How to build a router with Ubuntu20.04

This article will explain how to build a router with Ubuntu20.04. This is really useful when you need a router in your home lab.

Target topology

Here is the target topology to build in this article.

  • 2 interfaces
    • ens160 is for upstream connection so Ubuntu20.04 use this network to access internet.
    • ens192 is for private network such as internal network in your lab.
  • DHCP server for network
  • DNS server for
  • NAT does SNAT for network so that any devices in the network can talk to internet
  • Routing between and


  • Ubuntu 20.04 is installed
  • Ubuntu 20.04 has 2 interfaces
  • Ubuntu 20.04 has internet connectivity

Enable routing

Configure net.ipv4.ip_forward=1 in /etc/sysctl.conf

$ grep ipv4.ip_forward /etc/sysctl.conf

Activate the config

sudo sysctl -p

Validate the config. The output must be 1.

$ cat /proc/sys/net/ipv4/ip_forward

NAT configuration

Enable NAT on Ubuntu so that devices in can use ens160’s ip address to access Internet. We’re going to use iptables to achieve this and also persist the configuration across reboots using iptables-persistent.

Install iptables-persistent

sudo apt install iptables-persistent

Add NAT rule

sudo iptables -t nat -A POSTROUTING -s -o ens160 -j MASQUERADE

Save the current iptables rule to /etc/iptables/rules.v4

sudo su
iptables-save > /etc/iptables/rules.v4

DHCP server configuration

We’re going to use isc-dhcp-server to provide DHCP service in network.

Install isc-dhcp-server

sudo apt install isc-dhcp-server

Create DHCP configuration file like below. In this example, default gateway and DHS server is which is this Ubuntu20.04.

ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
option routers;
option domain-name-servers;
option domain-name "home.lab";

subnet netmask {

Start DHCP server service and enable it so that DHCP server will start automatically after reboot

sudo systemctl enable isc-dhcp-server.service
sudo systemctl start isc-dhcp-server.service

DNS server configuration

We’re going to use BIND to configure DHS server.

Install bind9

sudo apt install bind9

In this example, we’re going to achieve the following requirements.

  • Accept DNS request only from
  • Forward DHS request to google DNS, if it’s unknown.
  • Domain name is home.lab. BTW,.local is not recommended because MulticastDNS use the domain
  • 2 DNS records for Ubuntu VM and ESXi are configured in this example.
options {
  directory "/var/cache/bind";
  listen-on port 53 { localhost;; };
  allow-query { localhost;; };
  forwarders {; };
  recursion yes;
zone "home.lab" IN {
  type master;
  file "";
$TTL 86400

@ IN SOA home.lab root.home.lab (

@           IN NS ubuntu
ubuntu      IN A
esxi1       IN A

Validate configuration

named-checkzone home.lab /var/cache/bind/

Activate DNS service if you don’t see any errors.

sudo systemctl start named
sudo systemctl enable named


メールアドレスが公開されることはありません。 * が付いている欄は必須項目です