How to setup Ubuntu router with 2 WAN interfaces
Solved completely
Now I have the correct settings and whole setup is working, so I can access the server from internet via a public IP (WAN1) and route LAN to the internet via WAN2 and still I can access the server via its public IP (WAN1) from LAN. This is the routing which had to be configured to make it work in a way I had described before:
ip route del default table main
ip route add default via 192.168.1.20 dev eth3 table main
ip route add 217.XXX.XXX.160/27 dev eth2 src 217.XXX.XXX.185 table T1
ip route add default via 217.XXX.XXX.161 dev eth2 table T1
ip route add 192.168.2.0/24 dev br0 table T1
ip route add 192.168.1.0/24 dev eth3 table T1
ip route add 127.0.0.0/8 dev lo table T1
ip route add 192.168.1.0/24 dev eth3 src 192.168.1.1 table T2
ip route add default via 192.168.1.20 dev eth3 table T2
ip route add 192.168.2.0/24 dev br0 table T2
ip route add 217.XXX.XXX.160/27 dev eth2 table T2
ip route add 127.0.0.0/8 dev lo table T2
ip rule add from 217.XXX.XXX.185 table T1
ip rule add from 192.168.1.1 table T2
That's it. So it is solved.
Related videos on Youtube
user241281
Updated on September 18, 2022Comments
-
user241281 over 1 year
I have an ubuntu router with Ubuntu server 14.04 installed. Physical network interfaces are:
eth0 - local LAN
eth3 - WAN (internet)
wlan2 - local wireless LAN (AP)This is my /etc/network/interfaces:
# The loopback network interface auto lo iface lo inet loopback # LAN interface auto eth0 iface eth0 inet manual # This is the Wireless section. auto wlan2 iface wlan2 inet manual up /sbin/ifconfig wlan0 up # This is the Bridge section. auto br0 iface br0 inet static address 192.168.2.106 network 192.168.2.0 netmask 255.255.255.0 bridge_ports eth0 wlan0 # WAN network interface (NAT-ed) auto eth3 iface eth3 inet static address 192.168.1.1 netmask 255.255.255.0 gateway 192.168.1.20 dns-nameservers 8.8.8.8 4.4.4.4
Route is:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.1.20 0.0.0.0 UG 0 0 0 eth3 192.168.1.0 * 255.255.255.0 U 0 0 0 eth3 192.168.2.0 * 255.255.255.0 U 0 0 0 br0
I use UFW and this is what I have added to /etc/ufw/before.rules:
# Configure NAT settings *nat :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 192.168.2.0/24 -o eth3 -j MASQUERADE COMMIT
UFW's status:
Status: active To Action From -- ------ ---- 22 ALLOW Anywhere 80 ALLOW Anywhere 443 ALLOW Anywhere Anywhere ALLOW 192.168.2.0/24 22 (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6)
Then I use also hostapd for wifi AP. Everything works perfectly. But... What I want to do is to add an additional network card which would be second WAN interface on which I have a public static IP. I want to use current eth3 as a main internet connection as it is very fast and reliable connection, but is behind a NAT, so it lacks public IP. I have additional internet connection with a public ip which I want to use only for accessing the server(router) from outside (ssh, http, https). The public IP internet connection would be connected to the eth2.
I do not know how to configure that. When I just enter this configuration into /etc/network/interfaces, I can't access the server (ssh,http,https) via a public IP specified for eth2. (internet connection with this public ip is ok - I tested it with different HW router and I could access it well from outside):
# WAN network interface with a public IP auto eth2 iface eth2 inet static address 217.XXX.XXX.AAA netmask 255.255.255.224 gateway 217.XXX.XXX.BBB dns-nameservers 8.8.8.8 4.4.4.4
Can anybody help me sorting this out?
OK, I partially solved the issue.>>>
I created new routing table and added routing for the "public ip WAN" and added an ip rule so everything which comes from the public ip will be routed using the new routing table to the correct interface/gw:
sudo ip route add 217.XXX.XXX.160/27 dev eth2 src 217.XXX.XXX.185 table T1 sudo ip route add default via 217.XXX.XXX.161 table T1 sudo ip rule add from 217.XXX.XXX.185 table T1
Now I have the server accessible from outside via public IP associated to WAN eth2. What worries me, that since I configured this, I have no access to the server via public IP from the LAN behind the router. I think this is because of masquerading is set in a way we route everything from LAN behing the router via eth3 - which is a WAN interface eht3 (without a public IP). Am I right? Is there a way how to fix this?
-
Thomas Ward over 9 yearsIf you solved it completely add your solution as an answer to your own question.
-
user241281 over 9 yearsthe solution is moved into the answer below
-
Thomas Ward over 9 yearsDon't forget to mark your own answer as accepted since it solved your problem :)
-