I recently had to set up a home office and wanted to maintain a separate network that used a dedicated server machine as a gateway. The server would also provide DHCP/DNS services to the work network.
The setup is as follows:
The server machine, named “Nibbler” is running Ubuntu Natty (server) and has both wired ethernet interface “eth0” and wireless network interface “wlan0”. Nibbler connects to the work network through eth0 and to the internet (via the home network) wirelessly through wlan0.
Note: My home office is in a different room to the rest of my computer setup at home and we have no cables running through the wall, hence the wireless router :)
To set up the bridge I created the following iptables script under /etc/iptables.sav
:PREROUTING ACCEPT [1661:128402]
:INPUT ACCEPT [1586:123941]
:FORWARD ACCEPT [34:1860]
:OUTPUT ACCEPT [1093:112966]
:POSTROUTING ACCEPT [1114:115726]
:PREROUTING ACCEPT [7069:621197]
:OUTPUT ACCEPT [312:68686]
:POSTROUTING ACCEPT [131:32808]
-A POSTROUTING -o wlan0 -j MASQUERADE
-A POSTROUTING -j MASQUERADE
:INPUT ACCEPT [2520:198290]
:FORWARD DROP [85:4188]
:OUTPUT ACCEPT [1744:176962]
-A FORWARD -s 192.168.2.0/24 -i eth0 -o wlan0 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
Then added the following line into /etc/rc.local (before the line ‘exit 0’)
iptables-restore < /etc/iptables.sav
The final step is to enable ip4 forwarding in the kernel. This is done by uncommenting the following line in /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
Then apply the kernel parameter changes by executing the following
$ sudo sysctl -p
And that’s it! Traffic is now forwarded from the network to the internet via the server’s wireless link.
Note: I found that after an Ubuntu release upgrade, the net.ipv4.ip_forward setting in sysctl.conf was recommented. If your kernel or sysctl.conf is modified as a result of an upgrade, you’ll probably need to re-uncomment it.