Replace router with iptables

How to replace your home router with iptables for better control

STEP 1. Conigure interfaces

Configure interfaces

sudo nano /etc/network/interfaces
#WAN interfaces
auto ethx
iface ethx inet dhcp

#LAN interfaces
auto ethy
iface ethy inet static
address 192.168.1.X
gateway 192.168.1.X
netmask 255.255.255.0
dns-nameservers 8.8.8.8

 

STEP 2. Set iptables. Default to ACCEPT

sudo iptables -P INPUT ACCEPT 
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -F
sudo iptables -t nat -F
sudo iptables -t mangle -F

Delete existing chains

iptables -X
iptables -t nat -X
iptables -t mangle -X

 

STEP 3. Enable MASQUERADE

sudo iptables -t nat -A POSTROUTING -o eth_WAN -j MASQUERADE

 

STEP 4. Enable Packet forwarding by kernel

sudo nano /etc/sysctl.conf

Uncomment net.ipv4.ip_forward=1

net.ipv4.ip_forward=1

 

Quicker way to enable ipv4.ip_forward

sudo vim -c '%s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/gc' -c 'wq' /etc/sysctl.conf

#Verify the change

sysctl net.ipv4.ip_forward

#Appy change. You may reboot the system to test the setting so far.

sudo sysctl -p /etc/sysctl.conf
sudo reboot

 

STEP 5. Install Webmin and other packages for easier management

Add the Webmin repository to sources.list

sudo nano /etc/apt/sources.list

Ctrl-W then Ctrl-V to navigate to the end of the file to add the following

deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib

add the Webmin GPG key to apt, so the source repository added will be trusted

wget http://www.webmin.com/jcameron-key.asc
sudo apt-key add filename.asc

Install Webmin

sudo apt-get update
sudo apt-get install webmin

Install other useful packages

sudo apt-get install bind9 perl dhcp3-server openssl htop iptables-persistent

 

STEP 6. Configure iptables

Install the Persistent Firewall Service

sudo apt-get update
sudo apt-get install iptables-persistent

Save currently running iptables configuration (survives reboot)

sudo service iptables-persistent save

Reload from existing (/etc/iptables/rules.v4)

sudo service iptables-persistent reload

Check for any syntax errors

sudo iptables-restore -t /etc/iptables/rules.v4

Reload your iptable immediately for 10 seconds for testing

sudo iptables-apply -t 10 your_rules_file

Manually save/backup your running iptable rules to another file

sudo iptables-save > firewall-rule

Restore from saved rules immediately

sudo iptables-restore < /my/firewall-rule
sudo iptables-restore /etc/iptables/rules.v4

To save your iptables setting to survive reboot

sudo invoke-rc.d iptables-persistent save

(saved at /etc/iptables/rules.v4)

 

STEP X. Troubleshooting

Check your default Gateway, DNS & DHCP server

ip route
route -n
cat /etc/resolv.conf

Check Currently running kernel version

uname -r

Find all network interfaces and enable them

ifconfig -a
sudo ifdown eth0 && sudo ifup eth0
sudo ifdown eth1 && sudo ifup eth1

 

Check and configure time correctly

cat /etc/timezone
timedatectl
date

Check hardware clock

sudo hwclock --show

System to hardware (set hwclock same as System clock)

sudo hwclock --systohc

Hardware clock to system clock (set System clock same as hwclock)

hwclock -hctosys

 

To check temperature (install lm-sensors)

sudo apt-get install lm-sensors 
sudo sensors-detect
sudo service kmod start
watch -n 1 sensors

Check temperature of hdd

sudo apt-get install hddtemp
sudo hddtemp /dev/sdx

 

 

 

Leave a Comment

Your email address will not be published. Required fields are marked *