NoBIGTech Wiki Técnico

User Tools

Site Tools

Trace:
docu:tutos:net:rpi_to_router

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
docu:tutos:net:rpi_to_router [2020/02/08 12:58]
admin 		docu:tutos:net:rpi_to_router [2020/02/08 14:15]
admin
Line 4: Line 4:
 Today we are going to **convert our raspberry pi** into an effective **router** to create a new local subnet where we can safely host our servers and their services.\\ Today we are going to **convert our raspberry pi** into an effective **router** to create a new local subnet where we can safely host our servers and their services.\\
  
-The device we are going to use is a **Raspberry Pi 3b model**, but **any device** with *nix, an **ethernet adapter** and 1 free **usb slot** (either 2.0, 3.0, usb c, micro usb) with **usb-to-ethernet support** compiled, should work.\\+The device we are going to use is a **Raspberry Pi 3b model** with latest Raspbian installed, but **any device** with *nix, an **ethernet adapter** and 1 free **usb slot** (either 2.0, 3.0, usb c, micro usb) with **usb-to-ethernet support** compiled, should work (most systems have this compiled by default, so it should not be a problem). \\
  
 \\ \\
 === THINGS YOU WILL NEED: === === THINGS YOU WILL NEED: ===
 a **small device** (in this case a Pi), a **usb-to-ethernet** cable (to create a new physical address), a **switch** (in case you want to extend your connections), **ethernet cables** (with different sizes, depends on your setup)\\ a **small device** (in this case a Pi), a **usb-to-ethernet** cable (to create a new physical address), a **switch** (in case you want to extend your connections), **ethernet cables** (with different sizes, depends on your setup)\\
 +
 +=== THINGS YOU COULD NEED: ===
 +a **usb hub** just in case your device only has 1 usb slot.
  
 \\ \\
Line 15: Line 18:
     - **Connect** the your small device to a **working router** (any router with internet access would do the work), connect it using the **onboard ethernet adapter**. In this case the gateway **interface will be eth0**     - **Connect** the your small device to a **working router** (any router with internet access would do the work), connect it using the **onboard ethernet adapter**. In this case the gateway **interface will be eth0**
     - Connect your **usb-to-ethernet** dongle to any free usb slot on your device.     - Connect your **usb-to-ethernet** dongle to any free usb slot on your device.
-    - You should see a **new interface**, our subnet **will be on eth1**. If you don't see the new interface  sure your **system supports usb-to-ethernet**)+    - You should see a **new interface** (`ip addr`), our subnet **will be on eth1**. If you don't see the new interface, make sure your **system supports usb-to-ethernet**
 +    - Connect a **small ethernet cable** from the usb-to-ethernet to a **switch** (for providing networking to other devices)
  
 <code txt> <code txt>
Line 22: Line 26:
 Some operations over SSH could make you lose access. Some operations over SSH could make you lose access.
 </code> </code>
 +
 +I also recommend you to **remove** network-manager, netplan, or any **networking auto-configuration software**, as our server will be **configured statically** in a way that is **supported by most *nix systems**.\\
 +
 +\\
 +Start by installing `isc-dhcp-server` package, which is a **dhcp server** so we can automatically **assign ips to our local sub-network** on eth1.
 +<code bash>
 +apt-get install isc-dhcp-server
 +</code>
 +
 +\\
 +Modify **/etc/default/isc-dhcp-server** to tell isc-dhcp-server to use **your eth1 interface**. You can uncomment the ipv6 line if you need ipv6 on your local network (which usually is not required).
 +
 +<code bash>vim /etc/default/isc-dhcp-server</code>
 +<file bash isc-dhcp-server>
 +# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
 +
 +# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
 +#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
 +#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
 +
 +# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
 +#DHCPDv4_PID=/var/run/dhcpd.pid
 +#DHCPDv6_PID=/var/run/dhcpd6.pid
 +
 +# Additional options to start dhcpd with.
 +#       Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
 +#OPTIONS=""
 +
 +# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
 +#       Separate multiple interfaces with spaces, e.g. "eth0 eth1".
 +INTERFACESv4="eth1"
 +#INTERFACESv6="eth1"
 +</file>
 +
 +We will be using the **192.168.2.0/24 network** for our new subnet, but you can use **anyone you want**!\\
 +Modify our dhcpd configuration on **/etc/dhcp/dhcpd.conf**
 +<code bash>vim /etc/dhcp/dhcpd.conf</code>
 +<file bash dhcpd.conf>
 +# time in seconds, setup to your needs
 +default-lease-time 600;
 +max-lease-time 7200;
 +
 +# 192.168.2.0/24
 +subnet 192.168.2.0 netmask 255.255.255.0 {
 +  authoritative;
 +  
 +  # the range of ips to give to clients
 +  # set at your own needs
 +  range 192.168.2.2 192.168.2.254;
 +  
 +  # i guess this can be omitted
 +  option subnet-mask 255.255.255.0;
 +  
 +  # this is important i guess
 +  option broadcast-address 192.168.2.255;
 +  
 +  # we are going to be 192.168.2.1, the router
 +  option routers 192.168.2.1;
 +  
 +  # you will be the dns server too
 +  option domain-name-servers 192.168.2.1;
 +  # otherwise, you can simply not configure a dns server and use any other
 +  #option domain-name-servers 1.1.1.1;
 +}
 +
 +# an example of dhcp reservation by mac address
 +host adevicename {
 +  hardware ethernet 01:23:45:6a:bc:de;
 +  fixed-address 192.168.2.130; # .130 is just an example
 +}
 +</file>
 +
 +Set yourself (the router) a **static ip address**:
 +<code bash>
 +ifconfig eth1 up
 +ip addr add 192.168.2.1/24 dev eth1
 +</code>
 +
 +Configure iptables to **route traffic** from **eth1 to eth0 and viceversa**:
 +<code bash>
 +# postrouting to our gateway interface eth0
 +iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 +
 +# this should in theory, block incoming packets that were not established first
 +iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
 +iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
 +
 +# enable ip forwarding if you haven't done yet
 +echo 1 > /proc/sys/net/ipv4/ip_forward
 +</code>
 +
 +To finish the setup, **restart the isc-dhcp-server**
 +<code bash>systemctl restart isc-dhcp-server</code>
 +
 +\\
 +=== Setup a DNS Server (Highly recommended) ===
 +
 +We will be using **dnsmasq** as our DNS Server, because it is very easy to install and configure.
 +<code bash>apt-get install dnsmasq</code>
 +
 +Configure the dns server:
 +<code bash>vim /etc/dnsmasq.conf</code>
 +<file bash dnsmasq.conf>
 +
 +# bind on custom interface or ip
 +#except-interface=lo
 +#bind-interfaces
 +#listen-address=192.168.2.1
 +
 +# log dns queries and dhcp requests
 +#log-queries
 +#log-dhcp
 +
 +# expand /etc/hosts hosts to your dns
 +expand-hosts
 +
 +# forward dns request to this ip
 +# when you can't resolve an address
 +server=1.1.1.1
 +</file>
 +
 +Restart the **dnsmasq** server
 +<code bash>systemctl restart dnsmasq</code>
 +
 +\\
 +=== Connect your server or laptop to the switch you've configured earlier, and wollah! ===
 +==== Enjoy! ====
docu/tutos/net/rpi_to_router.txt · Last modified: 2020/02/09 22:24 by admin

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki