How to Configure a Debian/Ubuntu Server as a Router

Published on: April 26, 2025

.

6 min read

.

For German Version

When people think of routers, they often imagine small boxes provided by internet companies, devices that simply connect us to the web. But what if your router could do more than just provide internet access? What if it could monitor your traffic, filter harmful websites, and give you full control over your network, all without the need for expensive hardware?

That’s exactly what you can achieve by using a Debian or Ubuntu server as a router.

With just a computer and open-source tools, you can turn a Linux server into a powerful gateway for your home or office network. This setup not only gives you flexibility and customization but also opens the door to advanced features like network monitoring and security.

One of the most valuable tools in this setup is Zenarmor, a modern, lightweight network security solution. By adding Zenarmor to your Linux router, you gain deep insight into your network traffic and powerful protection for all connected devices.

In this guide, you’ll learn what a router does, how to configure a Debian/Ubuntu server as a router, and how Zenarmor can help you protect your network with ease.

Configuring Ubuntu/Debian as a Router

Turning your Debian or Ubuntu system into a functioning router might sound technical, but it only takes a few key steps. As long as your system has two network interfaces, one connected to the internet (WAN) and another connected to your internal network (LAN), you’re ready to begin.

In this guide, we’ll demonstrate how to set up an Ubuntu Server as a router using VirtualBox in a virtual lab environment. This setup is designed to route traffic from internal devices (such as a Kali Linux VM) through the Ubuntu router, and then Zenarmor inspects network packets before they reach the internet.

By combining basic Linux routing with Zenarmor’s deep packet inspection capabilities, you create a flexible and secure virtual network that mimics real-world infrastructure, ideal for learning, testing, and practicing advanced network configurations. The following steps provide a simplified walkthrough for configuring Ubuntu as a router.

Step 1: Identify Network Interfaces

To configure routing correctly, we first need to identify which network interfaces are available and what names the system has assigned to them (they may differ across environments).

Run the following command to list all interfaces.

ip a

In a VirtualBox environment, you’ll typically see two interfaces:

• One for internet access via NAT (enp0s3)

• One for the internal network via Host-Only (enp0s8)

These names may vary; adjust commands accordingly. We will use enp0s8 to serve internal devices and route their traffic.

Step 2: Assign a Static IP to the Internal (LAN) Interface

The LAN interface (enp0s8) needs a fixed IP address so internal devices can consistently use it as their gateway.

1. Open the Netplan configuration file to define the static IP with the command below.

   sudo nano /etc/netplan/01-netcfg.yaml

2. Add or edit the configuration as shown below.

   network:
   version: 2
   renderer: networkd
   ethernets:
   enp0s8:
   addresses: [192.168.56.1/24]
   dhcp4: no

3. Apply the configuration. This sets your Ubuntu Server’s LAN IP to 192.168.56.1.

   sudo netplan apply

Step 3: Enable IP Forwarding

By default, Linux does not pass traffic from one interface to another. We need to enable IP forwarding so the server can act as a true router.

1. Open the system configuration file to enable IP forwarding.

   sudo nano /etc/sysctl.conf

2. Find this line in the file.

   #net.ipv4.ip_forward=1

3. To uncomment the line, simply remove the # at the beginning so it looks like this. If the line doesn’t exist, just add it yourself at the end of the file.

   net.ipv4.ip_forward=1

4. Save the file by pressing Ctrl + O then Enter (to write the file) and Ctrl + X (to exit nano).

5. Then activate the new setting immediately with the command below.

   sudo sysctl -p

This enables packet forwarding at the system level, allowing Ubuntu to forward traffic between its interfaces.

Step 4: Configure NAT (Network Address Translation)

NAT allows internal devices to access the internet using the router’s external IP. Without this, internal devices can’t reach outside networks. Run these three commands to configure NAT and packet forwarding rules. Do not forget to update interface names depending on your setup.

sudo iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -j ACCEPT
sudo iptables -A FORWARD -i enp0s3 -o enp0s8 -m state --state RELATED, ESTABLISHED -j ACCEPT

These rules enable NAT on the internet-facing interface enp0s3 and allow forwarding between the internal enp0s8 and external networks.

Step 5: Save iptables Rules (Optional but Recommended)

By default, iptables rules are not persistent. You can either install iptables-persistent or manually save the rules by following the next steps.

1. Create a rules directory (if needed).

   sudo mkdir -p /etc/iptables
2. Save the current rules to a file.

   sudo iptables-save | sudo tee /etc/iptables/rules.v4

Since iptables rules are not saved automatically, you need to make sure they are reloaded every time the system starts. One simple way to do this is by adding a command that restores the rules at boot.

You can do this by adding the following line to your /etc/network/interfaces file or by using a custom systemd service.

pre-up iptables-restore < /etc/iptables/rules.v4

This tells the system to reload your saved firewall rules (rules.v4) before bringing up the network interface on boot.

This step is only needed if you used the manual iptables-save method and did not install iptables-persistent.

How Zenarmor Protects Internal Clients

Once your Debian or Ubuntu server is up and running as a router, you have a solid foundation for controlling how traffic flows in and out of your network. But routing alone is not enough since you need visibility and security. That’s where Zenarmor steps in.

Zenarmor is a lightweight, next-generation network security solution designed specifically for modern needs. It seamlessly integrates with your Linux-based router and inspects all the traffic that flows through it in real time. This means every device connected to your local network, from laptops and phones to IoT gadgets, can be monitored and protected without needing to install anything on those devices.

What makes Zenarmor truly powerful is its deep packet inspection (DPI) engine. Instead of just looking at IP addresses or ports, Zenarmor analyzes the actual content of network packets to identify applications, block harmful websites, and detect suspicious behaviors, even if they try to hide behind encrypted connections.

Here’s what Zenarmor brings to your network.

• Application Control: Detect and manage applications like YouTube, Zoom, BitTorrent, or games, based on your own rules.
• Web Filtering: Block categories such as adult content, gambling, social media, or custom domains, using a rich and regularly updated filter set.
• Real-Time Threat Detection: Identify and stop threats like malware, phishing attempts, or command-and-control (C2) communications before they reach your devices.
• Smart Dashboards: View traffic by device, app, domain, and category. Quickly spot unusual activity or bandwidth hogs.

All of this is handled without modifying your network devices. Zenarmor works transparently at the gateway level, which makes it an ideal solution for environments where you can't install software agents on every endpoint.

How to Configure the LAN Interface in Zenarmor on a Linux-Based Router

Once Zenarmor is installed on your Ubuntu-based router and registered to the Zenconsole cloud management portal, you can configure it to inspect and secure your internal network traffic. Follow these steps to configure your LAN interface correctly.

1. Go to dash.zenarmor.com and log in using the credentials you used during registration.

2. From the dashboard, go to Firewalls > My Firewalls and select your registered Ubuntu node (e.g., Node 1).

3. In the sidebar, navigate to Settings > Configuration. This will open the Firewall Configuration page for your selected node.

   Figure 1. Zenarmor Configuration Page

4. In the Please choose interfaces to protect section, select your internal network interface (e.g., enp0s8). This ensures that Zenarmor inspects all traffic coming from your LAN before it accesses the internet.

5. Enable traffic protection for this interface by checking the box.

6. Click Apply to finalize your settings.

7. Lastly, you may quickly define a policy to protect your clients against cyber threats depending on your needs.

With this configuration, all traffic from your internal clients will be passed through the router and inspected by Zenarmor in real time, without any need to redirect traffic to an external firewall or cloud.

For detailed instructions on setting up and registering Zenarmor on a Linux-based router, you can refer to the official Zenarmor documentation. These guides walk you through the full Zenarmor installation process, including package setup, cloud registration, and initial configuration. Following them ensures a stable and supported deployment.

What is a Router and Why is it Important?

A router is a device or system that connects different networks together, most commonly, your internal home or office network to the internet. It acts like a traffic controller, making sure that data from your computer, phone, or any other device reaches its correct destination quickly and efficiently.

In a typical setup, the router receives internet access from your Internet Service Provider (ISP) and then shares that connection with all the devices on your local network. But a router does more than just share internet. A router ensures that each device gets the correct data, keeps track of connections, and helps protect your network from outside threats by acting as a barrier between your private network and the open internet.

Routers are essential for enabling multiple devices to access the internet at the same time, managing IP addresses, and providing basic security features such as firewall rules and traffic control. In more advanced setups, like OPNsense and pfSense routing platforms or Linux-based servers powered with Zenarmor, a router can be configured with extra features like content filtering, device-level monitoring, and detailed traffic logging.

In short, the router is the foundation of any network; without it, modern digital communication would be disorganized, insecure, and inefficient.

Why Use Ubuntu/Debian Server as a Router?

Using a Debian or Ubuntu server as a router gives you full control over how your network operates and is protected. Unlike commercial routers that come with fixed features and limited customization, a Linux-based server allows you to define exactly how traffic is routed, monitored, and secured, all tailored to your own needs.

One of the biggest advantages is the ability to integrate powerful security tools like Zenarmor. When combined with Ubuntu and Debian, Zenarmor transforms a basic router into a smart, secure gateway capable of analyzing, filtering, and protecting your network traffic in real time. This gives you insights and control over your internet usage that go far beyond what most home or office routers provide.

Ubuntu and Debian servers are known for their reliability and efficiency. They can run smoothly on standard PC hardware or virtual machines, meaning you don’t need to invest in expensive equipment. Whether you’re setting up a home network, a small office, or a lab environment, this solution is scalable and cost-effective.

By using Ubuntu Server together with Zenarmor, you’re not just building a router; you're building a modern, intelligent security system that actively protects every device on your network.

Conclusion

With just open-source tools and a bit of configuration, you've built a powerful, secure, and fully transparent gateway for your entire network. Thanks to Zenarmor’s advanced inspection and real-time analytics capabilities, you now gain not only control but also complete visibility, fine-grained customization, and proactive security, all within your own infrastructure.

This combination offers a professional-grade network management and protection platform, one that’s completely affordable and flexible. Whether you're a home user, a system administrator, or simply a curious learner, this setup enables you to enhance your network security without the need for expensive licenses or black-box hardware.