Make your Ubuntu Server be Router!

README.md

Goals

• Can use Ubuntu Server 20.04 LTS to be Router Gateway include DHCP Server
• Client who connected to Ubuntu Server can be access Internet

Environement

• Ubuntu 20.04 LTS
• 2 Interface
  • 1 Interface from WAN / ISP (enp2s0)
  • 1 Interface for distribution clients (enx00e04c534458)

Set netplan

nano /etc/netplan/01-network-manager-all.yaml

network:
    ethernets:
        enp2s0:
            dhcp4: true
        enx00e04c534458:
            addresses:
            - 192.168.2.1/24
            dhcp4: false
            nameservers:
                addresses:
                - 8.8.8.8
                - 8.8.4.4
                search: []
    version: 2

sudo netplan generate
sudo netplan apply

Install DHCP Server

sudo apt-get install isc-dhcp-server

sudo nano /etc/default/isc-dhcp-server

## Declare Interface to User
INTERFACESv4="enx00e04c534458"

Configure pool for DHCP

sudo nano /etc/dhcp/dhcpd.conf

option domain-name "home.local";
option domain-name-servers 8.8.8.8, 8.8.4.4;
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
authoritative;
log-facility local7;
subnet 192.168.2.0 netmask 255.255.255.0 {
     range 192.168.2.101 192.168.2.200;
     option subnet-mask 255.255.255.0;
     option routers 192.168.2.1;
     option broadcast-address 192.168.2.255;
}

## Make service auto-restart
nano /lib/systemd/system/isc-dhcp-server.service

---
[Service]
Restart=on-failure

sudo systemctl restart isc-dhcp-server
sudo systemctl enable isc-dhcp-server
sudo systemctl status isc-dhcp-server

Create Auto Forwarding Script

nano /root/auto.sh

#!/bin/bash

# /etc/rc.local

# Default policy to drop all incoming packets.
#iptables -P INPUT DROP
#iptables -P FORWARD DROP

# Accept incoming packets from localhost and the LAN interface.
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i enx00e04c534458 -j ACCEPT

# Accept incoming packets from the WAN if the router initiated the connection.
iptables -A INPUT -i enp2s0 -m conntrack \
--ctstate ESTABLISHED,RELATED -j ACCEPT

# Forward LAN packets to the WAN.
iptables -A FORWARD -i enx00e04c534458 -o enp2s0 -j ACCEPT

# Forward WAN packets to the LAN if the LAN initiated the connection.
iptables -A FORWARD -i enp2s0 -o enx00e04c534458 -m conntrack \
--ctstate ESTABLISHED,RELATED -j ACCEPT

# NAT traffic going out the WAN interface.
iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE

# rc.local needs to exit with 0
exit 0

sudo chmod +x /root/auto.sh
crontab -e
@reboot /bin/bash /root/auto.sh

reboot

Reference

• https://ibnus.ac.id/cara-konfigurasi-ubuntu-server-sebagai-router-18-04-1-lts/

I'm trying to follow your instructions, but am confused by the lines

crontab -e
@reboot /bin/bash /etc/rc.local
(I now understand, short hand for setting up the cron job to run at each reboot)

Note the proper reference address is now:

(https://blog.ibnus.ac.id/cara-konfigurasi-ubuntu-server-sebagai-router-18-04-1-lts/)

Note the "Configure pool for DHCP" section should include instructions

sudo nano /etc/dhcp/dhcpd.conf

Hello @mikegilchrist ,

Thanks for the correction! I've updated the part I missed.

I may be wrong but without running 'crontab -e' with 'sudo crontab -e' as a member of sudoers, the script won't run and none of the rules will be added on reboot. I was scratching my head why my clients couldn't reach the ROTW for updates until I changed the rule. That said, I set it up late at night and was bleary eyed so I might have missed something. As written it implies non-root user will run the script stored at '/root'.