How to configure LINUX MACHINE as a ROUTER with one Network Card

It’s a bit older but a very cheap way to use a Linux Machine as an internet Router/Gateway. There is no need to be a LINUX expert to do this task. No need to have two physical fast Ethernet cards. Sharing internet connection with only one physical fast Ethernet card is very easy using the under given rules.

Required Items to configure a Router on LINUX Machine are given as under;

  • One Physical Fast Ethernet Card
  • DSL/Cable/Fiber Optic Internet Connection with Public IP Address.

1) Please configure the Fast Ethernet first like under given;

a) Assign Public IP address to the Fast Ethernet Card with the followings;

i) Eth0

ii) IP Address ( change with your public IP address

iii) Net Mask (Provided by the Internet service provider) ( change with your net mask

iv) Default Gateway ( change with your Default Gateway

v) Preferred DNS ( change with your preferred DNS

vi) Alt. DNS ( Change with your alt. DNS

b) Create a virtual IP address on this Fast Ethernet Card

i) Copy and paste the configuration file of the eth0 with a new name eth0:0

c) Assign a private IP Address like you have assigned the other computers in your local area network

i) Eth0:0

ii) IP Address (

iii) Net mask (

iv) Default Gateway (leave this blank)

2) Creating forwarding rules with iptables:

# Delete and flush. Default table is “filter”. Others like “nat” must be explicitly stated.

3) iptables –flush – Flush all the rules in filter and nat tables

4) iptables –table nat –flush

5) iptables –delete-chain

# Delete all chains that are not in default filter and nat table

6) iptables –table nat –delete-chain

# Set up IP FORWARDing and Masquerading

7) iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE

8 ) iptables –append FORWARD –in-interface eth0 -j ACCEPT

9) echo 1 > /proc/sys/net/ipv4/ip_forward

# Enables packet forwarding by kernel

10) Create a route for internal packets:

11) route add -net netmask gw dev eth0

# Change with your Gateway IP Address

Configuring PCs on the office network:

All PC’s on the private office network should set their “gateway” to be the local private network IP address of the Linux gateway computer. change with your own gateway

The DNS should be set to that of the ISP on the internet.

Or you can configure your own DNS server on this LINUX machine; I will try to explain that in a later post.

Configure the firewall to control the security.

First flush everything and then allow limited ports and IP Addresses

12) iptables -F

13) iptables -A INPUT -i lo -p all -j ACCEPT – Allow self access by loopback interface

14) iptables -A OUTPUT -o lo -p all -j ACCEPT

15) iptables -A INPUT -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT – Accept established connections

16) iptables -A INPUT -p tcp –tcp-option ! 2 -j REJECT –reject-with tcp-reset

17) iptables -A INPUT -p tcp -i eth0 –dport 21 -j ACCEPT – Open ftp port

18) iptables -A INPUT -p udp -i eth0 –dport 21 -j ACCEPT

19) iptables -A INPUT -p tcp -i eth0 –dport 22 -j ACCEPT – Open secure shell port

20) iptables -A INPUT -p udp -i eth0 –dport 22 -j ACCEPT

21) iptables -A INPUT -p tcp -i eth0 –dport 80 -j ACCEPT – Open HTTP port

22) iptables -A INPUT -p udp -i eth0 –dport 80 -j ACCEPT

23) iptables -A INPUT -p tcp –syn -s –destination-port 139 -j ACCEPT – Accept local network Samba connection

24) iptables -A INPUT -p tcp –syn -s trancas –destination-port 139 -j ACCEPT

25) iptables -P INPUT DROP – Drop all other connection attempts. Only connections defined above are allowed.

26) alter the Linux kernel config file: /etc/sysctl.conf

Set the following value:

27) net.ipv4.ip_forward = 1

28) Service iptables save

Now you can test by opening a page in internet explorer that your Linux router/gateway for internet connection sharing is working or not. If everything goes according to the above given instructions your router/gateway is ready to be used by your users in your local network.

Note: Please share your experiences and comments about this post.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.