=== The task ===

Let's suppose the following:
  * your server's ip address is **1.2.3.4**, 
  * and you wish to route for the subnet **192.168.1.0/24**
  * Your primary ethernet adapter is **enp2s0** 
  * and the secondary is **enp7s0**
  * this document does not contain info on setting up DHCP for the subnet. (e.g. use fix IP addresses)

=== Add a new netplan file ===
<code  yaml /etc/netplan/02-internal-network>
 network:
     version: 2
     renderer: networkd
     ethernets:
        enp7s0:
           dhcp4: no
           addresses: [192.168.1.1/24]
           gateway4: 1.2.3.4
           nameservers:
              addresses: [8.8.8.8]
              routes:
                 - to: 192.168.1.0/24
                   via: 192.168.1.1
                   metric: 100
</code>
then run:

  netplan generate
  netplan apply

=== Enable packet forwarding ===

/etc/sysctl.conf

Uncomment the next line to enable packet forwarding for IPv4

  net.ipv4.ip_forward=1

then run:

  sysctl -p

=== Set up a NAT rule in ufw ===

add the following in /etc/ufw/before.rules BEFORE the ** *filter ** rules

<code bash>
# NAT table rules
 *nat
 :POSTROUTING ACCEPT [0:0]
 -A POSTROUTING -s 192.168.34.0/24 -o enp2s0 -j MASQUERADE
 COMMIT
</code>

Note, that each section must be between:
<code bash>
*tablename
...
COMMIT
</code>

=== Firewall checks ===

Make sure your firewall allows the traffic needed.

For example ufw:

  ~$ sudo ufw status verbose
  
  Status: active
  Logging: on (low)
  Default: deny (incoming), allow (outgoing), deny (routed)
  New profiles: skip
  ...