router / dnsmasq

Install LXD

CONTAINER=router
 
# create container
lxc launch ubuntu:lts ${CONTAINER}
 
# add SSH keys
lxc file push --uid 0 --gid 0 --mode 600 ~/.ssh/id_rsa.pub ${CONTAINER}/root/.ssh/authorized_keys
 
# add second network interface
lxc config device add router eth1 nic nictype=physical parent=enp0s25
 
# update APT packages
lxc exec ${CONTAINER} -- bash -c "apt update -qq && apt -qq dist-upgrade -y && apt -qy autoremove && reboot"
 
ssh root@$(lxc ls ${CONTAINER} -c 4 --format csv | cut -d" " -f1)
 
# disable systemd-resolved
systemctl disable systemd-resolved
systemctl stop systemd-resolved
rm /etc/resolv.conf
echo "nameserver 8.8.8.8" > /etc/resolv.conf
 
apt install -y dnsmasq
 
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sysctl -w net.ipv4.ip_forward=1
 
cat <<EOF> /etc/netplan/50-cloud-init.yaml 
network:
    version: 2
    ethernets:
        eth0:
            dhcp4: true
        eth1:
            dhcp4: no
            addresses:
              - 192.168.0.1/24
EOF
 
netplan apply
 
cat <<EOF> /etc/systemd/system/masquerade.service
[Unit]
Description=Enable MASQUERADE
After=network.target
 
[Service]
ExecStart=/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 
[Install]
WantedBy=multi-user.target
EOF
 
systemctl enable masquerade.service
 
# configure dnsmasq
sed -i 's|^#interface=.*|interface=eth1|g' /etc/dnsmasq.conf
sed -i 's|^#dhcp-range=192.168.0.50,192.168.0.150,12h|dhcp-range=192.168.0.50,192.168.0.150,12h|g' /etc/dnsmasq.conf
sed -i 's|^#log-queries|log-queries|g' /etc/dnsmasq.conf
sed -i 's|^#log-dhcp|log-dhcp|g' /etc/dnsmasq.conf
 
echo "log-facility=/var/log/dnsmasq.log" >> /etc/dnsmasq.conf
 
service dnsmasq restart
 
# get log
journalctl -f -u dnsmasq