NoBIGTech Wiki Técnico

User Tools

Site Tools

Trace:
docu:tutos:net:rpi_to_router

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
docu:tutos:net:rpi_to_router [2020/02/08 12:47]
admin 		docu:tutos:net:rpi_to_router [2020/02/09 22:24] (current)
admin
Line 4: Line 4:
 Today we are going to **convert our raspberry pi** into an effective **router** to create a new local subnet where we can safely host our servers and their services.\\ Today we are going to **convert our raspberry pi** into an effective **router** to create a new local subnet where we can safely host our servers and their services.\\
  
-The device we are going to use is a **Raspberry Pi 3b model**, but **any device** with *nix, an **ethernet adapter** and 1 free **usb slot** (either 2.0, 3.0, usb c, micro usb) with **usb-to-ethernet support** compiled, should work.\\+The device we are going to use is a **Raspberry Pi 3b model** with latest Raspbian installed, but **any device** with *nix, an **ethernet adapter** and 1 free **usb slot** (either 2.0, 3.0, usb c, micro usb) with **usb-to-ethernet support** compiled, should work (most systems have this compiled by default, so it should not be a problem). \\
  
 \\ \\
 === THINGS YOU WILL NEED: === === THINGS YOU WILL NEED: ===
 a **small device** (in this case a Pi), a **usb-to-ethernet** cable (to create a new physical address), a **switch** (in case you want to extend your connections), **ethernet cables** (with different sizes, depends on your setup)\\ a **small device** (in this case a Pi), a **usb-to-ethernet** cable (to create a new physical address), a **switch** (in case you want to extend your connections), **ethernet cables** (with different sizes, depends on your setup)\\
 +
 +=== THINGS YOU COULD NEED: ===
 +a **usb hub** just in case your device only has 1 usb slot.
  
