Ever needed to route between two network segments, but you did not have the hardware? You search online for “virtual router” or maybe “build a linux router” and the search results just point you to pre-packaged distributions that are firewalls for routing between the Internet and an internal network?
Well that is what I ran into as I expanded upon my home test lab. All I wanted was a simple network router without a firewall, and the only solutions that I found were distributions that were primarily firewalls like Smoothwall and IPCop. These are great solutions if you need to control access between your Internet connection and an internal network, but if you just want to pass unfiltered traffic between two networks these distributions are not the right fit.
So I built my own simple router using CentOS’s minimal version, and you can too by following these simple steps (you must be root or have superuser permissions to run these commands):
- Build your Linux machine with two network interfaces.
- Connect the one NIC to the first network, and the other NIC to the second network.
- Assign an IP address, subnet mask and gateway to the first NIC to connect with the first network.
- Assign an IP address and subnet mask to the second NIC to connect with the second network.
- Enable IPv4 forwarding by editing the /etc/sysctl.conf file by changing the line “net.ipv4.ip_forward = 0” to “net.ipv4.ip_forward = 1”.
- Run the command “sysctl –p” to apply the changes.
- Disable iptables (the firewall) by running the command “service iptables stop”. Then ensure that the iptables service does not start upon a reboot with the command “chkconfig iptables off”.
- Disable SElinux by editing the /etc/selinux/config file by changing the line “SELINUX=permissive” to “SELINUX=disabled”.
- Reboot the system and check to make sure that both the iptables service and SElinux are disabled.
- Your Linux router is now built!
You will still need to configure routes between your networks, but now you can point those routes at your newly built Linux router!
If you found this tip useful please share it with others, and if you have any tips of your own share them with me by reaching out to me on LinkedIn. Until next time keep expanding upon your IT skills by taking on new challenges!