Router on a Stick

by: Derek Carter

A router-on-a-stick is a term used to describe a network device that routes traffic between two networks, across one datalink. First step to setting up a router-on-a-stick is to have a single cable connected from a linux box to a switch/router/hub into which all other connections are made.Let's set up a scenario, we have a lab of machines on the network 10.100.0.0/24 all connected to the same hub. Also connected to that hub is the wire which leads to the backbone network (also a 10.100.0.0/24 address). We want to create a small subnet out of a few of these machines, lets say the 192.168.2.0/24 network.something like this:

onastick.png

To do this you used to need an interface card for each network you wanted to route to/from and a wire ran for each as well. Now we need only one wire. Here are the steps on setting up a linux box to act as the router.
  1. Create the virtual interface
    • use your distro's network config tool to create the virtual interface alias eth0:1 or similar
    • if that doesn't work use ifconfig
    • set the ip address to the default route address of the subnet. eg: 192.168.2.254
    • remove any interface-specific gateway from the config file
  2. Setup the regular interface eth0
    • again use your distro's tools or ifconfig
    • set the ip address to whatever it should be in the backbone network eg: 10.100.0.35
    • or leave it to get the dhcp lease
    • remove any interface-specific gateway from the config file
  3. Add the default gateway
    • edit the file /etc/sysconfig/network or your distro's global network settings and add the gateway that your dhcp lease provides to get to the backbone network
  4. Disable send_redirects to keep hosts from the subnet from trying to get to the backbone by themselves. Make sure the following values are set in the /proc/sys/ directory
    • /proc/sys/net/ipv4/conf/eth0/send_redirects = 1
    • /proc/sys/net/ipv4/conf/lo/send_redirects = 1
    • /proc/sys/net/ipv4/conf/all/send_redirects = 1
    • /proc/sys/net/ipv4/conf/default/send_redirects = 1
    • /proc/sys/net/ipv4/ip_forward = 1
    • make these changes permament by editing /etc/sysctl.conf
  5. Restart your network service to apply changes
  6. Configure iptables to NAT the traffic from the subnet to the backbone network
    • iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth0+ -j MASQUERADE
    • make this iptables rule permament using your distro's method
And there you have it. Your traffic should be NAT'ed from the subnet through the router-on-a-stick out to the backbone network.enjoy.