Build a DHCP and NAT router on Ubuntu 16.04

Normally, fixed IP operation of wired LAN is used, but wireless LAN will be introduced in some conference rooms. Since it seemed difficult for the user to change the NIC settings each time, we built an environment so that it can be paid out by DHCP only when using wireless, so it is described below.

Premise

  1. I don't want to change the settings of the existing router.
  2. I want to issue an IP by DHCP only to a PC connected wirelessly.
  3. I don't want to spend as much as possible (most important).

environment

  1. Wireless AP (Cisco WAP150)
  2. Buffalo external LAN adapter
  3. Notebook PC (reuse PC to be discarded)
Ubuntu 16.04 LTS
memory 4GB
HDD 320GB
CPU Core i5

Constitution

  1. The wireless segment (192.168.100.0/24) has a one-to-one NAT to the base A segment (192.168.2.0/24).

無線.PNG

DHCP server installation

$ sudo apt-get install isc-dhcp-server

↓ Specify the IP range to be paid out

$ cat /etc/dhcp/dhcpd.conf

ddns-update-style none;

option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600;
max-lease-time 7200;
log-facility local7;

shared-network 224-29 {
  subnet 192.168.100.0 netmask 255.255.255.0 {
    range dynamic-bootp 192.168.100.10 192.168.100.29;
    option routers 192.168.100.1;
    option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.100.255;
    option domain-name "test";
    option domain-name-servers 192.168.2.1;
    default-lease-time 6000;
    max-lease-time 72000;
  }
}

NAT, routing

NAT and routing disappear after rebooting, so Edit interfaces so that NAT is added when the interface (192.168.2.250) on the OUTSIDE side is UP.

$ sudo cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

auto enx58278cbe7441
iface enx58278cbe7441 inet static
  address 192.168.2.250
  netmask 255.255.255.0
  broadcast 192.168.2.255
  dns-nameservers 192.168.2.1
  pre-up /etc/init.d/isc-dhcp-server stop
  post-up /etc/init.d/isc-dhcp-server start
  post-up route add -net 192.168.0.0/16 gw 192.168.2.1
  post-up route add default gw 192.168.2.1 metric 10000
  post-up route del -net 192.168.2.0/24
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.10 -j DNAT --to-destination 192.168.100.10
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.11 -j DNAT --to-destination 192.168.100.11
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.12 -j DNAT --to-destination 192.168.100.12
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.13 -j DNAT --to-destination 192.168.100.13
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.14 -j DNAT --to-destination 192.168.100.14
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.15 -j DNAT --to-destination 192.168.100.15
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.16 -j DNAT --to-destination 192.168.100.16
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.17 -j DNAT --to-destination 192.168.100.17
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.18 -j DNAT --to-destination 192.168.100.18
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.19 -j DNAT --to-destination 192.168.100.19
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.20 -j DNAT --to-destination 192.168.100.20
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.21 -j DNAT --to-destination 192.168.100.21
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.22 -j DNAT --to-destination 192.168.100.22
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.23 -j DNAT --to-destination 192.168.100.23
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.24 -j DNAT --to-destination 192.168.100.24
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.25 -j DNAT --to-destination 192.168.100.25
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.26 -j DNAT --to-destination 192.168.100.26
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.27 -j DNAT --to-destination 192.168.100.27
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.28 -j DNAT --to-destination 192.168.100.28
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.29 -j DNAT --to-destination 192.168.100.29
  post-up /sbin/iptables -t nat -A PREROUTING -d 192.168.2.200 -j DNAT --to-destination 192.168.100.250
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.10 -j SNAT --to-source 192.168.2.10
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.11 -j SNAT --to-source 192.168.2.11
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.12 -j SNAT --to-source 192.168.2.12
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.13 -j SNAT --to-source 192.168.2.13
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.14 -j SNAT --to-source 192.168.2.14
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.15 -j SNAT --to-source 192.168.2.15
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.16 -j SNAT --to-source 192.168.2.16
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.17 -j SNAT --to-source 192.168.2.17
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.18 -j SNAT --to-source 192.168.2.18
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.19 -j SNAT --to-source 192.168.2.19
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.20 -j SNAT --to-source 192.168.2.20
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.21 -j SNAT --to-source 192.168.2.21
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.22 -j SNAT --to-source 192.168.2.22
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.23 -j SNAT --to-source 192.168.2.23
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.24 -j SNAT --to-source 192.168.2.24
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.25 -j SNAT --to-source 192.168.2.25
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.26 -j SNAT --to-source 192.168.2.26
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.27 -j SNAT --to-source 192.168.2.27
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.28 -j SNAT --to-source 192.168.2.28
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.29 -j SNAT --to-source 192.168.2.29
  post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.100.250 -j SNAT --to-source 192.168.2.200

