Setup Ubuntu Server as a Simple Router
These instructions are from start to finish to set up a simple router that serves out DHCP addresses on the internal network card. I spent a lot of time getting this figured out, as I am not an expert at networking (yet--I will begin working on my CCNA after I finish studying for my A+). If you already have a working installation of Ubuntu Server you may skip the first section if you'd like.
As some background on exactly what I'm trying to accomplish here: I built this for work, so your setup may vary. Our setup includes many school sites that are physically separated from each other, but are connected via 100Mb fiber from a service provider back to our Technology Office, which has a Cisco 1841 that already contains all the routes setup to the site routers, which all are setup to serve out DHCP on their own subnet. The reason I was looking into this is to have a cheap, but reliable, replacement for our 15-year-old Compaq servers running Netware 6.5 that are acting as routers. Because of their poor processing speed the Compaq servers are slowing down access from the sites to the rest of the network, and replacing them is definitely a good idea. We are not going to be using the Ubuntu Server that I am describing here; however, I did test it out at a site and it did work well.
Ok, so after logging in we got a quick summary of what the system is up to....check out if it says any packages can be updated....we're going to update the system now anyway so let's get rolling. Type sudo apt-get update
to update the package lists that are available to ubuntu. It'll ask you to type your password. When it's done scrolling through, type:
sudo apt-get upgrade
If it tells you that some have been 'kept back' don't worry about those, we'll take care of that next. For now, hit 'y' and enter if you want to continue the upgrade of the system. This might take a while. If you haven't finished off that bag of Doritos from before, now's the time to do so cause this may take a couple of minutes.
Ok, now that it's finished, let's go ahead and upgrade our distribution:
sudo apt-get dist-upgrade
When that is done, run
sudo apt-get update
and then
sudo apt-get upgrade
just to be sure everything got caught. For grins, let's restart the computer:
sudo shutdown -r 0
3. If you really want to get comfy now, you can login using SSH by typing in the IP address of the server in your SSH client...of course, you may want to hold off on that because we're about to change some IPs here
4. Time to configure interfaces! Ok, so what we want to do here is go in and edit some configuration files. Before we do anything, though, it's a really good idea to make a backup of the config file (and before we do anything else too--I won't mention this every time, but make sure you make a backup before editing)
sudo cp /etc/network/interfaces /etc/network/interfaces.013111
Now we need to configure the interfaces with the proper IP addresses:
sudo nano /etc/network/interfaces
Change the primary network interface to look something like this:
# The primary network interface
auto eth0
iface eth0 inet static
address 172.25.15.10
netmask 255.255.255.0
gateway 172.25.15.1
Arrow down and add the following to the end of the file:
# Secondary network interface
auto eth1
iface eth1 inet static
address 10.10.0.1
netmask 255.255.0.0
gateway 10.10.0.1
What we're doing here is configuring the primary and secondary IP address for your system. I'm going to assume here we're using eth0 for the Charter side and eth1 for the internal. We'll be editing this later to add a static route. We may go back and forth some, but it's logical in my mind that we catch everything we need.
Write the file by choosing Ctrl+O and hit enter when it asks you what file to write out. Ctrl+x exits nano and gets you back to the commandline.
Restart networking just for grins to see what it gives you:
sudo /etc/init.d/networking restart
If you get errors that eth1 does not exist then your second network card is not recognized, come talk to me and we'll get it figured out.
Setup DHCP
1. Ok, now that we have the network interfaces figured out, let's go ahead and configure serving out DHCP on eth1. Run
sudo apt-get install dhcp3-server
and wait for the process to complete. Once it completes, it probably will say it failed starting the dhcp3-server. This is because you aren't serving out IP addresses on any NIC yet.
2. To do so, we need to edit another file:
sudo nano /etc/default/dhcp3-server
and add the interface (eth1) that you will be serving out DHCP on in between the quotation marks:
INTERFACES="eth1"
Write out the file with ctrl+O and exit with ctrl+X.
