how to configure Linux as router

I'm trying to set up a linux host as a router. I'm following the instruction at which assured me it would be a 2-minute process, but after 2 minutes, I'm stuck. Here's what I did so far, per the instructions:

The setup:

I am running Slackware distro, kernel

I currently have two NIC cards in this computer: eth0 is currently connected to a D-Link router (which, in turn, is connected to the ISP's cable modem), and eth1 is currently not connected to anything, but will be the LAN connection.

eth0 is configured in /etc/rc.d/rc.inet1.conf for DHCP.


I connected eth0 to the cable mode and reset the NIC:

$ /etc/rc.d.rc.inet1 eth0_restart

That worked fine, eth0 got an IP. Then, I created the file /etc/sysctl.conf and added one line:

 net.ipv4.ip_forward = 1

Then the iptables commands for IP forwarding and Masquerading:

$ iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
$ iptables --append FORWARD --in-interface eth1 -j ACCEPT

Here's where I'm stuck. How to I configure eth1 in /etc/rc.d/rc.inet1.conf? I want to give it a static IP for the LAN, but what do I put in for gateway and DNS? Won't specifying a gateway confuse eth0?

# Config information for eth1:

# Default gateway IP address:

Do I use /etc/resolv.conf for DNS servers? Start named? Can I somehow specify eth0's IP as the gateway?

Who is Participating?

Improve company productivity with a Business Account.Sign Up

vivigattConnect With a Mentor Commented:
DHCPREQUEST, DHCPACK, DHCPINFORM, DHCPINFORM messages are perfectly OK. Actually this is how DHCP works.
If PC-de-Daniela/rover gets the correct IP config, you are all set.
I think that you may have some name conflict. Let me guess.
PC-de-Daniela is a Windows PC that has a Windows name "PC-de-Daniela".
So when sending its DHCP requests, it adds its hostname in the request.
This is not what you have in your dhcps.conf file, but this should not cause any issue

DHCP leases are renewed periodically. Actually, there is a "renewal" dialog that occurs when the leases half expired. You can increase the lease time if you want.
You can add "authoritative" for the subnet if your DHCP is actually the one and only for this subnet.
If you want the DHCP service to update the DNS records, you have to set the correct config. But this requires you to run a local DNS that you have total control off. It may not be actually needed.
If you have a local DNS, you can also configure the clients (PC-de-Daniela) to send DNS update requests when it gets an IP config. Yet, since the DNS addresses you provide are
Eth0 is the gateway. IP of the dlink.  Make sure you do not double NAT the same segment.
I.e. eth0 must to be on the
Resolv.conf should point to the DNS server either local if you configure named as a caching server locally.

Post the output of netstat -rn.
Do you have DHCP configured to allocate IPs on the eth1 network?
Personally I'd recommend using a distro that is built with being a gateway already from the onset. For example Zentyal has this built-in, but also turnkey, ClearOS and others have this function already available. The advantage is that all these distro's have good management tools included which makes configuration very easy and straight forward.
A proven path to a career in data science

At Springboard, we know how to get you a job in data science. With Springboard’s Data Science Career Track, you’ll master data science  with a curriculum built by industry experts. You’ll work on real projects, and get 1-on-1 mentorship from a data scientist.

Check this (outdated but still very relevant and instructive) article:
jmarkfoleyAuthor Commented:
I've got it sort-of working -- in fact, I'm using it as my router to post this comment -- but I still have still issues. I had a 2nd NIC that wouldn't play well in the computer (Linksys EtherFast 10/100 LNE100TX). I forget what error I was getting, something about a "tulip". I swapped out the card for one that worked, but then had to remove my /etc/udev/70-persistent-net.rules and reboot because udev was renaming my eth0 to eth2! Sheesh! My problem is some error messages I get when running `dhcpd -d eth0`. First, the messages, then I'll post the config:

When I started dhcpd I got:

Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 0 leases to leases file.
Listening on LPF/eth0/00:50:da:28:3b:06/192.168.0/24
Sending on   LPF/eth0/00:50:da:28:3b:06/192.168.0/24
Sending on   Socket/fallback/fallback-net

I assume these are normal start up messages. I then connected my WIN9 laptop for which I created a DHCP reservation for (I think). When it connected I got:

Dynamic and static leases present for
Remove host delcaration rover or remove
from the dynamic address pool for 192.168.0/24
DHCPREQUEST for from 44:1e:a1:c8:e8:9b via eth0
DHCPACK on to 44:1e:a1:c8:e8:9b via eth0
DHCPINFORM from via eth0: not authoritative for subnet
If this DHCP server is authoritative for that subnet,
please write an 'authoritative;' directive either in the
subnet declaration or in some scope that encolses the
subnet declaration - for example, write it at the top
of the dhcpd.conf file.
DHCPINFORM from via eth0: not authoritative for subnet

Not sure what all this means, but my guess is that I should not designate reserved IPs within my DHCP range ( - Also, not sure what the 'authoritative;' directive is all about.