iface enx58278cbe7441 inet static
  address 192.168.2.11
  netmask 255.255.255.0

iface enx58278cbe7441 inet static
  address 192.168.2.12
  netmask 255.255.255.0

iface enx58278cbe7441 inet static
  address 192.168.2.13
  netmask 255.255.255.0

iface enx58278cbe7441 inet static
  address 192.168.2.14
  netmask 255.255.255.0

iface enx58278cbe7441 inet static
  address 192.168.2.15
  netmask 255.255.255.0

iface enx58278cbe7441 inet static
  address 192.168.2.16
  netmask 255.255.255.0

iface enx58278cbe7441 inet static
  address 192.168.2.17
  netmask 255.255.255.0

iface enx58278cbe7441 inet static
  address 192.168.2.18
  netmask 255.255.255.0

iface enx58278cbe7441 inet static
  address 192.168.2.19
  netmask 255.255.255.0

iface enx58278cbe7441 inet static
  address 192.168.2.20
  netmask 255.255.255.0

iface enx58278cbe7441 inet static
  address 192.168.2.21
  netmask 255.255.255.0

iface enx58278cbe7441 inet static
  address 192.168.2.22
  netmask 255.255.255.0

iface enx58278cbe7441 inet static
  address 192.168.2.23
  netmask 255.255.255.0

iface enx58278cbe7441 inet static
  address 192.168.2.24
  netmask 255.255.255.0

iface enx58278cbe7441 inet static
  address 192.168.2.25
  netmask 255.255.255.0

iface enx58278cbe7441 inet static
  address 192.168.2.26
  netmask 255.255.255.0

iface enx58278cbe7441 inet static
  address 192.168.2.27
  netmask 255.255.255.0

iface enx58278cbe7441 inet static
  address 192.168.2.28
  netmask 255.255.255.0

iface enx58278cbe7441 inet static
  address 192.168.2.29
  netmask 255.255.255.0

iface enx58278cbe7441 inet static
  address 192.168.2.200
  netmask 255.255.255.0

auto enp1s0f0
iface enp1s0f0 inet static
  address 192.168.100.1
  netmask 255.255.255.0
  broadcast 192.168.100.255
  dns-nameservers 192.168.2.1
  pre-up /sbin/sysctl net.ipv4.conf.all.forwarding=1
  pre-up /etc/init.d/isc-dhcp-server stop
  post-up /etc/init.d/isc-dhcp-server start
  post-down /sbin/sysctl net.ipv4.conf.all.forwarding=0

Confirmation command

Check NAT table

$ iptables -t nat -n -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       all  --  0.0.0.0/0            192.168.2.10       to:192.168.100.10
DNAT       all  --  0.0.0.0/0            192.168.2.11       to:192.168.100.11
DNAT       all  --  0.0.0.0/0            192.168.2.12       to:192.168.100.12
DNAT       all  --  0.0.0.0/0            192.168.2.13       to:192.168.100.13
DNAT       all  --  0.0.0.0/0            192.168.2.14       to:192.168.100.14
DNAT       all  --  0.0.0.0/0            192.168.2.15       to:192.168.100.15
DNAT       all  --  0.0.0.0/0            192.168.2.16       to:192.168.100.16
DNAT       all  --  0.0.0.0/0            192.168.2.17       to:192.168.100.17
DNAT       all  --  0.0.0.0/0            192.168.2.18       to:192.168.100.18
DNAT       all  --  0.0.0.0/0            192.168.2.19       to:192.168.100.19
DNAT       all  --  0.0.0.0/0            192.168.2.20       to:192.168.100.20
DNAT       all  --  0.0.0.0/0            192.168.2.21       to:192.168.100.21
DNAT       all  --  0.0.0.0/0            192.168.2.22       to:192.168.100.22
DNAT       all  --  0.0.0.0/0            192.168.2.23       to:192.168.100.23
DNAT       all  --  0.0.0.0/0            192.168.2.24       to:192.168.100.24
DNAT       all  --  0.0.0.0/0            192.168.2.25       to:192.168.100.25
DNAT       all  --  0.0.0.0/0            192.168.2.26       to:192.168.100.26
DNAT       all  --  0.0.0.0/0            192.168.2.27       to:192.168.100.27
DNAT       all  --  0.0.0.0/0            192.168.2.28       to:192.168.100.28
DNAT       all  --  0.0.0.0/0            192.168.2.29       to:192.168.100.29
DNAT       all  --  0.0.0.0/0            192.168.2.200       to:192.168.100.250

