==== Convert your Raspberry Pi into a Router ====

\\
Today we are going to **convert our raspberry pi** into an effective **router** to create a new local subnet where we can safely host our servers and their services.\\

The device we are going to use is a **Raspberry Pi 3b model** with latest Raspbian installed, but **any device** with *nix, an **ethernet adapter** and 1 free **usb slot** (either 2.0, 3.0, usb c, micro usb) with **usb-to-ethernet support** compiled, should work (most systems have this compiled by default, so it should not be a problem). \\

\\
=== THINGS YOU WILL NEED: ===
a **small device** (in this case a Pi), a **usb-to-ethernet** cable (to create a new physical address), a **switch** (in case you want to extend your connections), **ethernet cables** (with different sizes, depends on your setup)\\

=== THINGS YOU COULD NEED: ===
a **usb hub** just in case your device only has 1 usb slot.

\\
=== Let's get things started! ===

    - **Connect** the your small device to a **working router** (any router with internet access would do the work), connect it using the **onboard ethernet adapter**. In this case the gateway **interface will be eth0**
    - Connect your **usb-to-ethernet** dongle to any free usb slot on your device.
    - You should see a **new interface** (`ip addr`), our subnet **will be on eth1**. If you don't see the new interface, make sure your **system supports usb-to-ethernet**)
    - Connect a **small ethernet cable** from the usb-to-ethernet to a **switch** (for providing networking to other devices)

<code txt>
I highly recommend you do this operations on a physical screen
connected to your device, and a usb keyboard.
Some operations over SSH could make you lose access.
</code>

I also recommend you to **remove** network-manager, netplan, or any **networking auto-configuration software**, as our server will be **configured statically** in a way that is **supported by most *nix systems**.\\

\\
Start by installing `isc-dhcp-server` package, which is a **dhcp server** so we can automatically **assign ips to our local sub-network** on eth1.
<code bash>
apt-get install isc-dhcp-server
</code>

\\
Modify **/etc/default/isc-dhcp-server** to tell isc-dhcp-server to use **your eth1 interface**. You can uncomment the ipv6 line if you need ipv6 on your local network (which usually is not required).

<code bash>vim /etc/default/isc-dhcp-server</code>
<file bash isc-dhcp-server>
# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)

# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf

# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
#DHCPDv4_PID=/var/run/dhcpd.pid
#DHCPDv6_PID=/var/run/dhcpd6.pid

# Additional options to start dhcpd with.
#       Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""

# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
#       Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACESv4="eth1"
#INTERFACESv6="eth1"
</file>

We will be using the **192.168.2.0/24 network** for our new subnet, but you can use **anyone you want**!\\
Modify our dhcpd configuration on **/etc/dhcp/dhcpd.conf**
<code bash>vim /etc/dhcp/dhcpd.conf</code>
<file bash dhcpd.conf>
# time in seconds, setup to your needs
default-lease-time 600;
max-lease-time 7200;

# 192.168.2.0/24
subnet 192.168.2.0 netmask 255.255.255.0 {
  authoritative;
  
  # the range of ips to give to clients
  # set at your own needs
  range 192.168.2.2 192.168.2.254;
  
  # i guess this can be omitted
  option subnet-mask 255.255.255.0;
  
  # this is important i guess
  option broadcast-address 192.168.2.255;
  
  # we are going to be 192.168.2.1, the router
  option routers 192.168.2.1;
  
  # you will be the dns server too
  option domain-name-servers 192.168.2.1;
  # otherwise, you can simply not configure a dns server and use any other
  #option domain-name-servers 1.1.1.1;
}

# an example of dhcp reservation by mac address
host adevicename {
  hardware ethernet 01:23:45:6a:bc:de;
  fixed-address 192.168.2.130; # .130 is just an example
}
</file>

Set yourself (the router) a **static ip address**:
<code bash>
ifconfig eth1 up
ip addr add 192.168.2.1/24 dev eth1
</code>

Configure iptables to **route traffic** from **eth1 to eth0 and viceversa**:
<code bash>
# postrouting to our gateway interface eth0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# this should in theory, block incoming packets that were not established first
iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

# enable ip forwarding if you haven't done yet
echo 1 > /proc/sys/net/ipv4/ip_forward
</code>

To finish the setup, **restart the isc-dhcp-server**
<code bash>systemctl restart isc-dhcp-server</code>

\\
=== Setup a DNS Server (Highly recommended) ===

We will be using **dnsmasq** as our DNS Server, because it is very easy to install and configure.
<code bash>apt-get install dnsmasq</code>

Configure the dns server:
<code bash>vim /etc/dnsmasq.conf</code>
<file bash dnsmasq.conf>

# bind on custom interface or ip
#except-interface=lo
#bind-interfaces
#listen-address=192.168.2.1

# log dns queries and dhcp requests
#log-queries
#log-dhcp

# expand /etc/hosts hosts to your dns
expand-hosts

# forward dns request to this ip
# when you can't resolve an address
server=1.1.1.1
# if omitted, dnsmasq will use resolvconf to return
# the dns configuration inherited by the dhcp server
</file>

Restart the **dnsmasq** server
<code bash>systemctl restart dnsmasq</code>

\\
=== Connect your server or laptop to the switch you've configured earlier, and wollah! ===
==== Enjoy! ====