Ubuntu 12.

04 IPv4 NAT Gateway and DHCP Server

MAY 2, 2012 BY HS 41 COMMENTS
Before I begin this post, I want to thank Internet Connection Sharing Ubuntu 10.04 NAT Gateway Setup (Abridged
Version) for providing the bulk of the tutorial. I have made some modifications for Ubuntu 12.04.
The setup is simple: a single Ubuntu server will act as a gateway and DHCP server for a local network. All other
machines on the local network will receive their IPs from the DHCP server. To make things easier, Ill call this Ubuntu
server Skyray for the rest of the post.
Skyray has two network interfaces, eth0 and eth1. eth0 is on the 10.20.30.0/24 subnet and this is the Internet facing
interface. eth1 is on the 172.22.22.0/24 subnet, where all other machines are also present. Basically, eth0 will
connect to the Internet and eth1 will serve DHCP requests and act as the gateway.
/etc/network/interfaces
First you need to configure eth0 and eth1 for Skyray. Edit the file and make sure it has at least the following settings
(or whatever settings are appropriate for your environment).
sudo vim /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 10.20.30.77
netmask 255.255.255.0
gateway 10.20.30.1
network 10.20.30.0
broadcast 10.20.30.255
dns-nameservers 10.20.30.15 10.20.30.16
dns-search codeghar.com

auto eth1
iface eth1 inet static
address 172.22.22.1
netmask 255.255.255.0
network 172.22.22.0
broadcast 172.22.22.255

/etc/sysctl.conf
You need to enable IPv4 forwarding. To do so, edit this file.
sudo vim /etc/sysctl.conf
And uncomment the line
# net.ipv4.ip_forward=1
so that it now appears as
net.ipv4.ip_forward=1
Save the file and run the following command to make the change effective without a reboot.
sudo sysctl -w net.ipv4.ip_forward=1
/etc/rc.local
Youll need to allow iptables rules for NAT to work. Edit the file and save it.
sudo vim /etc/rc.local
Make sure the following two lines appear before the exit 0 line in the file.
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE
To make these iptables rules active without rebooting, run the following commands:
sudo iptables -P FORWARD ACCEPT
sudo iptables -table nat -A POSTROUTING -o eth0 -j MASQUERADE
Install DHCP server
sudo aptitude install isc-dhcp-server
/etc/dhcp/dhcpd.conf
Configure your newly installed DHCP server. Edit the file and save.
sudo vim /etc/dhcp/dhcpd.conf
The file is very well commented and you can learn a lot reading it. Just make sure it has at least the following
configuration.
ddns-update-style none;

# option definitions common to all supported networks...
option domain-name "codeghar.com";
option domain-name-servers 10.20.30.15, 10.20.30.16;

default-lease-time 3600;
max-lease-time 7200;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# This is a very basic subnet declaration.

subnet 172.22.22.0 netmask 255.255.255.0 {
range 172.22.22.21 172.22.22.250;
option subnet-mask 255.255.255.0;
option broadcast-address 172.22.22.255;
option routers 172.22.22.1;
}

