Previous Page
PCLinuxOS Magazine
Article List
Next Page

How To Use PCLinuxOS As A Router

by muungwana

A router is a device that connects two or more networks.

A computer needs three things to be able to act as a router. It needs at least two network interfaces, with each interface connected to a network. It needs to be configured to allow traffic to pass from one interface to another. Finally, it needs to be configured to masquerade traffic from the secondary interface as it leaves the primary interface.

The primary interface is an interface that is connected to a larger network. The larger network maybe the internet at large, or it can be a local network connected to the ISP network. The primary interface is the interface that connects the computer to the internet.

The secondary interface is the interface that is connected to a network which acts as a bridge for the computer to access the internet, or to access the local network the primary interface is connected to.

Before we continue, it is important to (re) familiarize ourselves with network terminologies.

An IPv4 address is made up of 32 bits, ie 32 ones and zeros. It is also made up of two parts, a network address and a host address. An IP address is usually represented as a decimal number representation of these 32 bits broken down to four chunks, each chunk consisting of eight bits and separated by a dot character.

An IPv4 address looks like: The "dot" is added for clarity, and is not part of the binary representation. It just marks the eight bit boundary.

"192" for example is a decimal representation of a binary number "11000000". "" is an IPv4 address and its binary equivalent is "11000000 10101000 00001010 00001010"

A netmask has the same number of bits and format of IPv4 address and it is a variable that is used to separate a network address from a host address in an IPv4 address.

A netmark address of corresponds to "11111111 11111111 11111111 00000000" binary address.

An IPv4 address given as:

IP address:
netmask   :

which is equivalent to

They both say the same thing. Of the 32 bits of an IPv4 address, the first 24 bits are used to represent a network address, and the remaining eight bits are used to represent a host address, an address of a network device within its network.

What distinguishes one network from another is the network address, identified by a netmask address. All computers that have the same network address belong to the same network, and must send their traffic to a router when they want to communicate with other computers that are in another network.

It is not allowed for network traffic belonging to one network to be seen outside of its network, and any traffic that somehow manages to "escape" its network simply gets dropped. The router's responsibility is to sit on network boundaries and "masquerade" network addresses of traffic from one network as it crosses network boundaries, and to allow the traffic to pass through safely.

A gateway address is an address belonging to a router, and it acts as a gateway in and out of a network.

A typical network properties listing of an interface may look something like this:

IPv4 address:
netmask       :
gateway       :
DNS           :

The above says:

The host address is 10, the host address belongs to a network with a network address of, the first 24 bits of the 32 bit IPv4 address are used to represent a network address, and the "door" in and out of this network is at The router is at this address. The DNS address is not relevant to this discussion.

For simplicity, we will call the computer that will act as a router "alice" and a computer that will access the internet through "alice" computer "bob."

Before we continue, make sure "alice" and "bob" are connected, either through a hub or through a crossover cable, if a cable runs directly from one to the other. Modern network interfaces can handle direct connections of interfaces with normal cables and it may not be necessary to use a crossover cable with direct connections. It is also possible to connect them wirelessly using wireless network interfaces.

Also, make sure "alice" can go online through the primary interface.

For a computer to act as a router, it needs more than one interface. Traffic needs to be allowed to flow from one interface to another. Lastly, traffic from the secondary interface must be masqueraded when passing through the primary interface network.

A kernel option that allow traffic to pass from one interface to another is at: " /proc/sys/net/ipv4/ip_forward".

Traffic is not allowed to flow between interfaces if the content of the virtual file is "0," and traffic is allowed if the content is "1".

To set the option to "1", run the following command (as the root user) from a terminal session on "alice."

echo 1 > /proc/sys/net/ipv4/ip_forward

If you want the option to survive a reboot, add "net.ipv4.ip_forward = 1" to the "/etc/sysctl.conf" configuration file. First, make sure the line is not there before you add it. If it is already there, but with an option of "0," just change the option to "1." That is all that is needed to allow traffic to flow from one network to another.

Now, let's set up the primary interface to masquerade traffic from a secondary interface.

Here we add a rule to iptables. Iptables is a program in Linux that enforces network traffic policy. Most Linux firewalls do their business by writing iptables rules.

Once again, in a terminal session on "alice," (as root) run the following command:

/sbin/iptables -t nat -I POSTROUTING -o XYZ -j MASQUERADE

XYZ is the primary interface (eth0, wlan0, etc.).

The above rule says the following:

Insert a "masquerade" iptable rule in the "postrouting" chain of a "nat" table. Iptables rules are hierarchical. Tables are at the top, chains follow, and lastly rules. The "postrouting" chain acts on all traffic just before it leaves the network, and the "masquerade" says "change the network address of whatever traffic is passing through to the network address of this interface."

If you want the rule to survive reboots, from the terminal, as root, run "service iptables save." Then, go to PCC (PCLinuxOS Control Center) services section, and make sure "iptables" is set to start at boot time.

Still on "alice," re-setup the network interface in PCC's Network and Internet section, and give the secondary interface the following network properties:

IP address:
netmask   :

That is all. Ignore the dialog if it shows you an error warning.

Give the network interface on "bob" that is connected to the secondary interface on "alice" the following network properties:

IP address:
netmask   :
gateway   :
DNS       :

That is all. "bob" should now be able to go online using "alice" as its router, i.e., as its gateway.

The host address of the network interface on "bob" is "20." Its network address is 10.10.10.x.

The host address of the secondary interface on "alice" is "10." Its network address is 10.10.10.x.>

The above means the two interfaces belong to the same network.

The primary interface on "alice" will have/should have a different network address, making it belong to a different network. The two commands executed above connect the two interfaces, and allow traffic to pass between them, which makes "alice" a router.

Previous Page              Top              Next Page
Copyright (c) 2013, The PCLinuxOS Magazine. All Rights Reserved.