Connecting a LAN to internet through a gateway

date: 2023-11-01 21:21:44

categories: linux

firstPublishDate: 2023-11-01 21:21:44

I have a mobile phone, a laptop, a network hub and a desktop computer. I configure the mobile phone as a hot spot and connect the laptop to the hot spot with wifi, the laptop is connected to internet with the mobile phone. With a network cable the laptop is connected to the hub and the desktop computer is also connected to the hub. The laptop has 2 network interfaces and is connected to both internet and the desktop computer.

I want to connect the desktop computer to the internet using the laptop as a gateway.

   ┌╌╌╌╌╌╌╌╌┐
   ╎Internet╎
   └╌╌╌┬╌╌╌╌┘
       ╎
       ╎
       ╎
 ┏━━━━━┿━━━━━━┓    ╭──────────╮             ╭──────────╮
 ┃Mobile phone┃    │Computer A│             │Computer B│
 ┗━━━━━┯━━━━━━┛    │Laptop    │             │Desktop   │
       │           │(Gateway) │dhcp         │          │
       │           ╰─┬──────┬─╯server       ╰────┬─────╯
       │             │      │                    │
       └─────────────┘      └──────────HUB───────┘
          Wifi wlp7s0b1     Wired enp6s0    Wired eno1
         192.168.223.129    192.168.0.1     192.168.0.2
                            static ip       set by dhcpd

I created the figure with patate:

Patate ASCII art editor

Computer A Laptop (gateway) has 2 network interfaces:

wlp7s0b1 wifi connected to the mobile phone hot spot, the ip 192.168.223.129 is set by the mobile phone
enp6s0 wired network connected to the hub and desktop, I set a static ip (192.168.0.1)

Computer B Desktop has 1 wired network interfaces:

eno1: The ip is set automatically by the dhcp server in the laptop

I choose the network 192.168.0.0/24 for the LAN.

There are 3 steps to configure the laptop to be used as a gateway:

Set static ip for the enp6s0 interface
Setup iptables to forward packets to internet
Setup a dhcp server

Set static ip for the enp6s0 interface

In the laptop, I choose to configure network 192.168.0.0/24 and ip 192.168.0.1, devices connected to the hub will have ips in this network. The ips are distributed automatically by the dhcp server.

vi /etc/network/interfaces
auto enp6s0
iface enp6s0 inet static
address 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255

Reconfigure the interface:

ifdown enp6s0
ifup enp6s0

Setup iptables to forward packets to internet

Configure the linux kernel to allow forwarding packets and make it persistent:

echo 1 > /proc/sys/net/ipv4/ip_forward
vi /etc/sysctl.conf
net.ipv4.ip_forward=1

sysctl -p
#Output
net.ipv4.ip_forward = 1

#Apply:
sysctl --system

Setup iptables:

iptables -t nat -A POSTROUTING -o wlp7s0b1 -j MASQUERADE
iptables -A FORWARD -i enp6s0 -o wlp7s0b1 -j ACCEPT
iptables -A FORWARD -i wlp7s0b1 -o enp6s0 -m state --state RELATED,ESTABLISHED -j ACCEPT

`iptables -t nat -A POSTROUTING -o wlp7s0b1 -j MASQUERADE`

This says: on the network address translation table, after we have figured out the routing of a packet on output enp6s0, replace the return address information with our own so the return packets come to us. Also, remember that we did this (like a lookup table that remembers this connection). Connections coming from the LAN (192.168.0.0/24) to the internet are recorded in the gateway (laptop) NAT table.

`iptables -A FORWARD -i enp6s0 -o wlp7s0b1 -j ACCEPT`

Allow packets that want to come from enp6s0 (the LAN) to go out wlp7s0b1 (the wifi interface connected to internet).

`iptables -A FORWARD -i wlp7s0b1 -o enp6s0 -m state --state RELATED,ESTABLISHED -j ACCEPT`

Use that lookup table we had from before to see if the packet arriving on the external interface actually belongs to a connection that was already initiated from the internal.

Setup a dhcp server

I setup a dhcp server in the gateway to automatically configure the network for the devices connected to the LAN. The dhcp server sets up a default nameserver, the default nameserver in the laptop is:

cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.223.198

The devices in the LAN use the nameservers 192.168.223.198 and 8.8.8.8 (google, if the first one doesn't work). Install and configure the ISC dhcp server (I used Debian Bullseye for this setup):

apt-get install isc-dhcp-server
vi /etc/dhcp/dhcpd.conf
#Uncomment #authoritative to make it authoritative
option domain-name-servers 192.168.223.198, 8.8.8.8;
subnet 192.168.0.0 netmask 255.255.255.0 {
 range 192.168.0.1 192.168.0.100;
 option subnet-mask 255.255.255.0;
 option broadcast-address 192.168.0.255;
 option routers 192.168.0.1;
}

Setup the network interface for the dhcp server, I disable ipv6 since it is not used in this setup:

vi /etc/default/isc-dhcp-server
INTERFACESv4="enp6s0"
#INTERFACESv6="enp6s0" - comment out to disable ipv6 dhcp server

Start the dhcp server:

/etc/init.d/isc-dhcp-server start

Run these commands to restart the dhcp server:

/etc/init.d/isc-dhcp-server stop
kill `cat /var/run/dhcpd.pid`
rm /var/run/dhcpd.pid
/etc/init.d/isc-dhcp-server start

Now the devices on the LAN have their network interface automatically configured by the dhcp server like a regular router.

Another article describing the same setup:

Building My Own Firewall/Router, Part 1 11-07-2023

Hashtag #networking

Feed

Guestbook