![\"\"](\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2020\/09\/image-99.png\")
<\/figure>\nWhat is necessary:<\/p>\n
- \n
- Wifi already set up with the Internet.<\/li>\n
- Laptop or Raspberry Pi with Wireless Card<\/li>\n
- Linux Operating System (Ubuntu or Raspbian)<\/li>\n
- Ethernet Cable<\/li>\n
- The device you want to connect (TV, Computer, Printer, etc.)<\/li>\n<\/ul>\n
What will be configured:<\/p>\n
- \n
- Configure the NIC (network adapter)<\/li>\n
- Install DHCP Server (auto-assign IPs) [learn more<\/a> – CertBros]<\/li>\n
- Configure NAT (routing) [learn more<\/a> – CertBros]<\/li>\n
- Install DNS Server (optional) [learn more<\/a> – Techquickie]<\/li>\n<\/ul>\n
Configuring the NIC<\/strong><\/p>\n
ip a<\/pre>\n
1: lo: <\/strong><omitted unnecessary text><\/em>
\ninet 127.0.0.1\/8 scope host lo
\n <omitted unnecessary text><\/em>
\n 2: eth0: <\/strong><omitted unnecessary text><\/em>
\ninet 172.16.1.1\/24<\/strong> brd 172.16.1.255 scope global noprefixroute eth0
\n<omitted unnecessary text><\/em>
\n 3: wlan0:<\/strong> <omitted unnecessary text>
\ninet 192.168.2.40\/24<\/strong> brd 192.168.2.255 scope global dynamic<\/strong> noprefixroute wlan0
\n<omitted unnecessary text><\/em><\/p>\n1: lo: <\/strong>It is the loopback interface. Just ignore this virtual interface.<\/p>\n
2: eth0: <\/strong>This is the Ethernet adapter that will be connected to the TV, Computer, Printer…<\/p>\n
3: wlan0:<\/strong> This is the Wireless adapter that has to be connected to your Wifi and have Internet connection working.<\/p>\n
Note: The names of the interfaces may vary, in my case eth0 (LAN)<\/strong> and wlan0 (WAN)<\/strong>.<\/p>\n
In my example, my eth0 is already manually configured<\/strong>.<\/p>\n
On Ubuntu, configure the eth0 using the graphical interface according to the configuration below:<\/p>\n
![\"\"](\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2020\/09\/image-4.png\")
<\/figure>\nOn Raspbian, configure the eth0 using the terminal to edit the file \/etc\/dhcpcd.conf, and paste the following code inside. Go to Terminal and issue:<\/p>\n
sudo nano \/etc\/dhcpcd.conf<\/pre>\n
Add this code at the end of the file.<\/p>\n
interface eth0\r\nstatic ip_address=172.16.1.1\/24\r\nnogateway<\/pre>\n
Restart the computer after changing the configuration.<\/p>\n
Pay attention to the IPs in the new scenario:<\/p>\n
![\"\"](\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2020\/09\/image-7.png\")
<\/figure>\nNo matter if you are doing the Laptop + TV situation or Raspberry Pi + PC or both, what you have to pay attention to is the color of the IPs. All the Orange IPs are in the same subnet and the Blue and the Green are other subnets.<\/p>\n
The TV and the PC have to have an IP to communicate in the subnet, so or you manually configure each of them, or you dynamically configure any device that connectors the new networks.<\/p>\n
Installing DHCP Server<\/strong><\/p>\n
sudo apt-get update\r\nsudo apt-get install isc-dhcp-server -y\r\nsudo nano \/etc\/default\/isc-dhcp-server<\/pre>\n
Inform the network adapter that the DHCP will work (LAN):<\/p>\n
INTERFACESv4=\"eth0<\/strong>\"<\/pre>\n
Edit the configuration file:<\/p>\n
sudo nano \/etc\/dhcp\/dhcpd.conf<\/pre>\n
Clean the file content and add this code:<\/p>\n
default-lease-time 600;\r\nmax-lease-time 7200;\r\noption subnet-mask 255.255.255.0;\r\noption broadcast-address 172.16.1.255;\r\noption routers 172.16.1.1;\r\noption domain-name-servers 8.8.8.8, 8.8.4.4;\r\noption domain-name \"host.local\";\r\nsubnet 172.16.1.0 netmask 255.255.255.0 {\r\nrange 172.16.1.10 172.16.1.100;\r\n}<\/pre>\nIssue the commands:<\/p>\n
sudo systemctl restart isc-dhcp-server\r\nsudo systemctl enable isc-dhcp-server\r\nsudo systemctl status isc-dhcp-server<\/pre>\n
The second command may fail in Raspbian, but don’t worry! Keep moving…<\/p>\n
