Configure an Ubuntu "Gateway"

The original title was going to be:

Configure an Ubuntu "Gateway" using two wireless devices and one server

But it was going to be long and boring. Ok, everything started because I have moved to a new location and I was not going to have internet in a long time nor willing to get a two year contract with a company again. So, connection from my supporting neighbor was provided, the only thing I had to do is to create an extension to his wireless AP. Easily enough I could had bought a WiFi extender, but no fun was going to be out of there and of course, if he would like to sniff what was going trough, well you know the history.

Fortunately I have this hardware ready to be set up:

VIA ARTiGO Pico-ITX Builder Kit A1000
Alfa AWUS036NH
WiDrive DX325

I could explain the network, but better seen graphically:

It still needs an explanation: There is an Access Point (AP) in the neighbor house connected to internet, for this case the name will be NAP01 with a WEP key abcde12345. The Alpha AWUS036NH connects directly to this AP as normal, then it is assigned an IP address with the number 192.168.2.7. The Via Artigo receives all data through one USB 2.0 port and then shares its connection to the ethernet port, in other words wlan0 ->> eth0. After this, the WiDrive receives its connection from the eth0 to its WAN port and creates another AP called "Internal" with a WPA key "abcabc".

In summary:

wlan0 - 192.168.1.5 (DHCP)
eth0 - 192.168.10.2 (STATIC)
wan - 192.168.10.5 (STATIC)

With everything prepared in the hardware side, let's get our hands dirty.

1. Get internet in the Artigo
As classy as always, connect to the access point using the network manager or by command line:

 # ifconfig wlan0 up  
 # iwlist wlan0 scan
 # iwconfig wlan0 essid NAP01 key abcde12345   
 # dhclient3 wlan0

Of course, you need admin rights on the computer to execute any of the commands above, and most of the following as well. At the end the device wlan0 will have the following configuration:

 # ifconfig wlan0
wlan0     Link encap:Ethernet  HWaddr 00:01:01:01:01:01  
          inet addr:192.168.1.7  Bcast:192.168.1.255  
          Mask:255.255.255.0

2. Set Static IP for the eth0 port
Once we know we are receiving internet from the USB device wlan0, we set the IP of the eth0 static and with "DIFFERENT" network in comparison with the one that the DHCP from the router assigns. The commands are:

 # sudo nano /etc/network/interfaces

Then edit this document with your details, mine is as follows:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 192.168.10.2
        network 192.168.10.0 # different network
        netmask 255.255.255.0
        broadcast 192.160.10.255
        gateway 192.168.1.7  
# take especial consideration to the gateway
# because it is the same IP address that was 
# assigned by the router to the
# wlan0

If by any means the DHCP client interferes with the config of the network port, then run this code to uninstall the package, and then restart the network interface.

 # sudo apt-get remove dhcp-client
 # sudo /etc/init.d/networking restart

3. Set Up the Internet Sharing using IPTables
Ok, at this point, we are going to forward everything that enters from the wlan0 to the eth0 and backwards as well, it is done with the following commands:

 # sudo iptables -A FORWARD -o wlan0 -i eth0 \
 -s 192.168.10.0/24 -m conntrack --ctstate NEW -j ACCEPT
 # sudo iptables -A FORWARD -m conntrack \
 --ctstate ESTABLISHED,RELATED -j ACCEPT
 # sudo iptables -t nat -A POSTROUTING  \
 -s 192.168.10.0/24 -o wlan0 -j MASQUERATE
 # sudo iptables -t nat -A POSTROUTING \
 -o wlan0 -j MASQUERADE

The two initial rules tells IPTables to take as input eth0 with the IP range from 192.168.10.0 through 24 and communicate to the output port wlan0 every new connexion as well as forward any packet. The last two tells quite the same but backwards and using NAT rules. Now we must make these changes last between sessions and/or reboot. So we save the rules in the file "iptables.sav" and edit the rc.local to execute the restore tool of the rules:

 # sudo iptables-save | sudo tee /etc/iptables.sav
 # sudo nano /etc/rc.local

And before the last command "exit 0" in the file "rc.local" we add the following line:

iptables-restore < /etc/iptables.sav

The last step of this section is to enable the ip forwarding but in "hardware", as well as edit the file "sysctl.conf" to set the flags enabled to port forwarding:

 # sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
 # sudo nano /etc/sysctl.conf

Search for the lines or add them at the end of the file in case they do not exist already:

net.ipv4.ip_forward=1
net.ipv4.conf.all.forwarding=1
net.ipv4.conf.default.forwarding=1

A whole system restart would be good or also a network one could take place:

 # sudo /etc/init.d/networking restart

4. Set an Static IP for the WAN port
Once we have set everything behind scenes, then the WAN port in the WiDrive is going to be assigned statically in order to avoid network interferences and being able to use any kind of ethernet wire, I used the small one that came with the package. So we need to enter to the web interface of the WiDrive. In my case, I have it configured to be the address 192.168.1.2.



As the last image shows, the WAN port has been configured using the same network as the eth0 (192.168.10.0/24), same broadcast in all cases but different ip from the one used in the eth0. After this, all clients that connect to the WiDrive will be able to get internet access as well as the shared content from the hard drive inside this device.

This last command might help in case you have this error: "status: Unknown parameter: INTERFACE" when trying to query the network interfaces:

 # service network-interface restart INTERFACE=eth0

The last part is the important bit. And I almost forgot, here are the links of the references that helped me create these steps:

How to Geek - Assign an static IP

Help Ubuntu - Internet Sharing

Geek Peek - Sharing WiFi

Lindesk - Enable IP Forwarding

BCFG - status: Unknown parameter: INTERFACE