ip ro ip route show ip route ls

default via 192.168.1.1 dev wlan0  proto static 
192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.3  metric 9 
192.168.10.0/24 dev eth0  proto kernel  scope link  src 192.168.10.1  metric 1 
192.168.56.0/24 dev vboxnet0  proto kernel  scope link  src 192.168.56.1 

ip route add default via 192.168.1.1 dev eth0
Add a default gateway (for all IP addresses on the system) that can be reached on eth0

ip link set up ip link set down
change the state of the device to UP or DOWN

ip address show
shows the IP addresses assigned to interfaces

ip addr add 192.168.1.10/24 dev eth0
add new protocol address

ip addr flush dev eth0 -statistics
release all the IP addresses of the device eth0

sudo apt-get install bridge-utils

ip addr flush dev eth0
ip addr flush dev wlan0
brctl addbr br0
brctl addif br0 eth0 wlan0
ip link set dev br0 up

persistent settings in /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback

# Bridge between eth0 and eth1
auto br0
iface br0 inet dhcp
# For static configuration delete or comment out the above line and uncomment the following:
# iface br0 inet static
#  address 192.168.1.10
#  netmask 255.255.255.0
#  network 192.168.1.0
#  gateway 192.168.1.1
#  dns-nameservers 192.168.1.5
#  dns-search example.com
  pre-up ip link set eth0 down
  pre-up ip link set eth1 down
  pre-up brctl addbr br0
  pre-up brctl addif br0 eth0 eth1
  pre-up ip addr flush dev eth0
  pre-up ip addr flush dev eth1
  post-down ip link set eth0 down
  post-down ip link set eth1 down
  post-down ip link set br0 down
  post-down brctl delif br0 eth0 eth1
  post-down brctl delbr br0

good tool: shorewall – translates settings for iptables/netfilter

sudo apt-get install shorewall shorewall-doc

/etc/shorewall/zones

#ZONE	TYPE	OPTIONS			IN			OUT
#					OPTIONS			OPTIONS
fw	firewall
net	ipv4
loc	ipv4
fixed   ipv4

/etc/shorewall/interfaces

?FORMAT 2
#ZONE   INTERFACE OPTIONS
net     wlan0           tcpflags,dhcp,nosmurfs,routefilter,logmartians,sourceroute=0
loc     vboxnet0        tcpflags,dhcp,nosmurfs,routefilter,logmartians
fixed   eth0            tcpflags,dhcp,nosmurfs,routefilter,logmartians

/etc/shorewall/policy

#SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST

loc		net		ACCEPT
fixed           net             ACCEPT
$FW             net             ACCEPT
net             $FW             ACCEPT
$FW             loc             ACCEPT
$FW             fixed           ACCEPT
loc             $FW             ACCEPT
fixed           $FW             ACCEPT
net		all		DROP		info
# THE FOLLOWING POLICY MUST BE LAST
all		all		REJECT		info

/etc/shorewall/masq

#INTERFACE:DEST		SOURCE		ADDRESS		PROTO	PORT(S)	IPSEC	MARK	USER/	SWITCH	ORIGINAL
#										GROUP		DEST
wlan0			10.0.0.0/8,\
			169.254.0.0/16,\
			172.16.0.0/12,\
			192.168.0.0/16

• /etc/shorewall/rules – see /usr/share/doc/shorewall/examples/three-interfaces/
• STARTUP_ENABLED=Yes in /etc/shorewall/shorewall.conf

sudo shorewall start

sudo apt-get install isc-dhcp-server

/etc/dhcp/dhcpd.conf

default-lease-time 600;
max-lease-time 7200;
log-facility local7;

subnet 192.168.56.0 netmask 255.255.255.0 {
  range 192.168.56.101 192.168.56.254;
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.56.255;
  option routers 192.168.56.1;
  option domain-name-servers 192.168.1.1, 8.8.8.8;
}

sudo dhcpd -d -f vboxnet0 eth0