How can we make our ubuntu server router as gateway mode to router mode?

networking server iptables router gateway

5,505

You'll need to turn on IP forwarding if your static routes are already in place. To do that run sudoedit /etc/sysctl.conf and look for the following segment:

# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

Do as it says and uncomment the second line so it looks like:

net.ipv4.ip_forward=1

Save and exit. Then run sudo sysctl -p /etc/sysctl.conf to reload the configuration. You might then have to reload the networking stack (sudo restart networking) but after that your 192.168.7.x machines should be able to reach 192.168.0.*

5,505

ckknight

Updated on September 18, 2022

Comments

ckknight over 1 year
based on this sample guide link:
http://ubuntulinux.co.in/blog/ubuntu/nat-configuration-with-iptables-in-ubuntu/

with this code:
```
iptables –append FORWARD –in-interface eth1 -j ACCEPT
```
it means that "All PC’s on the private office network should set their “gateway” to be the local private network IP address of the Linux gateway computer."

How can we make our ubuntu server router gateway mode to router mode? In order our private networks is visible from other networks or different subnet.

Scenario:
```
                             +---+        
                   eth1-*.1.2| S |           +----------+
 *1.1router===switch=========|   |           |          |------PC1
               ||            | / |private net|  switch  |------PC2
               ||            |   |===========|          |------PC3
               ||            | R |eth0-*.0.1 +----------+
               ||            +---+
             *.1.3
              Router
               ||            
               ||
             *.7.1
          other network    
```
S/R: Server as Router
192.168.x.x
eth1: connection from the internet/other network
eth0: internal/private network
PC1,PC2,PC3: w/ ip add .0.x
- Oli over 10 years
  
  I don't understand the question "How can we make our ubuntu server router gateway mode to router mode?" Could you clarify it by explaining what you're trying to achieve?
- Oli over 10 years
  
  Are you talking about port forwarding?
- ckknight over 10 years
  
  Hi @Oli, thanks for you immediate response. What I am trying is to make my private network visible to other network. e.g. my private network had a 192.168.0.0/24 and other network has a 192.168.7.0/24. How can we connect .7.x to .0.x?
- Oli over 10 years
  
  This might be relevant: askubuntu.com/questions/168033/how-to-set-routes
- ckknight over 10 years
  
  @Oli I edited my question for more details. I add figure.
- moon.musick over 10 years
  
  I think the author of the question has a Ubuntu Server machine set as a gateway with masquerade and is interested in both masquerade at the WAN interface and simple non-NAT routing for other interfaces interconnecting LANs. Guessing a bit though.
- Oli over 10 years
  
  Well you either need to configure the first-line router to route this traffic and that's probably the best way of handling it, or you add static routes at each of the secondary network routers. On the Ubuntu server ip route 192.168.7.0 255.255.255.0 192.168.1.1 - but again, if the head router isn't configured to allow that routing, it won't go.
- moon.musick over 10 years
  
  Ok, I put back my previous comment. It depends on the configurable options of the 'router' box - if it is a simple NAT-ting consumer-grade router, you might not be able to configure the static path to the x.x.7.0 network. If it is something more advanced, just set the routing there - your Ubuntu box in this case does not matter that much (I suppose it has forwarding enabled already, if it works at all in this setup). If the 'router' already lets both x.x.7.0 and x.x.1.0 reach the Internet, then you might be in luck, as most consumer routers do not support such behavior.
- moon.musick over 10 years
  
  @ckknight what is that 'router' device specifically?
- ckknight over 10 years
  
  @Oli I already static route it... but why .7.x can't ping the private network hosts (PC1,PC2,PC3)? though it can ping the ip add of eth1 and eth0 but not the hosts connected to eth0.
- ckknight over 10 years
  
  @moon.musick, Sorry my figure before is not right... now the figure is corrected.
moon.musick over 10 years

It is possible that if the OP actually run through the steps of the tutorial and enabled masquerade, it has to be turned off if the hosts from x.x.7.0 network are to be able to reach those in x.x.0.0 network.
ckknight over 10 years

@moon.musick : do i have to disable or flush the nat masquerade on my iptables?
moon.musick over 10 years

@ckknight I guess that if you have masquerade configured for hosts in x.x.0.0 network and don't have any specific rules allowing direct connection to those hosts from outside (that is, from hosts behind eth1), then yes, you might have to disable masquerading. Try and see, if it does not work, the problem is elsewhere.
ckknight over 10 years

@moon.musick : yes, it works! thank you so much, guys.
ckknight over 10 years

The problem found. If we disable the masquerading, it can ping(visible) the hosts (PC1,PC2,PC3) from *.7.x networks but the host can't remote/connect to *.7.x. However, when we enable the the masquerade we can connect to *.7.x but *.7.x can't be ping(invisible). Any idea of what/why is this happened?