Kyle Pericak

"It works in my environment."

Tue 20 August 2019

Creating a Wireless Router for Wired Servers With Ubuntu Server

Posted by Kyle Pericak in systems administration   

Setup

This setup was done on an Intel Nuc.

The Nuc is running Ubuntu Server 18.04 Bionic, CLI only. It has a wired connection to a rack switch on an access port, and a wireless connection to the office WiFi.

The server will host 192.168.0.1 and act as a gateway for the wired servers. It will do NAT just like a home router does to ensure there are no routing problems with the upstream layer 3 devices.

This setup begins where my Ubuntu WiFi Guide left off. Check it out if you're not sure how to connect to the WiFi from an Ubuntu server.

Enable IP Routing

Check if it's enabled in your config file. This command will just print the file and ignore any comments or blank lines.

cat /etc/sysctl.conf | grep -v -e "#" -v -e "^$"

If you don't have this entry, edit the file and insert it:

net.ipv4.ip_forward=1

If you changed the file, apply your changes:

sysctl -p

Configure Interfaces

Here's my netplan, with the wireless details changed:

network:
  version: 2
  renderer: networkd
  ethernets:
    enp0s25:
      dhcp4: false
      addresses:
        - 192.168.0.1/24
  wifis:
    wlp2s0:
      dhcp4: true
      access-points:
        "My SSID":
          password: "My Password"

If you changed your netplan file, apply the changes with

netplan try

Configure NAT

We'll use iptables for NAT.

First, make a file that defines the rules you want:

Define iptables rules file

These rules will take any traffic coming from 192.168.0.0/24 that are being routed out the WiFi interface wlp2s0 (the default gateway / default route), and apply the MASQUERADE rule which will run port address translation, allowing internet.

There are two tables, nat and filter. The NAT table does the translation, the filter table defines what's allowed in and out. We need to specify that traffic is allowed to go: - From the Ethernet port to the WiFi port - Back from WiFi to Ethernet, when it is RELATED or ESTABLISHED

vi /etc/iptables_rules.sh

1
2
3
4
5
6
7
#!/usr/bin/env bash
echo "Loading rules..."
iptables -t filter -A FORWARD -i enp0s25 -o wlp2s0 -j ACCEPT
iptables -t filter -A FORWARD -i wlp2s0 -o enp0s25 -m state \
  --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o wlp2s0 -j MASQUERADE
echo "Done"

Make the script executable

chmod +x /etc/iptables_rules.sh

Load iptables rules now

Run the new file to apply the rules.

/etc/iptables_rules.sh

You can now use this device as a router without having to configure any special routes.

Configure iptables rules to load on boot

Add the following line to your rc.local file. If it doesn't exist, create it.

vi /etc/rc.local

/etc/iptables_rules.sh

If the file didn't exist, make sure that it starts with a shebang:

1
#!/usr/bin/env bash

Ensure that it's executable:

chmod +x /etc/rc.local

Javascript appears to be disabled. Comments can't load.