Ubuntu – NAT problem with UFW

domain-name-systemnat;Ubuntuufw

I'm trying to setup up an Ubuntu server, and first I want it to act as NAT/router/firewall. My question is: How do I make it so the computers connected to the LAN, can access Internet?

eth0      Link encap:Ethernet  HWaddr 00:1c:23:87:d3:be
          inet addr:213.101.213.177  Bcast:213.101.213.191  Mask:255.255.255.192
          inet6 addr: fe80::21c:23ff:fe87:d3be/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:16037 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13626 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2268865 (2.2 MB)  TX bytes:1258854 (1.2 MB)
          Interrupt:26 Base address:0x6000

eth1      Link encap:Ethernet  HWaddr 00:1b:21:4f:e4:0b
          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::21b:21ff:fe4f:e40b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:929 errors:0 dropped:0 overruns:0 frame:0
          TX packets:309 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:100820 (100.8 KB)  TX bytes:45571 (45.5 KB)

eth0 is internet, with dynamic IP. eth1 is LAN.

I've got dhcp-server working, and computers are getting IP addresses. I'm not sure if I've configured it correctly for computers to resolve domain names though.

This is my dhcpd.conf file. Notice that I commented out the dns part, as i don't run bind (should I?)

default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 10.0.0.255;
option routers 10.0.0.254;
#option domain-name-servers 10.0.0.1;
option domain-name "server.mydomain.com";

subnet 10.0.0.0 netmask 255.255.255.0 {
    range 10.0.0.2 10.0.0.200;
}

And these are the rules I added to the top of /etc/ufw/before.rules

# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]

# Forward traffic from eth1 through eth0
-A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE

# don't delete the 'COMMIT' line or these nat table rules won't be processed
COMMIT

ufw status: (default is also set to allow)

Status: active

To                         Action      From
--                         ------      ----
Anywhere                   ALLOW       10.0.0.0/24

When I try to ping Google from computer 10.0.0.2, I get "destination host unreachable" / "unkown host".

What have I missed? Thanks!

Best Answer

The router that you've specified in /etc/dhcpd.conf is 10.0.0.254, yet the Ubuntu box you're trying to configure is (apparently) on 10.0.0.1.

So your client machines' packets aren't even being sent to the Ubuntu box for NAT processing and forwarding.

Related Topic