How to replace your home router with iptables for better control
STEP 1. Conigure interfaces
Configure interfaces
sudo nano /etc/network/interfaces
#WAN interfaces
auto ethx
iface ethx inet dhcp
#LAN interfaces
auto ethy
iface ethy inet static
address 192.168.1.X
gateway 192.168.1.X
netmask 255.255.255.0
dns-nameservers 8.8.8.8
STEP 2. Set iptables. Default to ACCEPT
sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -F
sudo iptables -t nat -F
sudo iptables -t mangle -F
Delete existing chains
iptables -X
iptables -t nat -X
iptables -t mangle -X
STEP 3. Enable MASQUERADE
sudo iptables -t nat -A POSTROUTING -o eth_WAN -j MASQUERADE
STEP 4. Enable Packet forwarding by kernel
sudo nano /etc/sysctl.conf
Uncomment net.ipv4.ip_forward=1
net.ipv4.ip_forward=1
Quicker way to enable ipv4.ip_forward
sudo vim -c '%s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/gc' -c 'wq' /etc/sysctl.conf
#Verify the change
sysctl net.ipv4.ip_forward
#Appy change. You may reboot the system to test the setting so far.
sudo sysctl -p /etc/sysctl.conf
sudo reboot
STEP 5. Install Webmin and other packages for easier management
Add the Webmin repository to sources.list
sudo nano /etc/apt/sources.list
Ctrl-W then Ctrl-V to navigate to the end of the file to add the following
deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
add the Webmin GPG key to apt, so the source repository added will be trusted
wget http://www.webmin.com/jcameron-key.asc
sudo apt-key add filename.asc
Install Webmin
sudo apt-get update
sudo apt-get install webmin
Install other useful packages
sudo apt-get install bind9 perl dhcp3-server openssl htop iptables-persistent
STEP 6. Configure iptables
Install the Persistent Firewall Service
sudo apt-get update
sudo apt-get install iptables-persistent
Save currently running iptables configuration (survives reboot)
sudo service iptables-persistent save
Reload from existing (/etc/iptables/rules.v4)
sudo service iptables-persistent reload
Check for any syntax errors
sudo iptables-restore -t /etc/iptables/rules.v4
Reload your iptable immediately for 10 seconds for testing
sudo iptables-apply -t 10 your_rules_file
Manually save/backup your running iptable rules to another file
sudo iptables-save > firewall-rule
Restore from saved rules immediately
sudo iptables-restore < /my/firewall-rule
sudo iptables-restore /etc/iptables/rules.v4
To save your iptables setting to survive reboot
sudo invoke-rc.d iptables-persistent save
(saved at /etc/iptables/rules.v4)
STEP X. Troubleshooting
Check your default Gateway, DNS & DHCP server
ip route
route -n
cat /etc/resolv.conf
Check Currently running kernel version
uname -r
Find all network interfaces and enable them
ifconfig -a
sudo ifdown eth0 && sudo ifup eth0
sudo ifdown eth1 && sudo ifup eth1
Check and configure time correctly
cat /etc/timezone
timedatectl
date
Check hardware clock
sudo hwclock --show
System to hardware (set hwclock same as System clock)
sudo hwclock --systohc
Hardware clock to system clock (set System clock same as hwclock)
hwclock -hctosys
To check temperature (install lm-sensors)
sudo apt-get install lm-sensors
sudo sensors-detect
sudo service kmod start
watch -n 1 sensors
Check temperature of hdd
sudo apt-get install hddtemp
sudo hddtemp /dev/sdx