 \\ \\
-=== Let'start with the Setup!! ===+=== Let'get things started! ===
  
-    - **Connect** the your small device to a **working router** (any router with internet access would do the work), connecting using the **onboard ethernet adapter**. In this case the **device will be eth0**+    - **Connect** the your small device to a **working router** (any router with internet access would do the work), connect it using the **onboard ethernet adapter**. In this case the gateway **interface will be eth0**
     - Connect your **usb-to-ethernet** dongle to any free usb slot on your device.     - Connect your **usb-to-ethernet** dongle to any free usb slot on your device.
-    - Make sure your system supports usb-to-ethernet. You should see a new eth deviceIt **will be eth1** +    - You should see a **new interface** (`ip addr`), our subnet **will be on eth1**. If you don't see the new interface, make sure your **system supports usb-to-ethernet**) 
-    eeeeeeee +    - Connect a **small ethernet cable** from the usb-to-ethernet to a **switch** (for providing networking to other devices) 
-    + 
 +<code txt> 
 +I highly recommend you do this operations on a physical screen 
 +connected to your device, and a usb keyboard. 
 +Some operations over SSH could make you lose access. 
 +</code> 
 + 
 +I also recommend you to **remove** network-manager, netplan, or any **networking auto-configuration software**, as our server will be **configured statically** in a way that is **supported by most *nix systems**.\\ 
 + 
 +\\ 
 +Start by installing `isc-dhcp-server` package, which is a **dhcp server** so we can automatically **assign ips to our local sub-network** on eth1. 
 +<code bash> 
 +apt-get install isc-dhcp-server 
 +</code> 
 + 
 +\\ 
 +Modify **/etc/default/isc-dhcp-server** to tell isc-dhcp-server to use **your eth1 interface**. You can uncomment the ipv6 line if you need ipv6 on your local network (which usually is not required). 
 + 
 +<code bash>vim /etc/default/isc-dhcp-server</code> 
 +<file bash isc-dhcp-server> 
 +# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server) 
 + 
 +# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf). 
 +#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf 
 +#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf 
 + 
 +# Path to dhcpd's PID file (default: /var/run/dhcpd.pid). 
 +#DHCPDv4_PID=/var/run/dhcpd.pid 
 +#DHCPDv6_PID=/var/run/dhcpd6.pid 
 + 
 +# Additional options to start dhcpd with. 
 +#       Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead 
 +#OPTIONS="" 
 + 
 +# On what interfaces should the DHCP server (dhcpd) serve DHCP requests? 
 +#       Separate multiple interfaces with spaces, e.g. "eth0 eth1"
 +INTERFACESv4="eth1" 
 +#INTERFACESv6="eth1" 
 +</file> 
 + 
 +We will be using the **192.168.2.0/24 network** for our new subnet, but you can use **anyone you want**!\\ 
 +Modify our dhcpd configuration on **/etc/dhcp/dhcpd.conf** 
 +<code bash>vim /etc/dhcp/dhcpd.conf</code> 
 +<file bash dhcpd.conf> 
 +# time in seconds, setup to your needs 
 +default-lease-time 600; 
 +max-lease-time 7200; 
 + 
 +# 192.168.2.0/24 
 +subnet 192.168.2.0 netmask 255.255.255.0 { 
 +  authoritative; 
 +   
 +  # the range of ips to give to clients 
 +  # set at your own needs 
 +  range 192.168.2.2 192.168.2.254; 
 +   
 +  # i guess this can be omitted 
 +  option subnet-mask 255.255.255.0; 
 +   
 +  # this is important i guess 
 +  option broadcast-address 192.168.2.255; 
 +   
 +  # we are going to be 192.168.2.1, the router 
 +  option routers 192.168.2.1; 
 +   
 +  # you will be the dns server too 
 +  option domain-name-servers 192.168.2.1; 
 +  # otherwise, you can simply not configure a dns server and use any other 
 +  #option domain-name-servers 1.1.1.1; 
 +
 + 
 +# an example of dhcp reservation by mac address 
 +host adevicename { 
 +  hardware ethernet 01:23:45:6a:bc:de; 
 +  fixed-address 192.168.2.130; # .130 is just an example 
 +
 +</file> 
 + 
 +Set yourself (the router) a **static ip address**: 
 +<code bash> 
 +ifconfig eth1 up 
 +ip addr add 192.168.2.1/24 dev eth1 
 +</code> 
 + 
 +Configure iptables to **route traffic** from **eth1 to eth0 and viceversa**: 
 +<code bash> 
 +# postrouting to our gateway interface eth0 
 +iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
 + 
 +# this should in theory, block incoming packets that were not established first 
 +iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT 
 +iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT 
 + 
 +# enable ip forwarding if you haven't done yet 
 +echo 1 > /proc/sys/net/ipv4/ip_forward 
 +</code> 
 + 
 +To finish the setup, **restart the isc-dhcp-server** 
 +<code bash>systemctl restart isc-dhcp-server</code> 
 + 
 +\\ 
 +=== Setup a DNS Server (Highly recommended) === 
 + 
 +We will be using **dnsmasq** as our DNS Server, because it is very easy to install and configure. 
 +<code bash>apt-get install dnsmasq</code> 
 + 
 +Configure the dns server: 
 +<code bash>vim /etc/dnsmasq.conf</code> 
 +<file bash dnsmasq.conf> 
 + 
 +# bind on custom interface or ip 
 +#except-interface=lo 
 +#bind-interfaces 
 +#listen-address=192.168.2.1 
 + 
 +# log dns queries and dhcp requests 
 +#log-queries 
 +#log-dhcp 
 + 
 +# expand /etc/hosts hosts to your dns 
 +expand-hosts 
 + 
 +# forward dns request to this ip 
 +# when you can't resolve an address 
 +server=1.1.1.1 
 +# if omitted, dnsmasq will use resolvconf to return 
 +# the dns configuration inherited by the dhcp server 
 +</file> 
 + 
 +Restart the **dnsmasq** server 
 +<code bash>systemctl restart dnsmasq</code> 
 + 
 +\\ 
 +=== Connect your server or laptop to the switch you've configured earlier, and wollah! === 
 +==== Enjoy! ====
docu/tutos/net/rpi_to_router.1581166042.txt.gz · Last modified: 2020/02/08 12:47 by admin

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki