0

I have a linux server (Ubuntu 12) with 2 NIC's.

eth0 is connected WAN (inet 10.0.2.15 mask 255.255.255.0)

eth1 is connected LAN (inet 192.168.0.1 mask 255.255.255.0)

I want my windows machine to connect to the internet. Win -> eth1 -> eth0 -> internet

Added to: /etc/network/interfaces

auto eth1
iface eth1 inet static
    address 192.168.0.1
    network 192.168.0.0
    netmask 255.255.255.0
    broadcast 192.168.0.255

I added this to: /etc/dhcp/dhcpd.conf

authoritative;
option domain-name "mydomain";
option domain-name-servers 8.8.8.8, 8.8.4.4, 192.168.0.1;
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.1;
subnet 192.168.0.0 netmask 255.255.255.0 {
        range 192.168.0.32 192.168.0.128 ;
        option routers 192.168.0.1 ;
}

and in /etc/ufw/before.rules

# nat rules
*nat
 :POSTROUTING ACCEPT [0:0]

# Forward all packes through eth0
-A POSTROUTING -s 10.0.2.0/24 -o eth0 -j MASQUERADE

# WARNING, do not remove COMMIT line. This breaks the loading
COMMIT

I have set my windows machine's default gateway to 192.168.0.1 and its IP to 192.168.0.40

My windows machine can ping my eth1 but not the internet

I think the problem is the postrouting rule for ufw but I find no documentation on its syntax (yes Im just copy/pasting a tutorial)..

EDIT: Extra info:

output ip addr and output ip route http://puu.sh/2Yfd7.png

output iptables -L FORWARD http://i.stack.imgur.com/Mas98.png

apologies for screenshots.

Erik Hermans
  • 13
  • 3
  • What do you mean by "WAN"? It would make sense to expect the Internet gateway on the WAN side but that doesn't suit this description: "Win -> eth0 -> eth1 -> internet". With routing problems you should always give the output of `ip addr`, `ip route` and `iptables -L FORWARD -nv` (and all chains referenced from FORWARD). – Hauke Laging May 21 '13 at 18:17

1 Answers1

3

You need to enable IP forwarding somewhere:

 sudo sysctl -w net.ipv4.ip_forward=1

One of the place where it could be enabled is in /etc/sysctl.conf.d :

 echo "net.ipv4.ip_forward = 1" | sudo tee /etc/sysctl.conf.d/routing.conf

Additionnaly, your iptables rules:

-A POSTROUTING -s 10.0.2.0/24 -o eth0 -j MASQUERADE

Will only enable NAT for hosts in the 10.0.2.0/24 range, whereas your DHCP server will deliver ips in the 192.168.0.0/24 range. You need to change it.

BatchyX
  • 902
  • 4
  • 7
  • Already had this enabled in /etc/sysctl.conf AND /etc/ufw/sysctl.conf. I tried your suggestion but it did not help. – Erik Hermans May 21 '13 at 18:37