Rather than configuring a separate router, if your server has 2 or more Ethernet ports then it is possible to use it as a router. In order to do so you need to set up your isp supplied router in modem mode (which you can do easy enough by just assigning the address of your server as a DMZ and turning off any firewalling. How you do this will depend on the specific router.

For actual Broadband modems rather than routers that you are making work as modems you will need to set up a pppoe connection from your server (wich is not too difficult but beyone the scope of this manual).

If you have 2 NICs on a Linux box, both configured with IP’s you don’t have to add a route from one network to another. That will be done automatically.

Add a default gateway address on the WAN NIC. Do not do this in the configuration of the LAN NIC.

Then enable forwarding in the kernel:

#echo 1 >> /proc/sys/net/ipv4/ip_forward

To make it auto-set this value on boot uncomment this line in /etc/sysctl.conf

#net.ipv4.ip_forward=1

Then set up some rules in iptables to perform the natting and forwarding:

In this example “eth0” is the LAN interface and “eth1” is the WAN

Always accept loopback traffic

#iptables -A INPUT -i lo -j ACCEPT

We allow traffic from the LAN side

#iptables -A INPUT -i eth0 -j ACCEPT

ROUTING TABLES

Allow established connections

#iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

Fowarding

#iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

Allow outgoing connections from the LAN side.

#iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

that should do it.

If you haven’t already installed it then install iptables-persistant and then run

#iptables-save > /etc/iptables/rules.v4

Note:

If have set up a VPN you should follow the instructions in the openvpn section and bind it to the LAN Something like:

#iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

for this configuration (where eth0 is the LAN).