3. Now, we have to configure our dhcpd.conf file to reflect the DHCP range we want to take care of. So, make a backup of the file:
sudo cp /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.020411
and then we need to edit the file
sudo nano /etc/dhcp3/dhcpd.conf
Arrow down to just under the entry 'ddns-update-style none;' and hit alt+t which will cut the rest of the file out. Now, let's declare our subnet:
subnet 10.10.0.0 netmask 255.255.0.0 {
range 10.10.100.1 10.10.105.254;
option domain-name-servers 10.254.10.1, 10.254.10.2;
option domain-name "example.local";
option netbios-name-servers 10.254.10.11;
option routers 10.10.0.1;
option broadcast-address 10.10.255.255;
default-lease-time 600;
max-lease-time 7200;
}
ctrl+o to write out, ctrl+x to exit, and restart DHCP to see if it works ok:
sudo /etc/init.d/dhcp3-server restart
4. Ok, so we got all that taken care of. There should be no problems at this point in time with DHCP starting at boot. To verify, let's go ahead and restart the server:
sudo shutdown -r 0
Enable IP forwarding for routing
1. This step actually sets up Ubuntu as a router. Let's check to make sure IP forwarding isn't setup already (which it shouldn't be):
sysctl net.ipv4.ip_forward
If this returns a 0, then it hasn't been setup. All right, let's do it then.
2. Let's go straight to the configuration file to make the change permanent:
sudo nano /etc/sysctl.conf
3. Arrow down to the entry that has net.ipv4.ip_forward=1 and uncomment it (by deleting the # in front of it).
4. Write out using ctrl+o and then ctrl+x to exit.
5. Enable the changes by running:
sudo sysctl -p /etc/sysctl.conf
(this should return the value of one)
6.Annddd...just for grins let's go ahead and restart networking:
sudo /etc/init.d/networking restart
And we're done! That's all we have to do for this section.
Set up routing tables
1. This is the fun part... run:
netstat -rn
to check out the routing tables and see what's going on here. Do you spy a problem? Welll...we have two default (0.0.0.0) destinations, which won't work. So, we need to change this, and we need the change to persist across reboots.
2. Let's make a quick edit here again of our interfaces configuration file:
sudo nano /etc/network/interfaces
3. Add the following line to the end of the file after the secondary network interface:
up route delete -net default gw 10.10.0.1 dev eth1
4. Write out the file ctrl+o and exit with ctrl+x
5. Restart networking...
sudo /etc/init.d/networking restart
6. and let's check our routing table again:
netstat -rn
7. Everything should be groovy now! Let's restart the server and make sure we don't have any error messages again:
sudo shutdown -r 0
and we can check our interfaces with
ifconfig
when it comes back up, and check our routing table with
netstat -rn
And that’s pretty much it! You can go ahead and install the system in place of the Novell server and cross your fingers and hope everything works ok.....
As some background on exactly what I'm trying to accomplish here: I built this for work, so your setup may vary. Our setup includes many school sites that are physically separated from each other, but are connected via 100Mb fiber from a service provider back to our Technology Office, which has a Cisco 1841 that already contains all the routes setup to the site routers, which all are setup to serve out DHCP on their own subnet. The reason I was looking into this is to have a cheap, but reliable, replacement for our 15-year-old Compaq servers running Netware 6.5 that are acting as routers. Because of their poor processing speed the Compaq servers are slowing down access from the sites to the rest of the network, and replacing them is definitely a good idea. We are not going to be using the Ubuntu Server that I am describing here; however, I did test it out at a site and it did work well.
