Building a Router with Ubuntu Linux

For my router project, I used Ubuntu server and because so much of this information is so hard to find, I’ll be documenting here for anyone interested.

To start, a barebones installation of Ubuntu Server 14 LTS. First things first, install and configure openssh. Setup your public key too, don’t need to be entering a password like a savage.

Nothing special about the install. I named my machine charon after the Mass Relay in the Sol system in the Mass Effect series. It’s an old Dell with 3 GB of RAM and a 64 GB SSD, massively overpowered for what we need but this is literally the worst machine I own, so let’s move on.

Now, our connections. In my case, eth0 is the external connection, through which I’ll be doing my initial setup and eth1 is the connection that will eventually face my new network. br0 is then the bridge between these that provides basic connectivity. /etc/network/interfaces is as follows:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static

auto eth1
iface eth1 inet static

auto br0
iface br0 inet static
    bridge-ports eth0 eth1

Now here’s a tricky bit, because of how Ubuntu sets up it’s network connections, you need to list the connection you’ll be ssh’ing in through first. This means when we get to that point where it’s time to forbid ssh connections from the outside, we’ll need to turn these around or the machine will be inaccessible.

IP Tables

Basic throughput is not enough for what a router needs to do, we net NAT, or Network Address Translation, to make this work properly. So let’s get that going, with four not at all simple commands:

iptables -A FORWARD -o eth0 -i eth1 -s -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

And save those somewhere convenient:

iptables-save | sudo tee /etc/iptables.sav

In your rc.local file, add this to make sure they’re always loaded (remember to update this if you change anything or you will be very sad):

iptables-restore < /etc/iptables.sav

Enable IP Forwarding:

sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

Open up /etc/sysctl.conf and uncomment this:


Setup DCHP

Up next, I installed dchp3-server with apt-get install dhcp3-server. Proved to be the simplest to configure, mine is a pretty straightforward setup using the DCHP range of everything above 200. Here’s my /etc/dhcp/dhcpd.conf file:

ddns-update-style none;

option domain-name "unsc.fleet";
option domain-name-servers;
option broadcast-address;
option subnet-mask;
option routers;

default-lease-time 600;
max-lease-time 7200;

log-facility local7;

subnet netmask {

Then I created the file /etc/defaults/dhcp3-server and added this:


To make sure DHCP would only answer on the eth1 interface. Testing it:


Everything looks good.

Bridge the Traffic

Sadly I was never able to get this working. I eventually bought a DD-WRT Buffalo N300 router which I’ve enjoyed ever since.


If you run into problems, these are my best resources which I consulted to a slavish degree through the course of this project. Dig it, and best of luck!