LAN Router Setup

Routing

I configured the routing tables to forward all traffic from my ethernet port (enp42s0) out over my WiFi connection (wlan0), and enabled IP masquerading.

iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
iptables -A FORWARD -i enp42s0 -o wlan0 -j ACCEPT

To save this configuration, I used iptables-save to write the current routing table to /etc/sysctl.d/ip_forward.conf. The file will be automatically loaded by iptables.service at boot.

The kernel also needs to be told to allow IP forwarding.

# /etc/sysctl.d/ip_forward.conf

net.ipv4.ip_forward=1

At this point hosts on my LAN can reach the wider internet by IP address, but not by URL.

DNS and DHCP

I am using dnsmasq for to provide DNS and DHCP to my LAN. The configuration is very straigtforward. You just specify a network interface to provide the services on and a range of IP addresses to manage.

# /etc/dnsmasq.conf

interface=enp42s0
dhcp-range=192.168.22.1,192.168.22.254,255.255.255.0

In order to function as a DHCP and DNS server, my desktop needs a static IP address for other hosts to be pointed to.

# /etc/systemd/network/25-eth.network

[Match]
Name=enp42s0

[Network]
Address=192.168.22.1/24

The final bit of configuration is to direct each machine connected to the LAN to this IP address for DNS services.

# /etc/resolv.conf

# Local DNS Server
nameserver 192.168.22.1

# Other DNS Servers
nameserver xxx.xxx.xxx.xxx
nameserver yyy.yyy.yyy.yyy

On the desktop itself I have it directed to the loopback address, 127.0.0.1.