ubuntu router
 

I have followed this tutorial to the T, I am able to ping the internet with the router and ping the clients with the router. The clients get an IP address from the router (dhcp3) and the gateway shows 192.168.0.201 and netmask of 255.255.255.0 (eth1 - the internal nic on the router) but the clients can't ping the router (192.168.0.201) nor the internet (eth0). I know this has something to do with routing or IPTABLES, but i am completely new to this and any help is appreciated.

Also here is what route -n shows:
NOTE: what is with the 169.254.0.0 address???
and shouldn't i see 192.168.0.201 as a gateway???

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 1 0 0 eth1
68.13.40.0 0.0.0.0 255.255.248.0 U 1 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
0.0.0.0 68.13.40.1 0.0.0.0 UG 0 0 0 eth0

TUTORIAL STARTS HERE:
How to make Ubuntu/Debian as a router

Here is your Ubuntu serve box with two interfaces,

eth0-------------Internet (set up with dhcp)
eth1-------------Internal

Note: Your Internet is running using eth0.

Step1: Install DHCP Server

#apt-get install dhcp3-server

Step 2: Configure the DHCP server

Edit the /etc/dhcp3/dhcpd.conf file and add your domain, ip range and other options.
NOTE: these are the only things i changed:

option domain-name "host name of my router";
#
# Internal network
#
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.200;
option broadcast-address 192.168.0.255;
option routers 192.168.0.201;
default-lease-time 600;
max-lease-time 7200;
}

Edit the /etc/default/dhcp3-server

INTERFACES= “eth1”

Step 3: Configure the Internal interface (eth1) with static IP.

Edit the /etc/network/interfaces file and add following

iface eth1 inet static
address 192.168.0.201
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.201

Step 4: Restart network and verify the eth1 interface's IP.

#/etc/init.d/network restart

check ip by ifconfig eth1, it will have 192.168.0.201 ip, if not please restart the interface/network service, you can also restart your machine if it is not in production environment.

Step 5: Restart the DHCP server.

#/etc/init.d/dhcp3-server restart

If everything is ok, it should run successfully,
Note: If your interface does not have any IP it might give error and does not restart, first configure your internal interface.

Step 6: Test the DHCP server.

connect the cable on interface eth1 and other side to your switch and connect your second pc, you will get the IP from 192.168.0.xxx range.

Open the syslog messeges with

#tail -f /var/log/syslog

of your debian box, it will also notify with leased ip and detail of requested machine.

Step 7: Enable forwarding

# echo 1 > /proc/sys/net/ipv4/ip_forward

open the file manually and uncomment

# nano /etc/sysctl.conf
net.ipv4.ip_forward = 1

Step 8: Add IPTABLES rule for NAT

Type following at command line

#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Step 9: Final Testing

Your second Pc attached to LAN have internal ip, ping to a web address and you should get a reply!

what does ifconfig eth1 look like, maybe your router box isn't at 192.168.0.201

169.254.0.0 - 169.254.255.255 are Automatic Private IP Addressing (APIPA) addresses. It is a method to assign an IP address when there is no DHCP server or if it fails. This is normal.

The gateway of the router is automatically assigned by your ISP's DHCP server and should not be a local LAN address. Looks good to me.

Look at your router's iptables rules. Do they allow incoming connections on eth1? You can use a firewall configuration tool like shorewall which makes things a bit easier.

All the tutorial you posted does is setup eth1 to supply DHCP to the lan, it doesn't cover how you setup eth0 to connect the internet.

As the metric on the 2nd route is 1000 (meaning this is a last ditch attempt to connect and as its a private IP it'll always fail), I would say it was likely added automatically and can be deleted if you wish. I figure this out as you have 2 routes for eth0.

is how to delete it from memory however I'm sure someone will correctly if I'm wrong about that.

Basically, dont worry about it :) You can find the configuration which is adding that IP and delete it if you wish, but its not going to interfere with anything your doing.

Thanks for the reply, what rule would i apply to allow incoming connections on eth1? Also, how would I go about making sure that eth1 has a route to the internet through eth0? - Sorry, I'm very new to iptables. I have used tools like shorewall, but i'm am determined to learn iptables... I have been reading quite a bit, but still a little unsure.

I have eth0 set up to get the dynamic ip of from my isp using dhcp. The server can reach the internet, but eth1 cannot. Any specific route i need to add to allow this, or is this all done with ip tables?

Thanks for your help!

Does your "client" get an IP? If the DHCP server isn't working correctly then it wont pick one up and that would explain why it can't connect to the internet

will show if its got an IP, come up etc *paste the output here if your unsure of whats happening*

If it has, then you need to check step 7 again, make sure you've setup IPTables, and enabled forwarding in your kernel:

clients are windows machines...they ARE getting an IP address from dhcp. I can ping the internet from my router, and i can ping the clients from my router, but i can't ping the internet OR the router from my clients.

I have made sure of the forwarding and iptable rule... getting frustrated :( Is there anything else that is needed to add to iptables to get this to work?

post your iptable rules (iptables -L)
Post the output of the ipconfig command from the windows PCs.