Linux Network Routing: Connecting WAN and LAN Through Dual-NIC Configuration


2 views

When working with a Linux machine acting as a router between two networks, the key components are:

  • Public-facing interface (eth1) with WAN IP: 88.200.1xx.xxx
  • Internal interface (eth0) with LAN IP: 192.168.1.1

Here's what needs to be configured for proper routing:

# Enable IP forwarding permanently
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

# Configure interfaces (example for Debian/Ubuntu in /etc/network/interfaces)
auto eth0
iface eth0 inet static
    address 192.168.1.1
    netmask 255.255.255.0

auto eth1
iface eth1 inet static
    address 88.200.1xx.xxx
    netmask 255.255.255.0
    gateway 88.200.1xx.1  # Your actual gateway IP

For LAN clients to access the internet through your Linux router:

# Configure NAT using iptables
sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
sudo iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

# Save iptables rules (Debian/Ubuntu)
sudo apt-get install iptables-persistent
sudo netfilter-persistent save

On PC1 (192.168.1.x network), set:

  • IP address: 192.168.1.x (x ≠ 1)
  • Netmask: 255.255.255.0
  • Gateway: 192.168.1.1 (your Linux router's eth0 IP)
  • DNS: You can use public DNS like 8.8.8.8

If connectivity problems persist:

# Check routing table
ip route show

# Verify NAT is working
sudo iptables -t nat -L -n -v

# Test connectivity
ping 8.8.8.8
traceroute 8.8.8.8

If using UFW or firewalld:

# For UFW users
sudo ufw default allow routed
sudo ufw allow in on eth0
sudo ufw allow out on eth1

In your setup, you have a Linux machine acting as a gateway between two networks:

WAN (88.200.1xx.xxx) --- [eth1] Linux PC [eth0] (192.168.1.1) --- Switch --- Client PCs

Here's what you need to implement:

# Enable IP forwarding (temporary)
echo 1 > /proc/sys/net/ipv4/ip_forward

# Make it persistent
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p

Configure your interfaces properly in /etc/network/interfaces:

# WAN interface
auto eth1
iface eth1 inet static
    address 88.200.1xx.xxx
    netmask 255.255.255.0
    gateway 88.200.1xx.1
    dns-nameservers 8.8.8.8 8.8.4.4

# LAN interface
auto eth0
iface eth0 inet static
    address 192.168.1.1
    netmask 255.255.255.0

To allow LAN clients to access the WAN:

# Flush existing rules
iptables -F
iptables -t nat -F

# Set default policies
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

# Enable NAT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

On your client PC (192.168.1.2 for example):

ip address: 192.168.1.2
netmask: 255.255.255.0
gateway: 192.168.1.1
DNS: 8.8.8.8 or your preferred DNS

If things aren't working:

# Check routing tables
ip route show

# Verify NAT rules
iptables -t nat -L -v -n

# Test connectivity
ping -c 4 8.8.8.8
traceroute 8.8.8.8

# Check forwarding status
cat /proc/sys/net/ipv4/ip_forward

To save your iptables rules on Debian/Ubuntu:

apt install iptables-persistent
netfilter-persistent save

On RHEL/CentOS:

service iptables save

# Basic NAT configuration with nftables
nft add table ip nat
nft add chain ip nat postrouting { type nat hook postrouting priority 100 \; }
nft add rule ip nat postrouting oifname "eth1" masquerade