[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 777
  • Last Modified:

Help with iptables routing in ubuntu linux

Hi, i have this scenario:

- One router Cisco SOHO 97 that provides me internet with this
IP Address:
- One Windows 2003 Server With FileSharing Enabled with this
IP Address:
- Ten Workstations on This net: 192.168.100.X

I need to install an Ubuntu Server that acts as a Proxy and DHCP Server.
I have 2 NICs in this server and i need to route internet to the 192.168.100.x net acting as the gateway and route access to a file share in the server: and also bring internet to that net (192.168.45.X)

How can I accomplish that with iptables?
2 Solutions
If you don't need firewalling (blocking of ports) then you don't need iptables at all. You just have to configure correct routing.

Let's assume that your Ubuntu server will have IPs and

1. You have to set as default gateway on all computers on network 192.168.45.X
2. You have to set default gateway on Ubuntu server
3. You have to add a route via on your Cisco
4. Configure the Ubuntu for packet forwarding:
- set interface IPs
- echo 1 > /proc/sys/net/ipv4/ip_forward
- iptables -I FORWARD -j ACCEPT
jUst Extra Add with Blaz

you need to do  MASQuerade in iptables

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Here eth0 would be connected to the Isp  router ..

Same as Blaz just one line add :

eth0 = [ Isp router]
eth1 = [ Internal network]

Check if  IPv4 forwarding is ON or OFF :
cat /proc/sys/net/ipv4/ip_forward
if result = 0 then will have to On it by this command :

echo "1" > /proc/sys/net/ipv4/ip_forward

Now have to enable Enable IP masquerading by adding rules in iptables
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[  Now all internet request will go via eth0]

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now