Using Ubuntu 12.04 as router/firewall

You need to have a server with 2 network cards, 1 for WAN RED (external internet access) and 1 for NAT GREEN (internal access)

The article describes the following.

Setting upp 2nd interface as local network

before changing, make a backup
sudo cp /etc/network/interfaces /etc/network/interfaces.bak


adding net for 2nd interface eth1


add the following information to /etc/network/interfaces

# Set up the internal wired network
# Don't forget to change eth1 to the proper name of the internal
# wired network interface if applicable.
auto eth1
iface eth1 inet static


restart network with

sudo /etc/init.d/networking restart


Setup dhcp server for local network

sudo apt-get install dhcp3-server


inte the file /etc/dhcp/dhcpd.conf insert the following

option domain-name "mydomain";
option domain-name-servers,,;

default-lease-time 600;
max-lease-time 7200;

option subnet-mask;
option broadcast-address;
option routers;

subnet netmask {
        range ;
        option routers ;


then edit /etc/default/isc-dhcp-server


then restart dhcp server

sudo service isc-dhcp-server restart


Setting up the firewall


Be sure that ufw is installed on the system

sudo apt-get install ufw


edit the file /etc/default/ufw and change the line


so it reads



then we need to enable packet forward between the interfaces

edit the file /etc/ufw/sysctl.conf and remove the # infront of the line below so it reads



One final file to change before we are upp and running

change the file /etc/ufw/before.rules add these line in the top before any commands

# nat rules

# Forward all packes through eth0

# WARNING, do not remove COMMIT line. This breaks the loading


Before starting the firewall, if you want to be able to access it with ssh you need to enable a rule accepting connections on port 22

ufw allow 22


Then start it up

ufw disable && sudo ufw enable

 Post details 

Categories: ubuntu
Tags: No Tags
Published on: December 2, 2011

 Comments (1) 

  1. John Thinstad says:

    ufw allow 22 is a bit low level.
    ufw all list – gives list of installed applicatins ufw knows
    ufw app update OpenSSH – opens the firewall for SSH
    ufw app info OpenSSH – shows the port added (yes.. 22/tcp)

 Leave a comment 

Your email address will not be published. Required fields are marked *


 © 2022 - Nimmis World