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       all  --  192.168.100.10         0.0.0.0/0            to:192.168.2.10
SNAT       all  --  192.168.100.11         0.0.0.0/0            to:192.168.2.11
SNAT       all  --  192.168.100.12         0.0.0.0/0            to:192.168.2.12
SNAT       all  --  192.168.100.13         0.0.0.0/0            to:192.168.2.13
SNAT       all  --  192.168.100.14         0.0.0.0/0            to:192.168.2.14
SNAT       all  --  192.168.100.15         0.0.0.0/0            to:192.168.2.15
SNAT       all  --  192.168.100.16         0.0.0.0/0            to:192.168.2.16
SNAT       all  --  192.168.100.17         0.0.0.0/0            to:192.168.2.17
SNAT       all  --  192.168.100.18         0.0.0.0/0            to:192.168.2.18
SNAT       all  --  192.168.100.19         0.0.0.0/0            to:192.168.2.19
SNAT       all  --  192.168.100.20         0.0.0.0/0            to:192.168.2.20
SNAT       all  --  192.168.100.21         0.0.0.0/0            to:192.168.2.21
SNAT       all  --  192.168.100.22         0.0.0.0/0            to:192.168.2.22
SNAT       all  --  192.168.100.23         0.0.0.0/0            to:192.168.2.23
SNAT       all  --  192.168.100.24         0.0.0.0/0            to:192.168.2.24
SNAT       all  --  192.168.100.25         0.0.0.0/0            to:192.168.2.25
SNAT       all  --  192.168.100.26         0.0.0.0/0            to:192.168.2.26
SNAT       all  --  192.168.100.27         0.0.0.0/0            to:192.168.2.27
SNAT       all  --  192.168.100.28         0.0.0.0/0            to:192.168.2.28
SNAT       all  --  192.168.100.29         0.0.0.0/0            to:192.168.2.29
SNAT       all  --  192.168.100.250        0.0.0.0/0            to:192.168.2.200

I think there are other ways to do it better, but I will also post a memorandum. Until the end Thank you for reading.

Recommended Posts

Build a DHCP and NAT router on Ubuntu 16.04
Build a XAMPP environment on Ubuntu
Build and install Wireshark Development Release (3.3.1) on Ubuntu
How to build a Pytorch environment on Ubuntu
Build Zabbix on Ubuntu 20.04
Build VNC Server on Ubuntu 20.04
Ubuntu on Windows build speed
Install Ubuntu 20.04 in virtual box on windows10 and build a development environment using docker
Build TensorFlow 2.3.1 from source on Ubuntu20.04 LTS and create a shared library in C ++ language
[Virtualization] Install VMware and build Ubuntu (20.04)
Install JDK and JRE on Ubuntu 16.10
Build a Minecraft server on AWS
Enable Java 8 and Java 11 SDKs on Ubuntu
How to build vim on Ubuntu 20.04
Build ffmpeg 4.3.1 on Ubuntu for Windows
Installing and using Ansible on Ubuntu 16.04
Install Ubuntu20.04 on RaspberryPi 4 and build Kubernetes to run the container
Create a development environment for Ruby 3.0.0 and Rails 6.1.0 on Ubuntu 20.04.1 LTS
Build a Maven repository on AWS S3
[Ruby] Building a Ruby development environment on Ubuntu
Build a Java development environment on Mac
Build OpenCV with Java Wrapper on Ubuntu 18.04
Build a JMeter environment on your Mac
Introducing a dark Jupyter Notebook with pyenv and Vim keybindings on Ubuntu on WSL 2
Build a test flow on CircleCI using Jib
Protobuf and gRPC C ++ environment construction on Ubuntu 18.04
Write a dockerfile to start jupyter-lab on ubuntu
Building a Hadoop cluster (Cloudera Manager on Ubuntu 18.04)
[Java] Build Java development environment on Ubuntu & check execution
Build a streaming server on your iOS app
Ruby on Rails ~ Basics of MVC and Router ~
Build a Laravel environment on an AWS instance
Install and switch between multiple Javas on Ubuntu
Docker on Ubuntu18.04 on WSL2 and VSCode installation instructions
Build a Java runtime environment on Sakura VPS
On ubuntu, scilab, octave and R, sympy, etc.
How to quit Docker for Mac and build a Docker development environment with Ubuntu + Vagrant
tmux on Ubuntu
Memo to build a Servlet environment on AWS EC2
Build Ubuntu 20.04 LTS desktop environment on Raspberry Pi 4 (+ Japanese)
Build a Ruby on Rails development environment on AWS Cloud9
Use Vue.js on a CDN (only copy and paste!)
Build a Maven in-house repository on Google Cloud Storage
I tried using YOLO v4 on Ubuntu and ROS
Let's build a NEM node (supernode is possible) Ubuntu 18.04
Install rbenv with apt on ubuntu and put ruby
Install Rust in WSL2 Ubuntu environment and build WASM build environment
Talk about introducing Ubuntu 20.04 on Windows 10 and text editor