Dec 26, 2014

[Tutorial] Forwarding internet from one interface to another in linux (Raspberry pi used)

At times we face situations where we need to forward internet from one interface to another for various reasons. Specially if you deal with servers and networks you face it all the time. It can also be used to create a secure home network where a system acts as router ffrom LAN to WAN.

In this tutorial we will learn about the same. This should work with all major linux distributions with a few tweaks, but should work without tweaks for Debian based distrols like *buntu & mint etc.

I have written a simple script to do the task automatically, which you can find at the last. If you are not interested with the details/working of the system, then you can download the script and run it, answer few questions it asks if required.

My Setup:
WAN/INTERNET ----> Raspberry PI ---> Home Network
where raspberry pi acts as caching proxy server, dns server, NAS etc.

Since Raspberry Pi has only one Ethernet Port, we need to use a USB-to-Ethernet adapter if we are using wired connection for both LAN & WAN. Else if you are using WIFI for WAN then the inbuild ethernet port can do the LAN job.

We will focus on wired LAN setup here, regardless of whatever the WAN maybe (Ethernet, USB tethering, WIFI etc).

Looking at the setup in details:

WAN/INTERNET ------> USB-to-Ethernet of PI (eth1) ------> Ethernet port of PI (eth0) -----> Home Wireless AP.

The basic required packages are iptables & a dhcp server.
iptables comes installed default with most of the linux distros.
We will be using isc-dhcp-server as dhcp server, it doesn't come installed by default (Normally). So let's install it:

sudo apt-get update && apt-get -y install isc-dhcp-server

Let us configure the dhcp configuration file. The path for the file is /etc/dhcp/dhcpd.conf. There is already a dhcpd.conf file present. Let's create backup of that file and create a new configuration file.

sudo mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.bak && touch /etc/dhcp/dhcpd.conf

Open the newly created dhcpd.conf file with your favourite text editor with necessary root privilege.

Copy the following lines in the file
 option domain-name "raspberry_pi";
                        option domain-name-servers 8.8.8.8, 8.8.4.4;
                        subnet 192.168.5.0 netmask 255.255.255.0 {
                                        range 192.168.5.2 192.168.5.254;
                                        option routers 192.168.5.1;
                        }

Let's see what it does, line by line.

1.It specifies the domain name of the system. You can use anyname you want.

2. Specifies which DNS to use. 8.8.8.8 & 8.8.4.4 are DNS of google. Better leave it as it is.

3. The subnet of your LAN. Change it according to your need. eg. 172.18.0.0, 192.168.4.1 etc

4. The IP start and end range that is given by the DHCP server. Here the first is 192.168.5.2 and last is 192.168.5.254. You can edit/modify it according to your need, but remember to use the same subnet as from line number 3.

5. Specifies the IP address of the router/system we are configuring. This too you can edit, but remember to put it in the same subnet.

Now, assign your LAN interface to DHCP server. eth0 in my case.
echo "INTERFACES=eth0" > /etc/default/isc-dhcp-server
The DHCP server is now almost configured.

Next, creating iptables rules for the forwarding of packets from one interface to another. eth0 is interface connected to LAN and eth1 is interface connected to internet. Change it according to your need.

 echo "1" > /proc/sys/net/ipv4/ip_forward
 iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
 iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
 iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
 iptables-save > /etc/iptables.ipv4.nat

Finally, let's configure the network interfaces file. Open the file /etc/network/interfaces with your favourite text editor with root privileges, and edit or replace or add the following lines, please use some common knowledge here as the your interface file maybe different with different configurations.
auto lo eth0
                iface lo inet loopback
        iface eth0 inet static
                address 192.168.5.1
                netmask 255.255.255.0

        auto eth1
        iface eth1 inet dhcp

        up iptables-restore < /etc/iptables.ipv4.nat
Compare this with the dhcpd.conf file from earlier and edit accordingly if required. And as stated earlier too, eth0 is my LAN interface and eth1 is my interface connected to internet.

Making sure everything starts up properly on boot, enter the following commands as root user.

update-rc.d isc-dhcp-server enable
sed -i '13iifup $lan_iface' /etc/rc.local
sed -i '14iifup $internet_iface' /etc/rc.local

Now, restart the networking or simply reboot for everything to work. Everything should be working properly now.

In next post, most probably this tutorial will be continued so as to share internet via wifi (ad-hoc).

Any question, feel free to post as comment.

Regards











No comments:

Post a Comment