Check if the service is ACTIVE in green:<\/p>\n
![\"\"](\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2020\/09\/image-8.png\")
<\/figure>\nThis is the new scenario, the devices can get IP configuration automatically:<\/p>\n
![\"\"](\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2020\/09\/image-9.png\")
<\/figure>\nAll this configuration is customizable, take the change and make modifications and make how it works. In the example above intentionally the IPs of the Laptop and the Raspberry Pi are the same, but they are in physically different networks. Same for the TV and PC, they may get the first available IP from the DHCP Server, which is the same in both. Check if the devices got the IP correctly.<\/p>\n
Configuring NAT (for Ubuntu):<\/strong><\/p>\n
sudo ufw enable\r\nsudo nano \/etc\/ufw\/sysctl.conf<\/pre>\n
Uncomment this configuration or add if you do not find it:<\/p>\n
net\/ipv4\/ip_forward=1<\/pre>\n
Do the same for \/etc\/sysctl.conf<\/strong>.<\/p>\n
Edit the startup script:<\/p>\n
sudo nano \/etc\/rc.local<\/pre>\n
Copy and paste this content to the file:<\/p>\n
#!\/bin\/bash\r\niptables -P INPUT DROP\r\niptables -P FORWARD DROP\r\niptables -A INPUT -i lo -j ACCEPT\r\niptables -A INPUT -i eth0 -j ACCEPT\r\niptables -A INPUT -i wlan0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\r\niptables -t nat -A PREROUTING -p tcp -d 192.168.2.40<\/strong>\u00a0--dport 80<\/strong> -j DNAT --to-destination 172.16.1.10<\/strong>:80<\/strong><\/em>\r\niptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT\r\niptables -A FORWARD -i wlan0 -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\r\niptables -t nat -A POSTROUTING -j MASQUERADE\r\nexit 0<\/pre>\n
Note: there is one line in the middle of this code that is the template in case you want to do a Static NAT, known as Port Forwarding. The IP 192.168.2.40<\/strong> shall be replaced by the public IP, and the IP 172.16.1.10<\/strong> shall be replaced by the private IP, a Webserver in this case (port 80<\/strong>). If you are not using Port Forwarding simply delete this line, or not!<\/em> See the illustration below:<\/p>\n
![\"\"](\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2020\/09\/image-9_.png\")
<\/p>\nChange the permission of the file to make it executable:<\/p>\n
sudo chmod 755 \/etc\/rc.local<\/pre>\n
Configuring NAT (for Raspbian):<\/strong><\/p>\n
sudo nano \/etc\/rc.local<\/pre>\n
Add this code at the end of the file, right before<\/strong> the last line: exit 0<\/strong><\/p>\n
iptables -A INPUT -i lo -j ACCEPT\r\niptables -A INPUT -i eth0 -j ACCEPT\r\niptables -A INPUT -i wlan0 -m conntrack \\\r\n--ctstate ESTABLISHED,RELATED -j ACCEPT\r\niptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT\r\niptables -A FORWARD -i wlan0 -o eth0 -m conntrack \\\r\n--ctstate ESTABLISHED,RELATED -j ACCEPT\r\niptables -t nat -A POSTROUTING -j MASQUERADE\r\nsystemctl start isc-dhcp-server<\/pre>\n
Restart Ubuntu\/Raspbian<\/strong> to take effect and test if the TV and\/or PC have internet<\/strong>!<\/p>\n
Installing DNS Server (optional)<\/strong><\/p>\n
Taking a look at the preview configuration, the DHCP Server auto-configure the devices (TV, PC, Printer…) to the Google Public DNS Server (no contraindication). Another alternative would be using the Wireless router DNS Server, in my case 192.168.2.1.<\/p>\n
Here is how to create your own Private DNS Server and have full control of it. Black-list or white-list can be applied as Parental Control or Business Policy or any other application you want to perform to your network.<\/p>\n
sudo apt install bind9 -y\r\nsudo nano \/etc\/bind\/named.conf.options<\/pre>\n
Replace the whole content of the file with the code below:<\/p>\n
options{\r\ndirectory \"\/var\/cache\/bind\";\r\nrecursion yes;\r\nforwarders {\r\n8.8.8.8;\r\n8.8.4.4;\r\n};\r\nforward only;\r\n};<\/pre>\nNote: the DNS Server works forwarding the requests that it does not know, after the first time it keeps the information in ‘cache’ for the next time, increasing the performance of the internet<\/p>\n
Remember to restart DNS and DHCP Servers:<\/p>\n
sudo systemctl restart bind9\r\nsudo systemctl restart isc-dhcp-server.service<\/pre>\n
Now, restart all the devices, so they will request a new configuration from the DHCP Server and start using the local DNS Server in your gateway.<\/p>\n
It is all set up and running!<\/strong><\/p>\n
To reserve an IP for a specific device append the following lines to the file \/etc\/dhcp\/dhcpd.conf<\/strong>:<\/p>\n
host mytv {\r\nhardware ethernet A4:BA:DB:14:BD:4F;\r\nfixed-address 192.168.110.10;\r\n}<\/pre>\n
\nBONUS<\/strong><\/p>\n
For port forwarding in the same network or single network interface:<\/p>\n
#!\/bin\/bash\r\niptables -P INPUT DROP\r\niptables -P FORWARD DROP\r\niptables -A INPUT -i lo -j ACCEPT\r\niptables -A INPUT -i eth0<\/strong> -j ACCEPT\r\niptables -t nat -A PREROUTING -p tcp -d 192.168.1.5<\/strong><\/span> --dport 443<\/strong><\/span> -j DNAT --to-destination 192.168.1.50<\/span><\/strong>:443<\/span><\/strong>\r\niptables -A FORWARD -s 192.168.1.0<\/strong><\/span>\/24<\/strong> -j ACCEPT\r\niptables -t nat -A POSTROUTING -j MASQUERADE\r\nexit 0<\/pre>\nOr use nftables<\/strong> to manage the iptable<\/strong> rules:<\/p>\n
sudo ufw disable\r\nsudo systemctl disable ufw\r\nsudo apt install nftables -y\r\nsudo systemctl enable nftables\r\nsudo sed -i 's\/#net.ipv4.ip_forward=1\/net.ipv4.ip_forward=1\/g' \/etc\/sysctl.conf\r\nsudo sysctl -p\r\nsudo nft list ruleset\r\nsudo nft flush ruleset\r\nsudo nft list ruleset\r\nsudo nft flush ruleset\r\nsudo nft add table nat\r\nsudo nft 'add chain nat postrouting { type nat hook postrouting priority 100 ; }'\r\nsudo nft 'add chain nat prerouting { type nat hook prerouting priority -100; }'\r\nsudo nft 'add rule nat prerouting ip daddr 192.168.1.5<\/strong><\/span> tcp dport { 21<\/strong><\/span> } dnat 192.168.1.50<\/span><\/strong>:21<\/strong><\/span>'\r\nsudo nft 'add rule nat prerouting ip daddr 192.168.1.5<\/strong><\/span> tcp dport { 60000-65000<\/span><\/strong> } dnat 192.168.1.50<\/span><\/strong>:60000-65000<\/strong><\/span>'\r\nsudo nft add rule nat postrouting masquerade\r\nsudo nft list ruleset | sudo tee \/etc\/nftables.conf<\/pre>\nTo manage the rules use the following commands:<\/p>\n
sudo nft -a list table nat\r\nsudo nft delete rule nat prerouting handle 7<\/pre>\n
How to do NAT with nftables<\/strong>:<\/p>\n
sudo nano \/etc\/sysctl.conf<\/pre>\n
net.ipv4.ip_forward = 1<\/pre>\n
sudo nano \/etc\/nftables.conf<\/pre>\n
table inet nat {\r\n chain prerouting {\r\n type nat hook prerouting priority -100; policy accept;\r\n }\r\n chain postrouting {\r\n type nat hook postrouting priority 100; policy accept;\r\n oifname \"eth0\" masquerade\r\n }\r\n}\r\ntable inet filter {\r\n chain forward {\r\n type filter hook forward priority 0; policy drop;\r\n iifname \"eth1\" oifname \"eth0\" accept\r\n ct state established,related accept\r\n }\r\n}<\/pre>\nsudo sysctl -p\r\nsudo nft -f \/etc\/nftables.conf<\/pre>\n","protected":false},"excerpt":{"rendered":"This post will show how to share the Internet between two network adapters on Ubuntu […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,6],"tags":[],"class_list":["post-191","post","type-post","status-publish","format-standard","hentry","category-linux","category-raspberry-pi"],"_links":{"self":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=191"}],"version-history":[{"count":18,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/191\/revisions"}],"predecessor-version":[{"id":4414,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/191\/revisions\/4414"}],"wp:attachment":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Configure NAT (routing) [learn more<\/a> – CertBros]<\/li>\n