{"id":115,"date":"2019-06-02T12:47:44","date_gmt":"2019-06-02T11:47:44","guid":{"rendered":"https:\/\/blog.inplico.uk\/?p=115"},"modified":"2019-06-02T14:11:11","modified_gmt":"2019-06-02T13:11:11","slug":"routing","status":"publish","type":"post","link":"https:\/\/blog.inplico.uk\/?p=115","title":{"rendered":"Routing"},"content":{"rendered":"<p>Rather than configuring a separate router, if your server has 2 or more Ethernet ports then it is possible to use it as a router. In order to do so you need to set up your isp supplied router in modem mode (which you can do easy enough by just assigning the address of your server as a DMZ and turning off any firewalling. How you do this will depend on the specific router.<\/p>\n<p>For actual Broadband modems rather than routers that you are making work as modems you will need to set up a pppoe connection from your server (wich is not too difficult but beyone the scope of this manual).<\/p>\n<p>If you have 2 NICs on a Linux box, both configured with IP&#8217;s you don&#8217;t have to add a route from one network to another. That will be done automatically.<\/p>\n<p>Add a default gateway address on the WAN NIC. <strong>Do not do this in the configuration of the LAN NIC.<\/strong><\/p>\n<p>Then enable forwarding in the kernel:<\/p>\n<pre class=\"lang:sh decode:true \">#echo 1 &gt;&gt; \/proc\/sys\/net\/ipv4\/ip_forward<\/pre>\n<p>To make it auto-set this value on boot uncomment this line in \/etc\/sysctl.conf<\/p>\n<pre class=\"lang:sh decode:true \">#net.ipv4.ip_forward=1<\/pre>\n<p>Then set up some rules in iptables to perform the natting and forwarding:<\/p>\n<p>In this example \u201c<strong>eth0<\/strong>\u201d is the <strong>LAN<\/strong> interface and \u201c<strong>eth1<\/strong>\u201d is the <strong>WAN<\/strong><\/p>\n<p>Always accept loopback traffic<\/p>\n<pre class=\"lang:sh decode:true \">#iptables -A INPUT -i lo -j ACCEPT<\/pre>\n<p>We allow traffic from the LAN side<\/p>\n<pre class=\"lang:sh decode:true\">#iptables -A INPUT -i eth0 -j ACCEPT<\/pre>\n<p><strong>ROUTING TABLES<\/strong><\/p>\n<p>Allow established connections<\/p>\n<pre class=\"lang:sh decode:true\">#iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\r\n#iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE<\/pre>\n<p>Fowarding<\/p>\n<pre class=\"lang:sh decode:true\">#iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT<\/pre>\n<p>Allow outgoing connections from the LAN side.<\/p>\n<pre class=\"lang:sh decode:true\">#iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT<\/pre>\n<p>that should do it.<\/p>\n<p>If you haven\u2019t already installed it then install iptables-persistant and then run<\/p>\n<pre class=\"lang:sh decode:true\">#iptables-save &gt; \/etc\/iptables\/rules.v4<\/pre>\n<p>Note:<\/p>\n<p>If have set up a VPN you should follow the instructions in the <strong>openvpn<\/strong> section and bind it to the <strong>LAN<\/strong> Something like:<\/p>\n<pre class=\"lang:sh decode:true\">#iptables -t nat -A POSTROUTING -s 10.8.0.0\/24 -o eth0 -j MASQUERADE<\/pre>\n<p>for this configuration (where eth0 is the LAN).<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Rather than configuring a separate router, if your server has 2 or more Ethernet ports then it is possible to use it as a router. In order to do so you need to set up your isp supplied router in modem mode (which you can do easy enough by just assigning the address of your [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"class_list":["post-115","post","type-post","status-publish","format-standard","hentry","category-debian-server"],"_links":{"self":[{"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=\/wp\/v2\/posts\/115","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=115"}],"version-history":[{"count":1,"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=\/wp\/v2\/posts\/115\/revisions"}],"predecessor-version":[{"id":116,"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=\/wp\/v2\/posts\/115\/revisions\/116"}],"wp:attachment":[{"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=115"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=115"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=115"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}