Prerequisites:
- Ubuntu Server CD (download and burn from ubuntu.com/server)
- Computer with two network cards installed to use as a router
- Have IP addresses and subnets planned out
- Some time and a little patience
Install Ubuntu Server
- Boot off of Ubuntu Server CD
- Choose English as language
- Select 'Install Ubuntu Server'
- Choose English for default language
- Choose United States for country
- Choose 'No' for detecting keyboard layout
- Choose USA for origin of keyboard
- Choose USA for Keyboard layout
- It will detect the hardware to find CD drive, then scan the CD for installation packages etc, then load the components it needs to run the install, and detect network cards.
- If you already have two network cards installed, then it will ask you which one you would like to use as the primary network interface. Stick with eth0 as the primary. The installer will automatically configure the card with DHCP
- Enter in the hostname here...for Monterey Road I put in MRGW (for Monterey Road Gateway). Try to get this right the first time, as it might be difficult to change later. I'm not sure, I've never done it, but it's definitely doable. Just a pain.
- It will then setup the clock, and should automatically detect your time zone. Choose 'Yes' if it is correct.
- Partitioning time! Ok, so now what we want to do here, is use the 'Guided - use entire disk and set up LVM' even though we won't use LVM, it just is nice to have in case in the future we do decide to do more with these.... make sure the correct entry is selected and press enter.
- It will ask you what disk you want to partition, in systems with only one disk this is easy. Obviously it will erase everything on the disk so make sure you really want to do this. Select the correct disk and press enter.
- Do you really want to make the changes? Press the left arrow to move over to 'Yes' then hit enter.
- it will ask you the size of the 'volume group'...just go with the defaults.
- The installer hasn't actually written any changes to the disks yet, so it now asks you if you really want to make a long-term commitment to the options you have previously selected. You may sleep on this if you wish, or, if you're daring like me, take a deep breath, press the left arrow over to 'Yes', close your eyes and hit enter. Count to 30, open your eyes, and the partitioner should be done. Boy that's stressful.
- So now it will go through and install the base system...you can just chill here for a while, grab a cold soda...maybe some Doritos...mmm....cooler ranch Doritos sound realllyyy good....or go play minesweeper or maybe even get some real work done here. Or, if you really want to be an overachiever, go ahead and plan out what IP address, subnet masks, DHCP range, etc you want to configure this server with. I know I did. But seriously, this does take a little while so you may want to take a quick break, walk around outside and grab some fresh air, cause you may be here a while practicing your commandline-kung-fu to complete the rest of this setup.....
- Okk....now that the base system is finished installing, it's time to select a username. Adhering to my principles of making life easy for everyone, I chose administrator as the full name of my user.
- Username for the account? Make life easy: administrator
- Time for a password! Because this is not going to be a 'critical' system per se (i.e. is not on the edge of our network and is only going to be routing and serving out DHCP) I wouldn't be too concerned about security, so choose a password that is easy to remember.
- Verify the password.
- It will probably warn you about using a weak password. Yeah, I know. hit the left arrow and choose 'Yes'.
- We do not want to encrypt our home directory. Choose no and move on.
- The installer is going to run through some update stuff and grab some packages...and ask you to choose a proxy. We don't have a proxy, so just hit enter through this (blank is no proxy).
- I haven't messed around with the automatic update feature...figure it's probably best just to leave it be. I chose 'no automatic updates'
- It's gonna grab some software...and this is where it gets fun. Software selection...because we're only wanting to do two things with this computer (routing and DHCP) the only thing we want to select here is OpenSSH server. Down arrow to it, press space to select (notice the star in the brackets now? Yeah, pretty cool), and hit enter to continue. What OpenSSH does is installs and configures the OpenSSH server so we can log into this machine remotely (kinda like the Adrem Console, except so much better and free). Of course, in order to do this I use Putty (google it...) but there are plenty of ways to connect to an SSH server...so pick your poison.
- Ok, so more configuring and updating the system...woohoo. Finish off that bag of doritos, grab another soda (woooo sugar rush! haha) and chill. If you want to really challenge yourself, try watching the package names as they're configured and installed...see if there are any that you recognize. You'll be using some of them later :)
- Now it's going to install GRUB boot loader. It will probably ask you if you want to install GRUB to the master boot record of the hard drive....choose 'Yes', because we're not building a dual-boot system here or anything fun like that.
