I'm replacing my 10 year old CentOS system with Ubuntu-Server 24.04.3 LTS. The CentOS is running IP tables and I have always been able to add and delete rules as needed. I have never used Ubuntu but now I am trying it since CentOS is no longer available.
I bought a Beelink EQ14 with 2 Ethernet ports to use as my new firewall server. I have successfully installed Ubuntu and have the two Ehernet cards working. However, I have spent 2 days trying to solve what I believe to be a DNS issue. The systemd-resolved service seems to be working properly and it retrieves my ISP DNS server IP addresses. However, no client on the LAN has internet access.
The DHCP server is running properly and gives out IP addresses to the LAN clients. If I configure the network card on my PC to use DHCP for the IP address and manually add DNS servers 8.8.8.8 and 8.8.4.4, I am able to access the internet.
Relevant System Information:
The Ubuntu system i configured with 2 Ethernet cards. The ISP facing card is configured to obtain its IP address via DHCP, and does so. The LAN card is configured with a static IP address of 172.16.1.1. I can access the Ubuntu server from my desktop using Putty.
I tried to use my firewall rules from the CentOS box with no luck. So I have created a very simple iptables ruleset that should work. I have turned UFW and nftables off and disabled them. I have set net.ipv4.ip_forward = 1 and it is persistent across reboots.
The IP tables and Netplan 01-netcfg.yaml settings are shown below.
At least to me, it is not obvious what is wrong. Could you give us the outputs from sudo iptables -xvnL and sudo iptables -t nat -xvnL.
Yes, UFW should be off and disabled, but the iptables syntax should be interpreted and executed by nftables so it is not clear that it should be disabled.
The links for iptables should look something like this:
Based on the packet counters, it seems to be working.
I don’t understand why the protocol (prot) column is listing “0”, as I think “all” is expected.
To better understand what is going on I would add logging to the iptables rule set and/or monitor the packets with tcpdump (or wireshark, if you prefer).
For tcpdump: In one terminal:
sudo tcpdump -n -tttt -i enp1s0
and in another terminal:
sudo tcpdump -n -tttt -i enp2s0
You mention using PuTTY to access the Ubuntu server, so to avoid an infinite spew of SSH packets the second tcpdump command might need to be:
I activated logging for iptables. I see this when I try to access a website. It doesn’t matter if I have 8.8.8.8 manually entered so I can access the site or if I have no DNS and am unable to access anything, I get the same results in the log.
The firewall is passing traffic. I had my brother use SSH to access my server and he was able to connect and log in. So apparently the issue is totally related to DNS. It makes no sense as to why it is not working.
These are the current firewall rules I have in place.
I have noticed one difference between the CentOS box and the Ubuntu box. From the command line on my Windows PC, when I issue an ipconfig /all command, I see this.
Default Gateway . . . . . . . . . : 172.16.1.1
DHCP Server . . . . . . . . . . . : 172.16.1.1
DNS Servers . . . . . . . . . . . : 172.16.1.1
The same command on the Ubuntu box only shows the Default Gateway and the DHCP Server. No DNS server is referenced.
And the DNS server address is as specified in my DHCP server configuration file, /etc/dhcp/dhcpd.conf:
option domain-name-servers 192.168.111.1;
And I do have a DNS server running at 192.168.111.1, but if I didn’t the line might be whatever I decide to use or whatever my ISP said to use, for example:
OK, I am making some progress but not there yet.
I added
option domain-name-servers 172.16.1.1;
to my dhcpd.conf file in /etc/dhcp directory and then an ipconfig /all command shows the DNS Servers as 172.16.1.1. However, I still had no access to the internet.
I then changed option domain-name-servers to 172.16.1.1, 8.8.8.8, 8.8.4.4. That then gives the LAN side clients access to the internet. But it shouldn’t need to be setup that way.
The rules I have setup in IPTABLES should know to pass DNS requests to the ISP interface enp2s0. I need to figure that one out.
The dns server appears to be running on my Ubuntu box according to this:
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Current DNS Server: 172.16.1.1
DNS Servers: 172.16.1.1
Link 2 (enp1s0)
Current Scopes: DNS
Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 68.105.28.11
DNS Servers: 68.105.28.11 68.105.29.11 68.105.28.12 2001:578:3f::30 2001:578:3f:1::30
Link 3 (enp2s0)
Current Scopes: none
Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
root@atc-firewall:/usr/share/ufw/iptables#
The 68.105 addresses are the ISP providers DNS servers.
It sounds as though you do not actually have a DNS server running on 172.16.1.1.
And while your IPTABLES rules would forward DNS requests, they have to have a valid destination. If your are not running a local DNS server, then the DNS addresses would need to be supplied as part of your DHCP issued IP address lease.
â—Ź isc-dhcp-server.service - ISC DHCP IPv4 server
Loaded: loaded (/usr/lib/systemd/system/isc-dhcp-server.service; enabled; preset: enabled)
Active: active (running) since Fri 2025-08-15 01:06:21 UTC; 39min ago
Docs: man:dhcpd(8)
Main PID: 2146 (dhcpd)
Tasks: 1 (limit: 18819)
Memory: 3.8M (peak: 4.3M)
CPU: 29ms
CGroup: /system.slice/isc-dhcp-server.service
└─2146 dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf /etc/dhcp/dhcpd.conf enp2s0
Aug 15 01:37:40 atc-firewall dhcpd[2146]: DHCPREQUEST for 172.16.1.119 from 50:67:ae:f0:3e:c0 (SPA112) via enp2s0
Aug 15 01:37:40 atc-firewall dhcpd[2146]: DHCPACK on 172.16.1.119 to 50:67:ae:f0:3e:c0 (SPA112) via enp2s0
Aug 15 01:37:41 atc-firewall dhcpd[2146]: DHCPREQUEST for 172.16.1.113 from 60:83:e7:e0:65:5b (ArcherAX21) via enp2s0
Aug 15 01:37:41 atc-firewall dhcpd[2146]: DHCPACK on 172.16.1.113 to 60:83:e7:e0:65:5b (ArcherAX21) via enp2s0
Aug 15 01:41:10 atc-firewall dhcpd[2146]: DHCPREQUEST for 172.16.1.114 from 30:5a:3a:03:8b:a7 (rbuck-Win10) via enp2s0
Aug 15 01:41:10 atc-firewall dhcpd[2146]: DHCPACK on 172.16.1.114 to 30:5a:3a:03:8b:a7 (rbuck-Win10) via enp2s0
Aug 15 01:42:40 atc-firewall dhcpd[2146]: DHCPREQUEST for 172.16.1.119 from 50:67:ae:f0:3e:c0 (SPA112) via enp2s0
Aug 15 01:42:40 atc-firewall dhcpd[2146]: DHCPACK on 172.16.1.119 to 50:67:ae:f0:3e:c0 (SPA112) via enp2s0
Aug 15 01:42:45 atc-firewall dhcpd[2146]: DHCPREQUEST for 172.16.1.113 from 60:83:e7:e0:65:5b (ArcherAX21) via enp2s0
Aug 15 01:42:45 atc-firewall dhcpd[2146]: DHCPACK on 172.16.1.113 to 60:83:e7:e0:65:5b (ArcherAX21) via enp2s0
root@atc-firewall:/#```
Edit: You are probably correct. This shows the DHCP server is running.
I have the DNS server address in the dhcpd.conf file. But when I run
ps -ef |grep dns, nothing returns. Further investigation required.