Next, I connected my wife's laptop for which I did *NOT* make a reservation. I got:

if PC-de-Daniela.alluneedizluv.local IN A rrset doesn't exist add PC-de-Daniela.alluneedizluv.local 21600 IN A DNS format error.
DHCPREQUEST for from 00:13:77:d6:aa:2a via eth0
DHCPACK on to 00:13:77:d6:aa:2a  (PC-de-Daniela) via eth0
DHCPINFORM from via eth0: not authoritative for subnet
DHCPINFORM from via eth0: not authoritative for subnet
if PC-de-Daniela.alluneedizluv.local IN A rrset doesn't exist add PC-de-Daniela.alluneedizluv.local 21600 IN A timed out.

The messages DHCPREQUEST, DHCPACK, DHCPINFORM, DHCPINFORM repeat themselves about every half hour (something to do with lease time?). I can't even guess what these messages are about other than something to do with DNS ... which I'm not running. Despite all these messages, both laptops appear to have connected w/o any apparent problem on the laptop end. Nevertheless, I don't want to simply ignore them.

How do I fix these?


option domain-name "alluneedizluv.local";

ddns-update-style ad-hoc;

subnet netmask {
    option routers;
    option domain-name-servers,;  # from my ISP

host rover {
  hardware ethernet 44:1E:A1:C8:E8:9B;

# Config information for eth0:
# This is the LAN interface and is the add-in card

# Config information for eth1:
# This is the Internet interface and is the built-in NIC

I've specified no default gateway.

iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT

# Generated by dhcpcd for interface eth1

With the above, do I even need the option domain-name-servers in dhcpd.conf?

arnold, the netstat -rn info:

$ netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface   U         0 0          0 eth0   U         0 0          0 eth1       U         0 0          0 lo         UG        0 0          0 eth1

Open in new window

vivigatt, I will also check out your link for clues.

So, what am I doing wrong?

The non-authoritative and the timeout deals with the DNS.
You should setup a local caching + authoritative for zone where your DHCP server will register the IPs it allocates. And your internal domain alluneedizluv.local.
jmarkfoleyAuthor Commented:
according to my research, the "not authoritative for subnet" can be handled by putting the directive 'authoritative;' at the beginning of my /etc/dhcpd.conf file.

> You should setup a local caching ... for zone

Do you mean running DNS (named) or are you talking about some configuration setting in dhcpd.conf?
Yes, having bind's named or any other DNS service (tinydns) depending on your comfort level.
jmarkfoleyAuthor Commented:
When I put the "authoritative" directive in the dhcpd.conf file I stopped getting the "not authoritative for subnet" messages, and I also stopped getting the "if PC-de-Daniela.alluneedizluv.local IN A rrset doesn't exist ... DNS format error." So, everything seems to be running just fine.

vivigatt: > DHCP leases are renewed periodically. Actually, there is a "renewal" dialog that occurs when the leases half expired. You can increase the lease time if you want.

Maybe this is too big a question for this posting, but what's the difference between max-lease-time and default-lease-time? What are the defaults if not set in dhcpd.conf? If I understand the logfile correctly, leases seem to be updated between 1 and 2 hours. This is a small, local network, so why not set lease times to e.g. a month or so?
arnoldConnect With a Mentor Commented:
Includes a sample configuration as well as comments for some of the fields

The short the default lease sets a time frame within which the client must renew the lease at the end of the period if not renewed the lease expires.
Max lease settings deals with whether you want a system to be forced to get a new IP.  This deals with rotating the IPs in use by a system.
The lease time duration deals with DHCP related network traffic.  Set it too low and all your systems will be spending time obtaining/renewing IP leases.  usually 3600 is the minimum duration and two weeks is the maximum.  The draw back deals with once an IP is allocated, it is marked as unavailable by the DHCP for the duration of the lease.  If you have many systems rotating in and out, and you set the lease time to a month, after 254 unique systems rotated in, any new system will not be allocated an IP as there will be no available IPs in the DHCP pool.

In a LAN the lease time should be one day.
a week or two weeks are used often on the ISP provider side for DSL, FIOS, type of connections.
jmarkfoleyAuthor Commented:
OK, I think that deals with my general router issues. Thanks. I've changed the default lease time to 1 day, as you suggested. Everything seems to be working just fine on the wired LAN

you wrote:
>The short the default lease sets a time frame within which the client must renew the lease at the end of the period if not renewed the lease expires.

I have a different question on a Linux DHCP *client* in a Windows domain and it seems to have to do with the Linux client not renewing the lease. Check out and see if you can help me on that one.

Also, I don't know if you know anything about wireless, but I've added a wireless card into this mix that I want to be an access point. I've got it semi-configured -- client devices can see the SSID  and can connect -- but no Internet access happening. Check out if this is in your baliwick.
Regarding the wireless, what IPs are assigning there? If you are assigning the same IP as the wired side your issue would be what IP the wireless niC has as well as what iptables rules are set on the NIC, I.e. does a wireless traffic passes without impediment through the wireless NIC to the outside.

If you are using a different block of IPs, you have to make sure that your iptables NAT rules route traffic correctly between the wireless NIC and the outside.
jmarkfoleyAuthor Commented:
I think I may have an issue with the iptables, but I'm no iptables guru so I'm not sure. Check out All the IP assignment, hostapd, etc. info is listed. I need to get that one fixed asap as I'm being bugged to toss out this linux server idea and by a linksys or something.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.