Here is a quick rundown on how to make a simple Debian box into a router

Removed un-needed items

apt purge iptables

Install required items

apt install bridge-utils firewalld dnsmasq

Enable IP Forwarding

sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf

Find NICs

ip a to find the NICs

Now we create the bridge. This is assuming your device has three NICs and you want two for LAN and one for WAN

nano /etc/network/interfaces

allow-hotplug eth0
auto eth0
iface eth0 inet dhcp

auto eth1
allow-hotplug eth1
iface eth0 inet manual

auto eth2
allow-hotplug eth2
iface eth2 inet manual

auto br0
iface br0 inet static
        bridge_ports eth1 eth2
        bridge_fd 0
        bridge_stp off
  1. It probably wouldn’t hurt to reboot now. Hopefully all is working. The LAN IP will be and the WAN IP will be picked up via DHCP.

Add firewalld rules

firewall-cmd --zone=home --add-interface=br0
firewall-cmd --zone=public --add-interface=eth0
firewall-cmd --zone=public --add-masquerade
firewall-cmd --zone=home --add-service=ssh
firewall-cmd --runtime-to-permanent

Configure DNS Masq (This assumes you want to use it for DHCP and DNS)

sed -i 's/#interface=/interface=br0/g' /etc/dnsmasq.conf

Find dhcp-range and make if what you’d like. I did the following

sed -i 's/#dhcp-range=,,12h/dhcp-range=,,4h/g'

Now we can allow DNS Masq thru the firewall for DNS and DHCP

firewall-cmd --zone=home --add-service=dns
firewall-cmd --zone=home --add-service=dhcp

Now we can enable all services

systemctl enable dnsmasq

If you want SSH from the WAN you can do the following

firewall-cmd --zone=public --add-service=ssh

We can can reboot again and hopefully it’s going to be working



If you want to do port forwarding you can use the following. Internal Device IP 8888: Internal Port 5555: External Port tcp: Protocol (tcp/udp)

firewall-cmd --permanent --add-forward-port=port=5555:proto=tcp:toaddr=