Created
June 15, 2016 20:03
-
-
Save rms1000watt/481041b6ab64b263a7ec47d513073de1 to your computer and use it in GitHub Desktop.
Ubuntu installation as router with NAT, DNS, and isolation rules
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ubuntu box with 2 NICs | |
| # eth0 = WAN | |
| # eth1 = LAN | |
| # OR | |
| # eth0 = larger network | |
| # eth1 = smaller network | |
| # Setup and install | |
| sudo apt-get install iptables-persistent | |
| sudo nano /etc/sysctl.conf # uncomment => #net.ipv4.ip_forward=1 | |
| sudo sysctl -p /etc/sysctl.conf | |
| sudo service iptables-persistent save | |
| # NAT Across CIDR blocks except for 10.0.0.0/8. This isolates 10.0.0.0/8 outbound from the smaller network. | |
| sudo iptables -t nat -A POSTROUTING -o eth0 -d 0.0.0.0/5 -j MASQUERADE | |
| sudo iptables -t nat -A POSTROUTING -o eth0 -d 8.0.0.0/7 -j MASQUERADE | |
| sudo iptables -t nat -A POSTROUTING -o eth0 -d 11.0.0.0/8 -j MASQUERADE | |
| sudo iptables -t nat -A POSTROUTING -o eth0 -d 12.0.0.0/6 -j MASQUERADE | |
| sudo iptables -t nat -A POSTROUTING -o eth0 -d 16.0.0.0/4 -j MASQUERADE | |
| sudo iptables -t nat -A POSTROUTING -o eth0 -d 32.0.0.0/3 -j MASQUERADE | |
| sudo iptables -t nat -A POSTROUTING -o eth0 -d 64.0.0.0/2 -j MASQUERADE | |
| sudo iptables -t nat -A POSTROUTING -o eth0 -d 128.0.0.0/1 -j MASQUERADE | |
| # Install DNS | |
| sudo apt-get update | |
| sudo apt-get install bind9 bind9utils bind9-doc | |
| # Port forward 443 from Router box to box in smaller network. Smaller network = 10.0.13.0/24 | |
| sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to 10.0.13.2:443 | |
| sudo service iptables-persistent save |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment