loading...

Ubuntu Server 18.04 – Setting up an internet gateway

How to create virtual machines with VirtualBox

As long as we’re setting up network services, we may as well go all the way and set up a router to act as a gateway for our network. In most commercial routers, we’ll have DNS and DHCP built in, as well as routing. Quite often, these services will all run on the same box. Depending on how you set up your DNS and DHCP servers in the previous sections, you may have even set up your primary DNS and DHCP servers on the same machine, which is quite common. However, your internet connection will likely be terminated on a separate box, possibly a commercial routing device or internet gateway from your internet service provider.

Depending on what kind of internet connection you have, Linux itself can likely replace whatever device your internet modem connects to. A good example of this is a cable modem that your office or home router may utilize. In this case, the modem provides your internet connection, and then your router allows other devices on your network to access it. In some cases, your modem and router may even be the same device.

Linux servers handle this job very well, and if you want to consolidate your DHCP, DNS, and routing into a single server, that’s a very easy (and common) thing to do. Specifically, you’ll need a server with at least two Ethernet ports, as well as a network switch that will allow you to connect multiple devices. If you need to connect devices with wireless network cards, you’ll need an access point as well. Therefore, depending on the hardware you have, this method of setting up your networking may or may not be efficient. But if you do have the hardware available, you’ll be able to manage the entire networking stack with Ubuntu Server quite easily.

In fact, we’ll only need to execute a single command to set up routing between interfaces, which is technically all that’s required in order to set up an internet gateway. But before we get into that, it’s also important to keep in mind that if you do set up an internet gateway, you’ll need to pay special attention to security. The device that sits between your network and your modem will be a constant attack target, just like any other gateway device would be. When it comes to commercial routers, they’re also attacked constantly. However, in most cases, they’ll have some sort of default security or firewall built in. In all honesty, the security features built in to common routing equipment are extremely poor and most of them are easy to hack when someone wants in bad enough. The point is that these devices have some sort of security to begin with (regardless of how good or bad), whereas a custom internet gateway of your own won’t have any security at all until you add it.

When you set up an internet gateway, you’ll want to pay special attention to setting up the firewall, restricting access to SSH, using very strong passwords, keeping up to date on security patches, as well as installing an authentication monitor such as fail2ban. We’ll get into those topics in Chapter 15, Securing Your Server. The reason I bring this up now though is that if you do set up an internet gateway, you’ll probably want to take a detour and read that chapter right away, just to make sure that you secure it properly.

Anyway, let’s move on. A proper internet gateway, as I’ve mentioned, will have two Ethernet ports. On the first, you’ll plug in your cable modem or internet device, and you’ll connect a switch on the second. By default, though, routing between these interfaces will be disabled, so traffic won’t be able to move from one Ethernet port to the other. To rectify this, use the following command:

echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward 

That’s actually it. With that single command, you’ve just made your server into a router. However, that change will not survive a reboot. To make it permanent, open the /etc/sysctl.conf file in your editor:

sudo nano /etc/sysctl.conf 

Look for the following line:

#net.ipv4.ip_forward=1 

Uncomment the line and save the file. With that change made, your server will allow routing between interfaces even after a reboot. Of all the topics we’ve covered in this chapter, that one was probably the simplest. However, I must remind you again to definitely secure your server if it’s your frontend device to the internet, as computer security students always enjoy practicing on a real-life Linux server. With good security practices, you’ll help ensure that they’ll leave you alone, or at least have a harder time breaking in. From here, all you should need to do is attach a network switch to your other network interface, and then you can attach your other wired Ethernet devices and wireless access point to the switch. Now, Ubuntu Server is managing your entire network!

Comments are closed.

loading...