Help with iptables routing in ubuntu linux

Posted on 2009-04-20
Last Modified: 2013-11-16

Hi, i have this scenario:

- One router Cisco SOHO 97 that provides me internet with this
IP Address:
- One Windows 2003 Server With FileSharing Enabled with this
IP Address:
- Ten Workstations on This net: 192.168.100.X

I need to install an Ubuntu Server that acts as a Proxy and DHCP Server.
I have 2 NICs in this server and i need to route internet to the 192.168.100.x net acting as the gateway and route access to a file share in the server: and also bring internet to that net (192.168.45.X)

How can I accomplish that with iptables?
Question by:alexinoa
    LVL 16

    Accepted Solution

    If you don't need firewalling (blocking of ports) then you don't need iptables at all. You just have to configure correct routing.

    Let's assume that your Ubuntu server will have IPs and

    1. You have to set as default gateway on all computers on network 192.168.45.X
    2. You have to set default gateway on Ubuntu server
    3. You have to add a route via on your Cisco
    4. Configure the Ubuntu for packet forwarding:
    - set interface IPs
    - echo 1 > /proc/sys/net/ipv4/ip_forward
    - iptables -I FORWARD -j ACCEPT
    LVL 29

    Assisted Solution

    jUst Extra Add with Blaz

    you need to do  MASQuerade in iptables

    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

    Here eth0 would be connected to the Isp  router ..

    Same as Blaz just one line add :

    eth0 = [ Isp router]
    eth1 = [ Internal network]

    Check if  IPv4 forwarding is ON or OFF :
    cat /proc/sys/net/ipv4/ip_forward
    if result = 0 then will have to On it by this command :

    echo "1" > /proc/sys/net/ipv4/ip_forward

    Now have to enable Enable IP masquerading by adding rules in iptables
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    [  Now all internet request will go via eth0]

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now