/etc/default/isc-dhcp-server
We want to serve DHCP only on eth1 interface to we need to configure it that way. Edit the file and save it.
sudo vim /etc/default/isc-dhcp-server
The line will look like this before you change it
INTERFACES=""
And after you change it, it will look like this:
INTERFACES="eth1"
Now you should stop and start the DHCP server.
sudo service isc-dhcp-server stop (if the service is already running; skip if its not running)
sudo service isc-dhcp-server start
Conclusion
Now any machines you have on the 172.22.22.0/24 network will get their IP address from Skyray if they are set to
DHCP. And Skyray will also serve as their gateway.
About these ads
FILED UNDER CONFIGURATION TAGGED WITH UBUNTU
41 Responses to Ubuntu 12.04 IPv4 NAT Gateway and DHCP Server
1. Guh says:
2. May 7, 2012 at 3:53 pm
3. when i sudo service isc-dhcp-server start, i got this:
4. start: Job failed to start
5. What is wrong?
6. Guh says:
7. May 7, 2012 at 4:22 pm
8. Nevermind, i got something wrong uncommented in the conf file, now it fixed.
9. Thank You VERY MUCH for the tutorial :)
10. Anonymous says:
11. May 10, 2012 at 2:42 pm
12. Do i have to uninstall networkmanager?
13. mvpfin says:
14. June 20, 2012 at 6:16 am
15. Nice tutorial, thank you kindly!
16. Morteza Moosavi (@neo_one2199) says:
17. June 24, 2012 at 7:51 pm
18. Tnx for your tutorial. dhcp server is working find but clients do not have any internet access.
19. Anonymous says:
20. June 26, 2012 at 12:29 pm
21. Thanks. Works fine for me too, but no internet access on clients.
22. Shubhendu says:
23. June 30, 2012 at 9:00 am
24. when i sudo service isc-dhcp-server start, i got this:
25. start: Job failed to start
26. plz some 1 help me how to restart my services
27. John Smith says:
28. July 7, 2012 at 3:26 am
29. Where does the dhcpd pass the packets in order to reach www?
30. James Webb says:
31. July 12, 2012 at 3:04 pm
32. DHCP works great, but clients have no internet access, how do i fix this???
33. Anon says:
34. July 18, 2012 at 4:08 pm
35. Similar to some of the other commenters, I am also having problems with internet access. I think it
has something to do with the clients not being able to find the DNS. For example, ping yahoo.com failed, but
ping 209.191.122.70 (an IP address for yahoo) returned a successful response.
36. Anon says:
37. July 18, 2012 at 4:31 pm
38. I was able to fix internet connectivity by modifying /etc/network/interfaces to add the following line
after the auth eth0 and iface lines:
39. dns-nameservers 8.8.8.8 8.8.4.4
40. Thsese are two public DNSs that Google maintains (https://developers.google.com/speed/public-
dns/), so I would think they are relatively reliable.
41. CAUTION: I probably dont know what I am doing, since I had to seek out this blog in the first
place to get my LAN gateway set up.
42. Anonymous says:
43. August 9, 2012 at 5:07 pm
44. Clients receive dhcp addresses, but use of dns unavailable. Please post an addendum greatly
appreciated. clients should not have to specify its own dns servers, and also NAT packet forwarding is not
working on the server/gateway in this setup.
45. nsmgo says:
46. August 9, 2012 at 5:54 pm
47. Heres what i needed to add to /etc/rc.local to get forwarding to work for clients:
48. /sbin/iptables -P FORWARD ACCEPT
49. /sbin/iptables -A FORWARD -i eth1 -j ACCEPT
50. /sbin/iptables -A FORWARD -i eth2 -j ACCEPT
51. /sbin/iptables table nat -A POSTROUTING -o eth0 -j MASQUERADE
52. thanks to:
53. http://ubuntulinux.co.in/blog/ubuntu/nat-configuration-with-iptables-in-ubuntu/
54. Anonymous says:
55. September 27, 2012 at 6:09 pm
56. Using Ubuntu 12.04.1 LTS with iptables v1.4.12, I had to put the table nat option at the end,
otherwise I get: Bad argument `-table
57. adedoyin david says:
58. October 18, 2012 at 10:28 am
59. please i have the same problem {sudo service isc-dhcp-server stop
60. stop: Unknown instance: }
61. after followed the tutoria in ubuntu 12.04 (not ubuntu server 120.4)
62. can somebody help me.
63. Rogier says:
64. October 18, 2012 at 7:03 pm
65. Same here: sudo service isc-dhcp-server stop: Unknown instance what to do?
66. hs says:
67. October 18, 2012 at 9:25 pm
68. RE: sudo service isc-dhcp-server stop: Unknown instance
69. If the service is not running already then youll see this error. Just skip the step to stop the service
and move on to starting the service.
70. Rogier says:
71. October 19, 2012 at 5:23 am
72. Well, how cdan I check if the server is actually running? Please see below, when I try to run it, it
got the message running, process 10955. However when afterward try to stop the service, it says unknown
instance.
73. Is there some way to check if the dhcp server is running?
74. [rogier@server] ~ $ sudo service isc-dhcp-server start
75. isc-dhcp-server start/running, process 10955
76. [rogier@server] ~ $ sudo service isc-dhcp-server stop
77. stop: Unknown instance:
78. [rogier@server] ~ $
79. hs says:
80. October 19, 2012 at 4:06 pm
81. Rogier, look at the /var/log/syslog file for any errors that DHCP server may be giving out. It looks
like the server is not starting because of some errors.
82. richie tabhu says:
83. October 31, 2012 at 12:49 pm
84. good post it really sorted me out.. Ubuntu 12.04