- Now the installer will finish the installation, and eject the CD. Go ahead and remove the CD, and choose 'continue' to reboot into your new server installation.
Configuring the system
- Ok. So the system should've booted back into linux and you'll have a prompt open that says something like 'Ubuntu 10.04.1 LTS MRGW tty1' which indicates the operating system, the hostname (MRGW) and the console you're currently looking at. Below that is the hostname login:...type the user you configured earlier (administrator) hit enter, and the password and hit enter. Your password won't show up as stars or anything fancy...linux just doesn't show anything for security reasons. That's how linux rolls.
Ok, so after logging in we got a quick summary of what the system is up to....check out if it says any packages can be updated....we're going to update the system now anyway so let's get rolling. Type sudo apt-get update
to update the package lists that are available to ubuntu. It'll ask you to type your password. When it's done scrolling through, type:
sudo apt-get upgrade
If it tells you that some have been 'kept back' don't worry about those, we'll take care of that next. For now, hit 'y' and enter if you want to continue the upgrade of the system. This might take a while. If you haven't finished off that bag of Doritos from before, now's the time to do so cause this may take a couple of minutes.
Ok, now that it's finished, let's go ahead and upgrade our distribution:
sudo apt-get dist-upgrade
When that is done, run
sudo apt-get update
and then
sudo apt-get upgrade
just to be sure everything got caught. For grins, let's restart the computer:
sudo shutdown -r 0
3. If you really want to get comfy now, you can login using SSH by typing in the IP address of the server in your SSH client...of course, you may want to hold off on that because we're about to change some IPs here
4. Time to configure interfaces! Ok, so what we want to do here is go in and edit some configuration files. Before we do anything, though, it's a really good idea to make a backup of the config file (and before we do anything else too--I won't mention this every time, but make sure you make a backup before editing)
sudo cp /etc/network/interfaces /etc/network/interfaces.013111
Now we need to configure the interfaces with the proper IP addresses:
sudo nano /etc/network/interfaces
Change the primary network interface to look something like this:
# The primary network interface
auto eth0
iface eth0 inet static
address 172.25.15.10
netmask 255.255.255.0
gateway 172.25.15.1
Arrow down and add the following to the end of the file:
# Secondary network interface
auto eth1
iface eth1 inet static
address 10.10.0.1
netmask 255.255.0.0
gateway 10.10.0.1
What we're doing here is configuring the primary and secondary IP address for your system. I'm going to assume here we're using eth0 for the Charter side and eth1 for the internal. We'll be editing this later to add a static route. We may go back and forth some, but it's logical in my mind that we catch everything we need.
Write the file by choosing Ctrl+O and hit enter when it asks you what file to write out. Ctrl+x exits nano and gets you back to the commandline.
Restart networking just for grins to see what it gives you:
sudo /etc/init.d/networking restart
If you get errors that eth1 does not exist then your second network card is not recognized, come talk to me and we'll get it figured out.
Setup DHCP
1. Ok, now that we have the network interfaces figured out, let's go ahead and configure serving out DHCP on eth1. Run
sudo apt-get install dhcp3-server
and wait for the process to complete. Once it completes, it probably will say it failed starting the dhcp3-server. This is because you aren't serving out IP addresses on any NIC yet.
2. To do so, we need to edit another file:
sudo nano /etc/default/dhcp3-server
and add the interface (eth1) that you will be serving out DHCP on in between the quotation marks:
INTERFACES="eth1"
Write out the file with ctrl+O and exit with ctrl+X.
