Ubuntu 18.04 Jump server setup

In my environment I have limited IP addresses, so we’re creating a new network and then allowing one server, the jump server, to sit between these network.  To do this, my jump server, aka: jump104 is “dual-homed”.  This means it has two network adapters:  One on the public network, and one on the internal private network.  We are going to make this server a:

  • DHCP server to the 104 net
  • Router to the 104 net
  • DNS server to the 104 net
  • VNC Server to view things on the private network

Network Adapters

First, we install a brand new Ubuntu 18.04 operating system.  When I first set it up, I only had one interface which was configured correctly for the public network.  Now I need to modify the network to add the second network configuration.  This is done by editing /etc/netplan/01-netcfg.yaml

We add another stanza below what is already there:

To make sure that we can route traffic from the 104 net, we have to add some rules.  This is called IP masquerading or setting up a NAT service.

First, edit /etc/sysctl.d/99-sysctl.conf and uncomment

Then run

Next add the masquerading rules

Here, the -s is the source of the internal network:  The -o is the Internet facing interface, so for my setup it is the ens160


Next up, we need to make it a DNS slave.

In my setup we are creating a zone called “ccp.cisco.com”   We have to modify and add a few files.


Above we added two stanzas.  First our new domain and where to do lookups and changes and second the reverse zone:  Where to get names from IP addresses.


Here we make sure to only listen on our private interface for queries and only allow queries from addresses in our private network.  We also specify that any DNS query that we don’t know about (most of them) be forwarded to the master DNS service which can be directed through this server as well.


Now we add the addresses to the zone files we listed above.



Let’s check that we did it right with:


We are only serving on IPv4, so add the -4 flag to the options

Once done we can now restart the DNS server and apply changes:



DHCP is used for dolling out IP addresses to unsuspecting servers that come on the network.  This makes setting up IP addressing easy for VMs that pop up in our data center.

Now we add the DHCP range.  Here we want to create a dynamic range from  By editing the /etc/dhcp/dhcpd.conf file we can make this happen:

But we want to be sure we only listen and respond to DHCP requests on the internal facing network interface.  This is done by editing the /etc/default/isc-dhcp-server

Since after running ifconfig I see that my internal interface is ens192, I update this file to look as follows:

Since I’m not serving up DHCP for IPV6 then I just leave that blank.  To make all these changes take effect I now run:

It’s funny that I haven’t done this type of configuration since 2005 but some things haven’t changed all that much.


VNC Server

Being that all the stuff we want is behind a network we can’t reach, we need GUI tools to access the services.  In my case I’m installing Cisco Container Platform which requires that I can open a browser up to the IP address of the virtual machine behind this network.  I can accomplish this by installing VNC and Firefox.  I remember doing this once while installing vSphere many years ago and getting to the very end only to discover that I needed Flash and that Flash was not supported on Linux at the time.  Those days are gone and you can do everything now without Windows.  This makes me very happy.

From here I can start it up by simply running vncserver.  This opens up port 5901 and writes some configuration information to our ~/.vnc/xstartup.  We can customize it to look as follows:

Start it with:

We are now ready to roll and get this private network all the goodness that it needs.


  • https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-18-04
  • https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-vnc-on-ubuntu-18-04