In todays guide we are about to see how to setup our Linux server as a NAT router to share the internet with other hosts in the same network.
Few of my Linux servers are in a restricted environment and not allowed to connect with the internet directly. In this case, I need to share the Internet from my Linux Desktop or from a Linux Server to the remaining hosts by configuring it as a NAT router.
Back in the days, while configure squid serves we used to play with the IPtables a lot, thus this setup can be done in just three steps.
For Instance, my Linux Desktop or Linux Server1 have two interfaces.
- ens18 connected to the ISP Router and getting IP from the DHCP.
- ens19 connected to my LAN network with IP address 192.168.100.10, this is manually configured.
Remaining nodes in my network have only one interface with IP 192.168.100.0/24 range.
To make things easier to understand let’s keep things like this. Assume Linux Desktop or Linux Server as Server1 and remaining nodes as server2, 3 etc.
Load the module for NAT using
modprobe command. Mostly in nowadays Linux distribution it will be loaded by default.
$ sudo modprobe iptable_nat
Temporary Traffic forwarding
Configure kernel parameters at runtime to forward the traffics, Enable the forwarding by appending 1 to the temporary /proc filesystem, Once we reboot the server this change will not be available. So, to make the changes persistent across reboot, make sure to use the next step.
# echo 1 > /proc/sys/net/ipv4/ip_forward or # sysctl -w net.ipv4.ip_forward=1
Permanent Traffic forwarding
If you need to make the persistent changes across the reboot, add the below entry to /etc/sysctl.conf
# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
To make the changes without taking a reboot, run the below command.
# sysctl -p /etc/sysctl.conf
Post routing and forwarding for NAT Router
Add the IPtables rules to do a post routing and forwarding the traffics, In your setup the interface name will differ, make sure to replace the interface name with yours.
# iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE # iptables -A FORWARD -i ens19 -j ACCEPT
That’s it, we have completed with the required changes in Server 1 side.
In other nodes the config should be like below, Print the current route
[root@server2 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.100.1 0.0.0.0 UG 100 0 0 ens18 192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 ens18 [root@server2 ~]#
The nodes may have interface with IP 192.168.100.11, 12, 13 or something else, Change the default route with IP address of Server 1.
Delete the default route
# route del -net default
Once again print and verify to confirm the deleted default route
[root@server2 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 ens18 [root@server2 ~]#
Add a new default gateway for the interface, The gateway IP should be the IP of Server 1
# route add default gw 192.168.100.10 dev ens18
Print to verify the router using
# route -n command
[root@server2 ~]# route add default gw 192.168.100.10 dev ens18 [root@server2 ~]# [root@server2 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.100.10 0.0.0.0 UG 100 0 0 ens18 192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 ens18 [root@server2 ~]#
That’s it, We are now connected to the internet.
Configuring forwarder DNS
Till the above steps we are good with connecting to the internet, however, when we try to access any web URL it should look for the name resolution by forwarding the request to a DNS server. To do so, we need to configure with the domain name and the IP of the DNS server which helps to forward the queries.
Configure the interface with DNS, Edit the interface configuration file or use
nmcli command to add the DNS.
# ls -lthr /etc/sysconfig/network-scripts/ifcfg-ens18
Verify the same in resolv.conf
# cat /etc/resolv.conf root@server2 ~]# cat /etc/resolv.conf # Generated by NetworkManager search linuxsysadmins.local nameserver 192.168.0.21 nameserver 192.168.0.1 [root@gateway ~]#
Now, we are good with internet and name resolution.
That’s it we have successfully configured our existing Linux Desktop or Server as a NAT router to share the internet.
Sharing the internet from an existing Linux Desktop to any NIX based servers or to windows based Desktop/Server is easy. It can be configured in a few steps by adding NAT router forwarding rules. Subscribe to our newsletter and find more relevant how-to-guides on upcoming posts. Your feedbacks are welcome through the below command section.