NoBIGTech Wiki Técnico

User Tools

Site Tools

Trace:
docu:tutos:net:rpi_to_router

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
docu:tutos:net:rpi_to_router [2020/02/08 12:58]
admin 		docu:tutos:net:rpi_to_router [2020/02/09 22:24] (current)
admin
Line 4: Line 4:
 Today we are going to **convert our raspberry pi** into an effective **router** to create a new local subnet where we can safely host our servers and their services.\\ Today we are going to **convert our raspberry pi** into an effective **router** to create a new local subnet where we can safely host our servers and their services.\\
  
-The device we are going to use is a **Raspberry Pi 3b model**, but **any device** with *nix, an **ethernet adapter** and 1 free **usb slot** (either 2.0, 3.0, usb c, micro usb) with **usb-to-ethernet support** compiled, should work.\\+The device we are going to use is a **Raspberry Pi 3b model** with latest Raspbian installed, but **any device** with *nix, an **ethernet adapter** and 1 free **usb slot** (either 2.0, 3.0, usb c, micro usb) with **usb-to-ethernet support** compiled, should work (most systems have this compiled by default, so it should not be a problem). \\
  
 \\ \\
 === THINGS YOU WILL NEED: === === THINGS YOU WILL NEED: ===
 a **small device** (in this case a Pi), a **usb-to-ethernet** cable (to create a new physical address), a **switch** (in case you want to extend your connections), **ethernet cables** (with different sizes, depends on your setup)\\ a **small device** (in this case a Pi), a **usb-to-ethernet** cable (to create a new physical address), a **switch** (in case you want to extend your connections), **ethernet cables** (with different sizes, depends on your setup)\\
 +
 +=== THINGS YOU COULD NEED: ===
 +a **usb hub** just in case your device only has 1 usb slot.
  
 \\ \\
Line 15: Line 18:
     - **Connect** the your small device to a **working router** (any router with internet access would do the work), connect it using the **onboard ethernet adapter**. In this case the gateway **interface will be eth0**     - **Connect** the your small device to a **working router** (any router with internet access would do the work), connect it using the **onboard ethernet adapter**. In this case the gateway **interface will be eth0**
     - Connect your **usb-to-ethernet** dongle to any free usb slot on your device.     - Connect your **usb-to-ethernet** dongle to any free usb slot on your device.
-    - You should see a **new interface**, our subnet **will be on eth1**. If you don't see the new interface  sure your **system supports usb-to-ethernet**)+    - You should see a **new interface** (`ip addr`), our subnet **will be on eth1**. If you don't see the new interface, make sure your **system supports usb-to-ethernet**
 +    - Connect a **small ethernet cable** from the usb-to-ethernet to a **switch** (for providing networking to other devices)
  
 <code txt> <code txt>
Line 22: Line 26:
 Some operations over SSH could make you lose access. Some operations over SSH could make you lose access.
 </code> </code>
 +
 +I also recommend you to **remove** network-manager, netplan, or any **networking auto-configuration software**, as our server will be **configured statically** in a way that is **supported by most *nix systems**.\\
 +
 +\\
 +Start by installing `isc-dhcp-server` package, which is a **dhcp server** so we can automatically **assign ips to our local sub-network** on eth1.
 +<code bash>
 +apt-get install isc-dhcp-server
 +</code>
 +
 +\\
 +Modify **/etc/default/isc-dhcp-server** to tell isc-dhcp-server to use **your eth1 interface**. You can uncomment the ipv6 line if you need ipv6 on your local network (which usually is not required).
 +
 +<code bash>vim /etc/default/isc-dhcp-server</code>
 +<file bash isc-dhcp-server>
 +# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
 +
 +# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
 +#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
 +#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
 +
 +# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
 +#DHCPDv4_PID=/var/run/dhcpd.pid
 +#DHCPDv6_PID=/var/run/dhcpd6.pid
 +
 +# Additional options to start dhcpd with.
 +#       Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
 +#OPTIONS=""
 +
 +# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
 +#       Separate multiple interfaces with spaces, e.g. "eth0 eth1".
 +INTERFACESv4="eth1"
 +#INTERFACESv6="eth1"
 +</file>
 +
 +We will be using the **192.168.2.0/24 network** for our new subnet, but you can use **anyone you want**!\\
 +Modify our dhcpd configuration on **/etc/dhcp/dhcpd.conf**
 +<code bash>vim /etc/dhcp/dhcpd.conf</code>
 +<file bash dhcpd.conf>
 +# time in seconds, setup to your needs
 +default-lease-time 600;
 +max-lease-time 7200;
 +
 +# 192.168.2.0/24
 +subnet 192.168.2.0 netmask 255.255.255.0 {
 +  authoritative;
 +  
 +  # the range of ips to give to clients
 +  # set at your own needs
 +  range 192.168.2.2 192.168.2.254;
 +  
 +  # i guess this can be omitted
 +  option subnet-mask 255.255.255.0;
 +  
 +  # this is important i guess
 +  option broadcast-address 192.168.2.255;
 +  
 +  # we are going to be 192.168.2.1, the router
 +  option routers 192.168.2.1;
 +  
 +  # you will be the dns server too
 +  option domain-name-servers 192.168.2.1;
 +  # otherwise, you can simply not configure a dns server and use any other
 +  #option domain-name-servers 1.1.1.1;
 +}
 +
 +# an example of dhcp reservation by mac address
 +host adevicename {
 +  hardware ethernet 01:23:45:6a:bc:de;
 +  fixed-address 192.168.2.130; # .130 is just an example
 +}
 +</file>
 +
 +Set yourself (the router) a **static ip address**:
 +<code bash>
 +ifconfig eth1 up
 +ip addr add 192.168.2.1/24 dev eth1
 +</code>
 +
 +Configure iptables to **route traffic** from **eth1 to eth0 and viceversa**:
 +<code bash>
 +# postrouting to our gateway interface eth0
 +iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 +
 +# this should in theory, block incoming packets that were not established first
 +iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
 +iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
 +
 +# enable ip forwarding if you haven't done yet
 +echo 1 > /proc/sys/net/ipv4/ip_forward
 +</code>
 +
 +To finish the setup, **restart the isc-dhcp-server**
 +<code bash>systemctl restart isc-dhcp-server</code>
 +
 +\\
 +=== Setup a DNS Server (Highly recommended) ===
 +
 +We will be using **dnsmasq** as our DNS Server, because it is very easy to install and configure.
 +<code bash>apt-get install dnsmasq</code>
 +
 +Configure the dns server:
 +<code bash>vim /etc/dnsmasq.conf</code>
 +<file bash dnsmasq.conf>
 +
 +# bind on custom interface or ip
 +#except-interface=lo
 +#bind-interfaces
 +#listen-address=192.168.2.1
 +
 +# log dns queries and dhcp requests
 +#log-queries
 +#log-dhcp
 +
 +# expand /etc/hosts hosts to your dns
 +expand-hosts
 +
 +# forward dns request to this ip
 +# when you can't resolve an address
 +server=1.1.1.1
 +# if omitted, dnsmasq will use resolvconf to return
 +# the dns configuration inherited by the dhcp server
 +</file>
 +
 +Restart the **dnsmasq** server
 +<code bash>systemctl restart dnsmasq</code>
 +
 +\\
 +=== Connect your server or laptop to the switch you've configured earlier, and wollah! ===
 +==== Enjoy! ====
docu/tutos/net/rpi_to_router.1581166680.txt.gz · Last modified: 2020/02/08 12:58 by admin

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki