First Cup of Ubuntu
I've been having a fight with iptables and trying to get a computer setup as a router. How would you go about enteringbthe following rules through UFW rather than teying to use iptables directly?
iptables -A FORWARD -i eno1 -o wlp6s0 -j ACCEPT
iptables -A FORWARD -i wlp6s0 -o eno1 -m state --state RELATED,ESTABLISHED -j
ACCEPT
iptables -t nat -A POSTROUTING -o wlp6s0 -j MASQUERADE
<--- Run xman to see that window.
I wouldn't.
UFW creates IPtables commands and saves them into the /etc/ufw/rules* files. You can manually add them there in the correct section and they will work.
UFW isn't full featured like iptables is. There are some things the interface just isn't meant to handle. We are expected to use iptables or nftables to accomplish the more complex things.
NFT is the default in 22.04 and later, I think.
First Cup of Ubuntu
Ok. The backup plan was to completely disable ufw. Looks like I need to read up on NFT.
This is acting as dhcp server, dns server, and gateway from one adaptor on the LAN and another on the WAN.
eat, ride, sleep, repeat
have a look here for a starting point:https://access.redhat.com/documentat...ing-networkingOriginally Posted by wesbrooks
The DHCP server isn't a router and can't "direct" traffic to your router. You assign the ip address of your router to the DHCP clients via DHCP but the DHCP server itself has no hand in routing traffic.
Good Luck
Last edited by 1fallen; February 19th, 2024 at 08:47 PM. Reason: spelling
With realization of one's own potential and self-confidence in one's ability, one can build a better world.
Dalai Lama>>
Code Tags | System-info | Forum Guide lines | Arch Linux, Debian Unstable, FreeBSD
Ubuntu Member
Yes, but the DHCP server can be on the same box as implements the router.
My main server box is a router/DHCP server/DNS server (internal only)/gateway to/from internet. I use iptables, as I haven't yet converted to NFT. Even though the default is now NFT, the system can still be configured to use iptables.
Any follow-up information on your issue would be appreciated. Please have the courtesy to report back.
First Cup of Ubuntu
Yup, spot on. This is a former desktop machine with one wifi, two ethernet, and two SFP+ ports connecting to a salvaged Dell Powerconnect 5524 in a small office. I originally used it to connect to the wifi hotspot from my phone and serve that connection to both wired and wireless clients (via wifi router in access mode).
As this is now running behind a comercial 5G modem I'm not hugely concerned about security, but I am doing my best to work to good practice as a slow learning exercise.
Regards iptables I was having a heck of a job trying to clear up persistent saving and hitting permission denied errors on many occations when trying to save to the rules.v4 file.
I'll update with more detail later.
<--- Run xman to see that window.
Do you understand UNIX permissions? Nothing odd there, but on a router it is absolutely critical that those are understood. On ubuntu (and most UNIX-like OSes), use sudoedit to modify system files. That's the safe way.
While we can make our own router, there are many details that I fear I'd get wrong, so I use a distro specifically for routing called OPNSense. It runs on x86-64 hardware and is continuously patched. It isn't Linux-based. The way that the pf firewall works is different from how Linux does it. Completely different architecture. https://opnsense.org/ It is a fork of pfSense.
Posting Permissions
Adv Reply
Bookmarks