Ubuntu 12.04 IPv4 NAT Gateway and DHCP Server
May 2, 2012 47 Comments
Before I begin this post, I want to thank Internet Connection Sharing – Ubuntu 10.04 NAT Gateway Setup (Abridged Version) for providing the bulk of the tutorial. I have made some modifications for Ubuntu 12.04.
The setup is simple: a single Ubuntu server will act as a gateway and DHCP server for a local network. All other machines on the local network will receive their IPs from the DHCP server. To make things easier, I’ll call this Ubuntu server “Skyray” for the rest of the post.
Skyray has two network interfaces, eth0 and eth1. eth0 is on the 10.20.30.0/24 subnet and this is the Internet facing interface. eth1 is on the 172.22.22.0/24 subnet, where all other machines are also present. Basically, eth0 will connect to the Internet and eth1 will serve DHCP requests and act as the gateway.
/etc/network/interfaces
First you need to configure eth0 and eth1 for Skyray. Edit the file and make sure it has at least the following settings (or whatever settings are appropriate for your environment).
sudo vim /etc/network/interfaces
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 10.20.30.77 netmask 255.255.255.0 gateway 10.20.30.1 network 10.20.30.0 broadcast 10.20.30.255 dns-nameservers 10.20.30.15 10.20.30.16 dns-search codeghar.com auto eth1 iface eth1 inet static address 172.22.22.1 netmask 255.255.255.0 network 172.22.22.0 broadcast 172.22.22.255
/etc/sysctl.conf
You need to enable IPv4 forwarding. To do so, edit this file.
sudo vim /etc/sysctl.conf
And uncomment the line
# net.ipv4.ip_forward=1
so that it now appears as
net.ipv4.ip_forward=1
Save the file and run the following command to make the change effective without a reboot.
sudo sysctl -w net.ipv4.ip_forward=1
/etc/rc.local
You’ll need to allow iptables rules for NAT to work. Edit the file and save it.
sudo vim /etc/rc.local
Make sure the following two lines appear before the exit 0
line in the file.
/sbin/iptables -P FORWARD ACCEPT /sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE
To make these iptables rules active without rebooting, run the following commands:
sudo iptables -P FORWARD ACCEPT
sudo iptables –-table nat -A POSTROUTING -o eth0 -j MASQUERADE
Install DHCP server
sudo aptitude install isc-dhcp-server
/etc/dhcp/dhcpd.conf
Configure your newly installed DHCP server. Edit the file and save.
sudo vim /etc/dhcp/dhcpd.conf
The file is very well commented and you can learn a lot reading it. Just make sure it has at least the following configuration.
ddns-update-style none; # option definitions common to all supported networks... option domain-name "codeghar.com"; option domain-name-servers 10.20.30.15, 10.20.30.16; default-lease-time 3600; max-lease-time 7200; # If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. authoritative; # Use this to send dhcp log messages to a different log file (you also # have to hack syslog.conf to complete the redirection). log-facility local7; # This is a very basic subnet declaration. subnet 172.22.22.0 netmask 255.255.255.0 { range 172.22.22.21 172.22.22.250; option subnet-mask 255.255.255.0; option broadcast-address 172.22.22.255; option routers 172.22.22.1; }
/etc/default/isc-dhcp-server
We want to serve DHCP only on eth1 interface to we need to configure it that way. Edit the file and save it.
sudo vim /etc/default/isc-dhcp-server
The line will look like this before you change it
INTERFACES=""
And after you change it, it will look like this:
INTERFACES="eth1"
Now you should stop and start the DHCP server.
sudo service isc-dhcp-server stop
(if the service is already running; skip if it’s not running)
sudo service isc-dhcp-server start
Conclusion
Now any machines you have on the 172.22.22.0/24 network will get their IP address from Skyray if they are set to DHCP. And Skyray will also serve as their gateway.
when i “sudo service isc-dhcp-server start”, i got this:
start: Job failed to start
What is wrong?
Nevermind, i got something wrong uncommented in the conf file, now it fixed.
Thank You VERY MUCH for the tutorial :)
Do i have to uninstall networkmanager?
Nice tutorial, thank you kindly!
Tnx for your tutorial. dhcp server is working find but clients do not have any internet access.
Thanks. Works fine for me too, but no internet access on clients.
when i “sudo service isc-dhcp-server start”, i got this:
start: Job failed to start
plz some 1 help me how to restart my services
Where does the dhcpd pass the packets in order to reach www?
DHCP works great, but clients have no internet access, how do i fix this???
Similar to some of the other commenters, I am also having problems with internet access. I think it has something to do with the clients not being able to find the DNS. For example, “ping yahoo.com” failed, but “ping 209.191.122.70” (an IP address for yahoo) returned a successful response.
I was able to fix internet connectivity by modifying /etc/network/interfaces to add the following line after the “auth eth0” and “iface…” lines:
dns-nameservers 8.8.8.8 8.8.4.4
Thsese are two public DNSs that Google maintains (https://developers.google.com/speed/public-dns/), so I would think they are relatively reliable.
CAUTION: I probably don’t know what I am doing, since I had to seek out this blog in the first place to get my LAN gateway set up.
Clients receive dhcp addresses, but use of dns unavailable. Please post an addendum greatly appreciated. clients should not have to specify it’s own dns servers, and also NAT packet forwarding is not working on the server/gateway in this setup.
Here’s what i needed to add to /etc/rc.local to get forwarding to work for clients:
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -A FORWARD -i eth1 -j ACCEPT
/sbin/iptables -A FORWARD -i eth2 -j ACCEPT
/sbin/iptables –table nat -A POSTROUTING -o eth0 -j MASQUERADE
thanks to:
http://ubuntulinux.co.in/blog/ubuntu/nat-configuration-with-iptables-in-ubuntu/
Using Ubuntu 12.04.1 LTS with iptables v1.4.12, I had to put the “–table nat” option at the end, otherwise I get: Bad argument `–-table’
please i have the same problem {sudo service isc-dhcp-server stop
stop: Unknown instance: }
after followed the tutoria in ubuntu 12.04 (not ubuntu server 120.4)
can somebody help me.
Same here: sudo service isc-dhcp-server stop: Unknown instance… what to do?
RE: sudo service isc-dhcp-server stop: Unknown instance
If the service is not running already then you’ll see this error. Just skip the step to stop the service and move on to starting the service.
Well, how cdan I check if the server is actually running? Please see below, when I try to run it, it got the message “running, process 10955”. However when afterward try to stop the service, it says “unknown instance”.
Is there some way to check if the dhcp server is running?
[rogier@server] ~ $ sudo service isc-dhcp-server start
isc-dhcp-server start/running, process 10955
[rogier@server] ~ $ sudo service isc-dhcp-server stop
stop: Unknown instance:
[rogier@server] ~ $
Rogier, look at the /var/log/syslog file for any errors that DHCP server may be giving out. It looks like the server is not starting because of some errors.
good post it really sorted me out.. Ubuntu 12.04
>hs says:
>October 19, 2012 at 4:06 pm
>
>Rogier, look at the /var/log/syslog file for any errors that DHCP server may be giving out. It looks >like the server is not starting because of some errors.
That saved my day. I had a small error in the configuration file. Solved it like this (ubuntu server 12.04 LTS):
administrador@servidor:~$ sudo service isc-dhcp-server start
start: Job failed to start
administrador@servidor:~$ tail /var/log/syslog
Nov 4 11:20:08 servidor dhcpd: bad range, address 192.168.1.200 not in subnet 192.168.88.0 netmask 255.255.255.0
administrador@servidor:~$ sudo nano /etc/dhcp/dhcpd.conf
Thanks; it worked out fine…
internet is not throughing ………… either DNS probleum or some other please help me out
fuck youu
Who?
help us with nat that can startup with script.
Prof-Nicola I have a question….
I did as you advised…
tail /var/log/syslog
and got in return…
Nov 9 15:23:35 lsproxy1210 dhclient: DHCPDISCOVER on the eth1 to 255.255.255.255 port 67 interval 10
I am a little confused on what to do from here. I have been trying to set up the DHCP using eth1 but it does not seem to work for some reason. I think it is a configuration issue but maybe it can also be that I do not have Bing9 or Dnsmasquerade. I do not think I need those things to get my DHCP running but you tell me what you think,. Thank you!
Hello,
I’ m having problem with the dhcp I follow all the steps for setting up eth1 but for some reason when I try to network boot it say,no DHCP offers were received. PLS HELP! NEW TO LINUX! REALLY APPRECIATED..
hi
my name is girish kumar i have configured entire Skyray with eth1 & eth0 is internet facing interface and when i am connected another system to this Skyray client getting ip but not getting internet.
I setup a brand new VM following these instructions step by step and everything works fine. A few things to check:
1. Make sure you are using IP settings based on your environment.
2. Your DNS should be in working condition. Run nslookup on your client to make sure it’s resolving names correctly.
3. Check your iptables rules for anything that might be blocking traffic.
This tutorial is good, but I take it your also running a bind9 with this. Is there a way to do this without bind?
Dan, it’s not running with bind9. In my test environment I had a Windows DNS server running. As long as DNS server IPs are reachable via this gateway, they could be any platform.
Same here. I was able to setup everything, however clients in the internal network are still unable to access the internet. Did anyone was able to get it working?
Pingback: Client OpenVPN as NAT Gateway Router to Local Network « mike#.Net Development
Pingback: Configure Ubuntu Server 12.04 to do NAT | Werner Strydom
When I installed 12.04, it installed udhcp. If this is the case, edit /etc/udhcpd.conf:
* Change ‘start’ to the lowest IP number to be assigned by dhcpd
* Change ‘end’ to the lowest IP number to be assigned by dhcpd
* Uncomment “# option subnet” and (if necessary) change the mask for the the subnet.
* Uncomment “# opt dns” and add the IP number(s) of the DNS server(s) that should be used. If there is a DNS service running on the local host (eg, bind9), use the IP number of the local host on the local network.
* If the local host is a router (eg, routes packets from the local network on eth1 to the isp connection on eth0), uncomment “#option router”, and change the value to the IP number of the local host on the local network.
* For each device which needs a static IP assignment, add a line “static_lease hw_addr ip_number”, where hw_addr is the HWaddr shown by ipconfig for the adapter on the box to be assigned (commonly known as “mac address”).
* Restart the service with “sudo service udhcpd restart”.
fucking unknow instance
job failed
it is really excellent…. thank you….
Exactly what i was looking for! Thx!!!
thanks
You have hard to detect typo in: sudo iptables –-table nat -A POSTROUTING -o eth0 -j MASQUERADE . Instead of minus minus table, you have dash minus table. Should be: sudo iptables –table nat -A POSTROUTING -o eth0 -j MASQUERADE
Pingback: Rebuild of the gateway « Wezzel In the blog.
Pingback: Configure Ubuntu Server 12.04 to do NAT | Werner Strydom
I like to route packets from ppp0 through eth0(wan ) to the Internet. How do I achieve this?
In this setup you will not be able to reach the internet if your DNS server is not in the same network.
for eg.
DNS server 192.168.10.15
eth0 192.168.10.0
eth1 172.22.22.0
when the dhcp server issues ip say in range 172.22.22.100 – 200
your client machine gets a 172.22.22100 ip
It will not be able to reach the DnS server on the 192.168.10.0 unless
the 172 network is routed to the 192 network throught the 172.22.22.1 gateway
I think you can use the iptables to achieve this by installing a route
192.168.10.0 255.255.255.0 172.22.22.1
sorry previous comment is misleading:
correction below:
for eg.
network0 10.20.30.0/24
Dns Server 10.20.30 .20
network1 172.22.22.0/24
eth0 10.20.30.77 external (to internet)
eth1 172.22.22.1 inside local area
when the dhcp server issues ip say in range 172.22.22.100 – 200
your client machine gets a 172.22.22100 ip
It will not be able to reach the DnS server on the 10.20.30.0 network unless you can ping the
10.20.30.1 gateway.
To acheive this you would create a route
from 172.22.22.0 network to the 10.20.3.0 network throught the 172.22.22.1 gateway
I think you can use the iptables to achieve this by installing a static route
10.20.30.0 255.255.255.0 172.22.22.1
or probably a default static route will solve the problem.
I cοuldn’t refrain from commenting. Very well written!