dreaife

Announcement

welcome to my blog

Learn More

Tags

dreaife

Announcement

welcome to my blog

Learn More

Site Statistics

Posts

68

Categories

13

Tags

56

Total Words

122,778

Running Days

0 days

Last Activity

0 days ago

Tags

dreaife

Announcement

welcome to my blog

Learn More

Site Statistics

Posts

68

Categories

13

Tags

56

Total Words

122,778

Running Days

0 days

Last Activity

0 days ago

Tags

Categories

332 words

2 minutes

Use NAT on Ubuntu to Forward Network Access to a Router

2024-12-15

prog-side

network

/

linux

For personal use, I first obtain the network on the host, then forward it over the network, sharing the network with the router via an Ethernet cable.

Here is the solution.

P.S.: This configuration environment is a freshly installed Ubuntu. If your environment has configurations you need to preserve, please back them up first to avoid loss.

View current network status#

1
ip addr
2
# 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
3
#    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4
#    inet 127.0.0.1/8 scope host lo
5
#       valid_lft forever preferred_lft forever
6
#    inet6 ::1/128 scope host noprefixroute
7
#       valid_lft forever preferred_lft forever
8
#2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
9
#    link/ether 68:1d:ef:4a:41:4e brd ff:ff:ff:ff:ff:ff
10
#    inet6 fe80::85cf:33e6:14a0:3af6/64 scope link noprefixroute
11
#       valid_lft forever preferred_lft forever
12
#3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
13
#    link/ether 68:1d:ef:4a:41:4f brd ff:ff:ff:ff:ff:ff
14
#    inet 192.168.0.148/24 brd 192.168.0.255 scope global dynamic noprefixroute enp3s0
15
#       valid_lft 7094sec preferred_lft 7094sec
16
#4: wlp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
17
#    link/ether bc:2b:02:7c:27:a7 brd ff:ff:ff:ff:ff:ff
18
#5: enx5a5f0a205236: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
19
#    link/ether 5a:5f:0a:20:52:36 brd ff:ff:ff:ff:ff:ff
20
#    inet 192.168.9.107/24 brd 192.168.9.255 scope global dynamic noprefixroute enx5a5f0a205236
21
#       valid_lft 3421sec preferred_lft 3421sec
22
#    inet6 fe80::86cb:2037:bfdc:9300/64 scope link noprefixroute
23
#       valid_lft forever preferred_lft forever

Identify the interfaces connected to the Internet and to the router

Network Configuration#

1. Modify Netplan configuration#

Remove all existing Netplan configuration files:
```
1
sudo rm -rf /etc/netplan/*.yaml
```
Create a new base configuration file:
```
1
sudo nano /etc/netplan/01-netcfg.yaml
```

Add the following content to enable DHCP on the interfaces and configure a static IP address for the NIC connected to the router:

1
network:
2
  version: 2
3
  renderer: networkd
4
  ethernets:
5
    enp1s0:
6
      addresses:
7
        - 192.168.1.1/24
8
      dhcp4: false
9
      gateway4: 192.168.1.254
10
      nameservers:
11
        addresses:
12
          - 8.8.8.8
13
          - 8.8.4.4
14
    enx5a5f0a205236:
15
      dhcp4: true

Save the file and exit, then apply the configuration:
```
1
sudo netplan apply
```

2. Validate network configuration#

Run the following commands to check whether each interface has successfully obtained an IP address:

1
ip addr

Target state:
- The configured interfaces should obtain IP addresses via DHCP.
- The router-facing interface should be assigned a static address.
  
  Run the following command to check whether enp1s0 has a static IP address:
```
1
ip addr show enp1s0
```
  The output should include:
```
1
inet 192.168.1.1/24 scope global enp1s0
```

According to my network layout, the Internet connection is provided by enx5a5f0a205236 and is shared to the router via enp1s0:

3.1 Enable IP forwarding#

Temporarily enable:
```
1
sudo sysctl -w net.ipv4.ip_forward=1
```
Permanently enable: Edit the /etc/sysctl.conf file:
```
1
sudo nano /etc/sysctl.conf
```
Ensure the following line is not commented:
```
1
net.ipv4.ip_forward=1
```
Apply the configuration:
```
1
sudo sysctl -p
```

3.2 Configure NAT forwarding#

Add NAT forwarding rules:

1
sudo iptables -t nat -A POSTROUTING -o enx5a5f0a205236 -j MASQUERADE
2
sudo iptables -A FORWARD -i enx5a5f0a205236 -o enp1s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
3
sudo iptables -A FORWARD -i enp1s0 -o enx5a5f0a205236 -j ACCEPT

Save the rules:

1
sudo apt install iptables-persistent
2
sudo netfilter-persistent save
3
sudo netfilter-persistent reload

4. Configure DHCP Service#

The router’s WAN needs to obtain an IP address via enp1s0, which requires configuring a DHCP service.

4.1 Install DHCP Service#

Install isc-dhcp-server:

1
sudo apt update
2
sudo apt install isc-dhcp-server

4.2 Configure DHCP#

Edit /etc/dhcp/dhcpd.conf file:

1
sudo nano /etc/dhcp/dhcpd.conf

Add the following content:

1
subnet 192.168.1.0 netmask 255.255.255.0 {
2
    range 192.168.1.10 192.168.1.100;
3
    option routers 192.168.1.1;
4
    option domain-name-servers 8.8.8.8, 8.8.4.4;
5
}

Specify the interface for the DHCP service:

1
sudo nano /etc/default/isc-dhcp-server

Set:

1
INTERFACESv4="enp1s0"

4.3 Start DHCP Service#

Start the DHCP service and check its status:

1
sudo systemctl restart isc-dhcp-server
2
sudo systemctl status isc-dhcp-server

Check NAT and IP forwarding are active:
```
1
sudo iptables -t nat -L -v
2
cat /proc/sys/net/ipv4/ip_forward
```
- Ensure the NAT rules exist.
- cat /proc/sys/net/ipv4/ip_forward should return 1.
Test network connectivity on devices connected to enp1s0:
- Ensure devices obtain IP addresses via DHCP.
- Test whether devices can access the Internet.