85. Prof-Nicola Nascimento says:
86. November 4, 2012 at 11:28 am
87. >hs says:
88. >October 19, 2012 at 4:06 pm
89. >
90. >Rogier, look at the /var/log/syslog file for any errors that DHCP server may be giving out. It looks
>like the server is not starting because of some errors.
91. That saved my day. I had a small error in the configuration file. Solved it like this (ubuntu server
12.04 LTS):
92. administrador@servidor:~$ sudo service isc-dhcp-server start
93. start: Job failed to start
94. administrador@servidor:~$ tail /var/log/syslog
95. Nov 4 11:20:08 servidor dhcpd: bad range, address 192.168.1.200 not in subnet 192.168.88.0
netmask 255.255.255.0
96. administrador@servidor:~$ sudo nano /etc/dhcp/dhcpd.conf
97. Rogier says:
98. November 5, 2012 at 8:33 am
99. Thanks; it worked out fine
100. avais says:
101. November 5, 2012 at 10:19 am
102. internet is not throughing either DNS probleum or some other please help me out
103. Anonymous says:
104. November 8, 2012 at 11:55 am
105. fuck youu
106. Rogier says:
107. November 8, 2012 at 11:56 am
108. Who?
109. David Doyin says:
110. November 8, 2012 at 2:28 pm
111. help us with nat that can startup with script.
112. Lester Torres says:
113. November 9, 2012 at 8:29 pm
114. Prof-Nicola I have a question.
115. I did as you advised
116. tail /var/log/syslog
117. and got in return
118. Nov 9 15:23:35 lsproxy1210 dhclient: DHCPDISCOVER on the eth1 to 255.255.255.255 port 67
interval 10
119. I am a little confused on what to do from here. I have been trying to set up the DHCP using eth1
but it does not seem to work for some reason. I think it is a configuration issue but maybe it can also be that I do
not have Bing9 or Dnsmasquerade. I do not think I need those things to get my DHCP running but you tell me
what you think,. Thank you!
120. TEQUILA JULIO says:
121. November 15, 2012 at 4:31 pm
122. Hello,
123. I m having problem with the dhcp I follow all the steps for setting up eth1 but for some reason
when I try to network boot it say,no DHCP offers were received. PLS HELP! NEW TO LINUX! REALLY
APPRECIATED..
124. Anonymous says:
125. November 20, 2012 at 7:41 am
126. hi
127. my name is girish kumar i have configured entire Skyray with eth1 & eth0 is internet facing
interface and when i am connected another system to this Skyray client getting ip but not getting internet.
128. hs says:
129. November 21, 2012 at 7:40 pm
130. I setup a brand new VM following these instructions step by step and everything works fine. A few
things to check:
131. 1. Make sure you are using IP settings based on your environment.
132. 2. Your DNS should be in working condition. Run nslookup on your client to make sure its
resolving names correctly.
133. 3. Check your iptables rules for anything that might be blocking traffic.
134. dan says:
135. December 20, 2012 at 5:19 pm
136. This tutorial is good, but I take it your also running a bind9 with this. Is there a way to do this
without bind?
137. hs says:
138. December 20, 2012 at 5:23 pm
139. Dan, its not running with bind9. In my test environment I had a Windows DNS server running. As
long as DNS server IPs are reachable via this gateway, they could be any platform.
140. Manish Singh says:
141. January 10, 2013 at 6:47 am
142. Same here. I was able to setup everything, however clients in the internal network are still unable
to access the internet. Did anyone was able to get it working?
143. Pingback: Client OpenVPN as NAT Gateway Router to Local Network mike#.Net Development
144. Pingback: Configure Ubuntu Server 12.04 to do NAT | Werner Strydom
145. MgFrobozz says:
146. April 25, 2013 at 4:00 pm
147. When I installed 12.04, it installed udhcp. If this is the case, edit /etc/udhcpd.conf:
148. * Change start to the lowest IP number to be assigned by dhcpd
149. * Change end to the lowest IP number to be assigned by dhcpd
150. * Uncomment # option subnet and (if necessary) change the mask for the the subnet.
151. * Uncomment # opt dns and add the IP number(s) of the DNS server(s) that should be used. If
there is a DNS service running on the local host (eg, bind9), use the IP number of the local host on the local
network.
152. * If the local host is a router (eg, routes packets from the local network on eth1 to the isp
connection on eth0), uncomment #option router, and change the value to the IP number of the local host on
the local network.
153. * For each device which needs a static IP assignment, add a line static_lease hw_addr
ip_number, where hw_addr is the HWaddr shown by ipconfig for the adapter on the box to be assigned
(commonly known as mac address).
154. * Restart the service with sudo service udhcpd restart.
155. Anonymous says:
156. May 3, 2013 at 1:12 pm
157. fucking unknow instance
158. job failed
159. Asad says:
160. May 3, 2013 at 10:12 pm
161. it is really excellent. thank you.
162. Mark says:
163. May 8, 2013 at 1:48 am
164. Exactly what i was looking for! Thx!!!
165. Anonymous says:
166. May 24, 2013 at 12:57 pm
167. thanks
168. I159 says:
169. July 6, 2013 at 9:29 am
170. You have hard to detect typo in: sudo iptables -table nat -A POSTROUTING -o eth0 -j
MASQUERADE . Instead of minus minus table, you have dash minus table. Should be: sudo iptables table nat
-A POSTROUTING -o eth0 -j MASQUERADE