulinux.co.in/blog/ubuntu/nat-configuration-with-iptables-in-ubuntu/

  14. Anonymous says:

    Using Ubuntu 12.04.1 LTS with iptables v1.4.12, I had to put the “–table nat” option at the end, otherwise I get: Bad argument `–-table’

  15. adedoyin david says:

    please i have the same problem {sudo service isc-dhcp-server stop
    stop: Unknown instance: }
    after followed the tutoria in ubuntu 12.04 (not ubuntu server 120.4)
    can somebody help me.

  16. Rogier says:

    Same here: sudo service isc-dhcp-server stop: Unknown instance… what to do?

  17. hs says:

    RE: sudo service isc-dhcp-server stop: Unknown instance

    If the service is not running already then you’ll see this error. Just skip the step to stop the service and move on to starting the service.

  18. Rogier says:

    Well, how cdan I check if the server is actually running? Please see below, when I try to run it, it got the message “running, process 10955″. However when afterward try to stop the service, it says “unknown instance”.

    Is there some way to check if the dhcp server is running?

    [rogier@server] ~ $ sudo service isc-dhcp-server start
    isc-dhcp-server start/running, process 10955
    [rogier@server] ~ $ sudo service isc-dhcp-server stop
    stop: Unknown instance:
    [rogier@server] ~ $

  19. hs says:

    Rogier, look at the /var/log/syslog file for any errors that DHCP server may be giving out. It looks like the server is not starting because of some errors.

  20. richie tabhu says:

    good post it really sorted me out.. Ubuntu 12.04

  21. >hs says:
    >October 19, 2012 at 4:06 pm
    >
    >Rogier, look at the /var/log/syslog file for any errors that DHCP server may be giving out. It looks >like the server is not starting because of some errors.

    That saved my day. I had a small error in the configuration file. Solved it like this (ubuntu server 12.04 LTS):

    administrador@servidor:~$ sudo service isc-dhcp-server start
    start: Job failed to start
    administrador@servidor:~$ tail /var/log/syslog

    Nov 4 11:20:08 servidor dhcpd: bad range, address 192.168.1.200 not in subnet 192.168.88.0 netmask 255.255.255.0

    administrador@servidor:~$ sudo nano /etc/dhcp/dhcpd.conf

  22. Rogier says:

    Thanks; it worked out fine…

  23. avais says:

    internet is not throughing ………… either DNS probleum or some other please help me out

  24. Anonymous says:

    fuck youu

  25. Rogier says:

    Who?

  26. David Doyin says:

    help us with nat that can startup with script.

  27. Prof-Nicola I have a question….
    I did as you advised…
    tail /var/log/syslog
    and got in return…

    Nov 9 15:23:35 lsproxy1210 dhclient: DHCPDISCOVER on the eth1 to 255.255.255.255 port 67 interval 10

    I am a little confused on what to do from here. I have been trying to set up the DHCP using eth1 but it does not seem to work for some reason. I think it is a configuration issue but maybe it can also be that I do not have Bing9 or Dnsmasquerade. I do not think I need those things to get my DHCP running but you tell me what you think,. Thank you!

  28. TEQUILA JULIO says:

    Hello,
    I’ m having problem with the dhcp I follow all the steps for setting up eth1 but for some reason when I try to network boot it say,no DHCP offers were received. PLS HELP! NEW TO LINUX! REALLY APPRECIATED..

  29. Anonymous says:

    hi
    my name is girish kumar i have configured entire Skyray with eth1 & eth0 is internet facing interface and when i am connected another system to this Skyray client getting ip but not getting internet.

  30. hs says:

    I setup a brand new VM following these instructions step by step and everything works fine. A few things to check:

    1. Make sure you are using IP settings based on your environment.
    2. Your DNS should be in working condition. Run nslookup on your client to make sure it’s resolving names correctly.
    3. Check your iptables rules for anything that might be blocking traffic.

  31. dan says:

    This tutorial is good, but I take it your also running a bind9 with this. Is there a way to do this without bind?

  32. hs says:

    Dan, it’s not running with bind9. In my test environment I had a Windows DNS server running. As long as DNS server IPs are reachable via this gateway, they could be any platform.

  33. Manish Singh says:

    Same here. I was able to setup everything, however clients in the internal network are still unable to access the internet. Did anyone was able to get it working?

  34. Pingback: Client OpenVPN as NAT Gateway Router to Local Network « mike#.Net Development

  35. Pingback: Configure Ubuntu Server 12.04 to do NAT | Werner Strydom

  36. MgFrobozz says:

    When I installed 12.04, it installed udhcp. If this is the case, edit /etc/udhcpd.conf:
    * Change ‘start’ to the lowest IP number to be assigned by dhcpd
    * Change ‘end’ to the lowest IP number to be assigned by dhcpd
    * Uncomment “# option subnet” and (if necessary) change the mask for the the subnet.
    * Uncomment “# opt dns” and add the IP number(s) of the DNS server(s) that should be used. If there is a DNS service running on the local host (eg, bind9), use the IP number of the local host on the local network.
    * If the local host is a router (eg, routes packets from the local network on eth1 to the isp connection on eth0), uncomment “#option router”, and change the value to the IP number of the local host on the local network.
    * For each device which needs a static IP assignment, add a line “static_lease hw_addr ip_number”, where hw_addr is the HWaddr shown by ipconfig for the adapter on the box to be assigned (commonly known as “mac address”).
    * Restart the service with “sudo service udhcpd restart”.

  37. Anonymous says:

    fucking unknow instance
    job failed

  38. Asad says:

    it is really excellent…. thank you….

  39. Mark says:

    Exactly what i was looking for! Thx!!!

  40. Anonymous says:

    thanks

  41. I159 says:

    You have hard to detect typo in: sudo iptables –-table nat -A POSTROUTING -o eth0 -j MASQUERADE . Instead of minus minus table, you have dash minus table. Should be: sudo iptables –table nat -A POSTROUTING -o eth0 -j MASQUERADE

  42. Pingback: Rebuild of the gateway « Wezzel In the blog.

  43. Pingback: Configure Ubuntu Server 12.04 to do NAT | Werner Strydom

  44. Khin Ninson says:

    I like to route packets from ppp0 through eth0(wan ) to the Internet. How do I achieve this?

  45. kenneth says:

    In this setup you will not be able to reach the internet if your DNS server is not in the same network.

    for eg.
    DNS server 192.168.10.15

    eth0 192.168.10.0
    eth1 172.22.22.0

    when the dhcp server issues ip say in range 172.22.22.100 – 200
    your client machine gets a 172.22.22100 ip

    It will not be able to reach the DnS server on the 192.168.10.0 unless
    the 172 network is routed to the 192 network throught the 172.22.22.1 gateway

    I think you can use the iptables to achieve this by installing a route
    192.168.10.0 255.255.255.0 172.22.22.1

  46. kenneth says:

    sorry previous comment is misleading:
    correction below:

    for eg.
    network0 10.20.30.0/24
    Dns Server 10.20.30 .20

    network1 172.22.22.0/24

    eth0 10.20.30.77 external (to internet)
    eth1 172.22.22.1 inside local area

    when the dhcp server issues ip say in range 172.22.22.100 – 200
    your client machine gets a 172.22.22100 ip

    It will not be able to reach the DnS server on the 10.20.30.0 network unless you can ping the
    10.20.30.1 gateway.
    To acheive this you would create a route
    from 172.22.22.0 network to the 10.20.3.0 network throught the 172.22.22.1 gateway

    I think you can use the iptables to achieve this by installing a static route
    10.20.30.0 255.255.255.0 172.22.22.1

    or probably a default static route will solve the problem.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 31 other followers

%d bloggers like this: