I want to configure a network like this:
Modem (local ip: 192.168.178.1) -> PC Ubuntu Server 20.04 with 2 LAN as Firewall and Gateway -> Router (local ip: 192.168.178.6) -> Switch->...
This is my ifconfig from the Firewall:
lan: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.178.39 netmask 255.255.255.0 broadcast 192.168.178.255
inet6 fe80::8647:9ff:fe0a:d94d prefixlen 64 scopeid 0x20<link>
ether 84:47:09:0a:d9:4d txqueuelen 1000 (Ethernet)
RX packets 1492 bytes 535250 (535.2 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 336 bytes 103896 (103.8 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 3552 bytes 436280 (436.2 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3552 bytes 436280 (436.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wan: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.178.40 netmask 255.255.255.0 broadcast 192.168.178.255
inet6 fe80::8647:9ff:fe0a:d94c prefixlen 64 scopeid 0x20<link>
ether 84:47:09:0a:d9:4c txqueuelen 1000 (Ethernet)
RX packets 97255 bytes 6561016 (6.5 MB)
RX errors 0 dropped 4216 overruns 0 frame 0
TX packets 12993 bytes 991983 (991.9 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.178.38 netmask 255.255.255.0 broadcast 192.168.178.255
inet6 fe80::4ae7:daff:feb3:58a5 prefixlen 64 scopeid 0x20<link>
ether 48:e7:da:b3:58:a5 txqueuelen 1000 (Ethernet)
RX packets 132359 bytes 13825120 (13.8 MB)
RX errors 0 dropped 61741 overruns 0 frame 0
TX packets 9068 bytes 1446619 (1.4 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
The file "/etc/netplan/config.yaml" is configured like this:
network:
ethernets:
wan:
optional: true
addresses: [192.168.178.40/24]
match:
macaddress: 84:47:09:0a:d9:4c
set-name: wan
gateway4: 192.168.178.1
nameservers:
addresses: [192.168.178.1, 1.1.1.1, 1.0.0.1]
lan:
optional: true
addresses: [192.168.178.39/24]
match:
macaddress: 84:47:09:0a:d9:4d
set-name: lan
version: 2
My iptables is setted in this way:
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i wan -p tcp -j DNAT --to-destination 192.168.178.6
COMMIT
# Completed on Mon Jan 10 08:28:52 2022
# Generated by iptables-save v1.8.4 on Mon Jan 10 08:28:52 2022
*mangle
:PREROUTING ACCEPT [1:40]
:INPUT ACCEPT [1:40]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1:184]
:POSTROUTING ACCEPT [1:184]
COMMIT
# Completed on Mon Jan 10 08:28:52 2022
# Generated by iptables-save v1.8.4 on Mon Jan 10 08:28:52 2022
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -s 192.168.178.0/24 -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A FORWARD -i lan -o wan -j ACCEPT
-A FORWARD -i wan -o lan -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
COMMIT
I've enabled ipforword.
The problem I've is that the router can't access to the Internet.
