Installing and configuring DNSmasq
DNSmasq is a DNS forwarder and DHCP server. Change “domain” to match the FQDN of your network and “dhcp-range” to the desired range of DHCP IP addresses that the router / gateway should assign to the clients on the private network.
apt-get update && apt-get upgrade
apt-get install dnsmasq
nano -w /etc/dnsmasq.conf
interface=eth1
listen-address=127.0.0.1
domain=your.domain.name
dhcp-range=10.0.0.100,10.0.0.150,12hInstalling and configuring iptables
First we will install some tools needed to automatically load stored iptables rules on the next reboot of the router / gateway.
Both questions whether the current iptables rules should be saved, have to be answered with “Yes”.
apt-get install iptables-persistentIptables Enable rules
Save below text as rules.sh
#!/bin/sh PATH=/usr/sbin:/sbin:/bin:/usr/bin # # delete all existing rules. # iptables -F iptables -t nat -F iptables -t mangle -F iptables -X # Always accept loopback traffic iptables -A INPUT -i lo -j ACCEPT # Allow established connections, and those not coming from the outside iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state NEW -i !eth1 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow outgoing connections from the LAN side. iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT # Masquerade. iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE # Don't forward from the outside to the inside. iptables -A FORWARD -i eth1 -o eth1 -j REJECT
chmod +x rules.sh ./rules.sh
Enable IP forwarding
first open the file you need
nano /etc/sysctl.confThen uncomment following line
net.ipv4.ip_forward = 1
Reboot and check if everything works
That’s it! After a reboot, you have a simple router / gateway for your private network.