3. Now, we have to configure our dhcpd.conf file to reflect the DHCP range we want to take care of. So, make a backup of the file:
sudo cp /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.020411
and then we need to edit the file
sudo nano /etc/dhcp3/dhcpd.conf
Arrow down to just under the entry 'ddns-update-style none;' and hit alt+t which will cut the rest of the file out. Now, let's declare our subnet:
subnet 10.10.0.0 netmask 255.255.0.0 {
range 10.10.100.1 10.10.105.254;
option domain-name-servers 10.254.10.1, 10.254.10.2;
option domain-name "example.local";
option netbios-name-servers 10.254.10.11;
option routers 10.10.0.1;
option broadcast-address 10.10.255.255;
default-lease-time 600;
max-lease-time 7200;
}
ctrl+o to write out, ctrl+x to exit, and restart DHCP to see if it works ok:
sudo /etc/init.d/dhcp3-server restart
4. Ok, so we got all that taken care of. There should be no problems at this point in time with DHCP starting at boot. To verify, let's go ahead and restart the server:
sudo shutdown -r 0
Enable IP forwarding for routing
1. This step actually sets up Ubuntu as a router. Let's check to make sure IP forwarding isn't setup already (which it shouldn't be):
sysctl net.ipv4.ip_forward
If this returns a 0, then it hasn't been setup. All right, let's do it then.
2. Let's go straight to the configuration file to make the change permanent:
sudo nano /etc/sysctl.conf
3. Arrow down to the entry that has net.ipv4.ip_forward=1 and uncomment it (by deleting the # in front of it).
4. Write out using ctrl+o and then ctrl+x to exit.
5. Enable the changes by running:
sudo sysctl -p /etc/sysctl.conf
(this should return the value of one)
6.Annddd...just for grins let's go ahead and restart networking:
sudo /etc/init.d/networking restart
And we're done! That's all we have to do for this section.
Set up routing tables
1. This is the fun part... run:
netstat -rn
to check out the routing tables and see what's going on here. Do you spy a problem? Welll...we have two default (0.0.0.0) destinations, which won't work. So, we need to change this, and we need the change to persist across reboots.
2. Let's make a quick edit here again of our interfaces configuration file:
sudo nano /etc/network/interfaces
3. Add the following line to the end of the file after the secondary network interface:
up route delete -net default gw 10.10.0.1 dev eth1
4. Write out the file ctrl+o and exit with ctrl+x
5. Restart networking...
sudo /etc/init.d/networking restart
6. and let's check our routing table again:
netstat -rn
7. Everything should be groovy now! Let's restart the server and make sure we don't have any error messages again:
sudo shutdown -r 0
and we can check our interfaces with
ifconfig
when it comes back up, and check our routing table with
netstat -rn
And that’s pretty much it! You can go ahead and install the system in place of the Novell server and cross your fingers and hope everything works ok.....
Thanks buddy. It has helped a log
ReplyDeletehave you managed to make any loadbalance on the ubuntu server? i have 2 dsl connections that i do need to make use of them and failover as well.
ReplyDeleteHi John,
ReplyDeleteNo, I haven't tried any load balancing of any type with Ubuntu Server...it does sound like quite the interesting idea though. We ended up purchasing some used Cisco routers instead of using these Ubuntu boxes for routing--it was pretty cheap and exactly fit our needs at the time.
Thank you for this effective article
ReplyDeletegood job on this; but it looks like the primary and secondary interfaces are both assigned to eth1 in this article.
ReplyDeleteSure enough! Thanks for pointing that out, I'll get that fixed.
ReplyDeleteGreat! However my ISP is a secure Wireless connection without any Router!! This worked great for the initial install. Can this be changed to work wireless?
ReplyDeleteI use a secure wireless ISP, No Router!! Can you help make that work? Joe
ReplyDeleteHey Joe, what you would probably do in step 4 under "Configuring the System" is find which network interface has wlan0 (I think that'll be the wireless adapter in your server) and modify that one to be your 'external' IP address facing your wireless ISP. Depending on how your setup is, you may not be able to actually set a static IP address on that interface.
ReplyDelete