Replace router with iptables

How to replace your home router with iptables for better control

STEP 1. Conigure interfaces

Configure interfaces

sudo nano /etc/network/interfaces
#WAN interfaces
auto ethx
iface ethx inet dhcp

#LAN interfaces
auto ethy
iface ethy inet static
address 192.168.1.X
gateway 192.168.1.X


STEP 2. Set iptables. Default to ACCEPT

sudo iptables -P INPUT ACCEPT 
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -F
sudo iptables -t nat -F
sudo iptables -t mangle -F

Delete existing chains

iptables -X
iptables -t nat -X
iptables -t mangle -X



sudo iptables -t nat -A POSTROUTING -o eth_WAN -j MASQUERADE


STEP 4. Enable Packet forwarding by kernel

sudo nano /etc/sysctl.conf

Uncomment net.ipv4.ip_forward=1



Quicker way to enable ipv4.ip_forward

sudo vim -c '%s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/gc' -c 'wq' /etc/sysctl.conf

#Verify the change

sysctl net.ipv4.ip_forward

#Appy change. You may reboot the system to test the setting so far.

sudo sysctl -p /etc/sysctl.conf
sudo reboot


STEP 5. Install Webmin and other packages for easier management

Add the Webmin repository to sources.list

sudo nano /etc/apt/sources.list

Ctrl-W then Ctrl-V to navigate to the end of the file to add the following

deb sarge contrib
deb sarge contrib

add the Webmin GPG key to apt, so the source repository added will be trusted

sudo apt-key add filename.asc

Install Webmin

sudo apt-get update
sudo apt-get install webmin

Install other useful packages

sudo apt-get install bind9 perl dhcp3-server openssl htop iptables-persistent


STEP 6. Configure iptables

Install the Persistent Firewall Service

sudo apt-get update
sudo apt-get install iptables-persistent

Save currently running iptables configuration (survives reboot)

sudo service iptables-persistent save

Reload from existing (/etc/iptables/rules.v4)

sudo service iptables-persistent reload

Check for any syntax errors

sudo iptables-restore -t /etc/iptables/rules.v4

Reload your iptable immediately for 10 seconds for testing

sudo iptables-apply -t 10 your_rules_file

Manually save/backup your running iptable rules to another file

sudo iptables-save > firewall-rule

Restore from saved rules immediately

sudo iptables-restore < /my/firewall-rule
sudo iptables-restore /etc/iptables/rules.v4

To save your iptables setting to survive reboot

sudo invoke-rc.d iptables-persistent save

(saved at /etc/iptables/rules.v4)


STEP X. Troubleshooting

Check your default Gateway, DNS & DHCP server

ip route
route -n
cat /etc/resolv.conf

Check Currently running kernel version

uname -r

Find all network interfaces and enable them

ifconfig -a
sudo ifdown eth0 && sudo ifup eth0
sudo ifdown eth1 && sudo ifup eth1


Check and configure time correctly

cat /etc/timezone

Check hardware clock

sudo hwclock --show

System to hardware (set hwclock same as System clock)

sudo hwclock --systohc

Hardware clock to system clock (set System clock same as hwclock)

hwclock -hctosys


To check temperature (install lm-sensors)

sudo apt-get install lm-sensors 
sudo sensors-detect
sudo service kmod start
watch -n 1 sensors

Check temperature of hdd

sudo apt-get install hddtemp
sudo hddtemp /dev/sdx




Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top