NoBIGTech Wiki Técnico

User Tools

Site Tools

Trace:
docu:tutos:net:rpi_to_router

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
docu:tutos:net:rpi_to_router [2020/02/08 13:18]
admin 		docu:tutos:net:rpi_to_router [2020/02/09 22:24] (current)
admin
Line 19: Line 19:
     - Connect your **usb-to-ethernet** dongle to any free usb slot on your device.     - Connect your **usb-to-ethernet** dongle to any free usb slot on your device.
     - You should see a **new interface** (`ip addr`), our subnet **will be on eth1**. If you don't see the new interface, make sure your **system supports usb-to-ethernet**)     - You should see a **new interface** (`ip addr`), our subnet **will be on eth1**. If you don't see the new interface, make sure your **system supports usb-to-ethernet**)
 +    - Connect a **small ethernet cable** from the usb-to-ethernet to a **switch** (for providing networking to other devices)
  
 <code txt> <code txt>
Line 26: Line 27:
 </code> </code>
  
-really recommend you to **remove** network-manager, netplan, or any **networking auto-configuration software**, as our server will be **configured statically** in a way that is **supported by most *nix systems**.\\+also recommend you to **remove** network-manager, netplan, or any **networking auto-configuration software**, as our server will be **configured statically** in a way that is **supported by most *nix systems**.\\
  
 +\\
 Start by installing `isc-dhcp-server` package, which is a **dhcp server** so we can automatically **assign ips to our local sub-network** on eth1. Start by installing `isc-dhcp-server` package, which is a **dhcp server** so we can automatically **assign ips to our local sub-network** on eth1.
 <code bash> <code bash>
Line 33: Line 35:
 </code> </code>
  
 +\\
 Modify **/etc/default/isc-dhcp-server** to tell isc-dhcp-server to use **your eth1 interface**. You can uncomment the ipv6 line if you need ipv6 on your local network (which usually is not required). Modify **/etc/default/isc-dhcp-server** to tell isc-dhcp-server to use **your eth1 interface**. You can uncomment the ipv6 line if you need ipv6 on your local network (which usually is not required).
 +
 +<code bash>vim /etc/default/isc-dhcp-server</code>
 <file bash isc-dhcp-server> <file bash isc-dhcp-server>
 # Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server) # Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
Line 55: Line 60:
 </file> </file>
  
 +We will be using the **192.168.2.0/24 network** for our new subnet, but you can use **anyone you want**!\\
 +Modify our dhcpd configuration on **/etc/dhcp/dhcpd.conf**
 +<code bash>vim /etc/dhcp/dhcpd.conf</code>
 +<file bash dhcpd.conf>
 +# time in seconds, setup to your needs
 +default-lease-time 600;
 +max-lease-time 7200;
 +
 +# 192.168.2.0/24
 +subnet 192.168.2.0 netmask 255.255.255.0 {
 +  authoritative;
 +  
 +  # the range of ips to give to clients
 +  # set at your own needs
 +  range 192.168.2.2 192.168.2.254;
 +  
 +  # i guess this can be omitted
 +  option subnet-mask 255.255.255.0;
 +  
 +  # this is important i guess
 +  option broadcast-address 192.168.2.255;
 +  
 +  # we are going to be 192.168.2.1, the router
 +  option routers 192.168.2.1;
 +  
 +  # you will be the dns server too
 +  option domain-name-servers 192.168.2.1;
 +  # otherwise, you can simply not configure a dns server and use any other
 +  #option domain-name-servers 1.1.1.1;
 +}
 +
 +# an example of dhcp reservation by mac address
 +host adevicename {
 +  hardware ethernet 01:23:45:6a:bc:de;
 +  fixed-address 192.168.2.130; # .130 is just an example
 +}
 +</file>
 +
 +Set yourself (the router) a **static ip address**:
 +<code bash>
 +ifconfig eth1 up
 +ip addr add 192.168.2.1/24 dev eth1
 +</code>
 +
 +Configure iptables to **route traffic** from **eth1 to eth0 and viceversa**:
 +<code bash>
 +# postrouting to our gateway interface eth0
 +iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 +
 +# this should in theory, block incoming packets that were not established first
 +iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
 +iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
 +
 +# enable ip forwarding if you haven't done yet
 +echo 1 > /proc/sys/net/ipv4/ip_forward
 +</code>
 +
 +To finish the setup, **restart the isc-dhcp-server**
 +<code bash>systemctl restart isc-dhcp-server</code>
 +
 +\\
 +=== Setup a DNS Server (Highly recommended) ===
 +
 +We will be using **dnsmasq** as our DNS Server, because it is very easy to install and configure.
 +<code bash>apt-get install dnsmasq</code>
 +
 +Configure the dns server:
 +<code bash>vim /etc/dnsmasq.conf</code>
 +<file bash dnsmasq.conf>
 +
 +# bind on custom interface or ip
 +#except-interface=lo
 +#bind-interfaces
 +#listen-address=192.168.2.1
 +
 +# log dns queries and dhcp requests
 +#log-queries
 +#log-dhcp
 +
 +# expand /etc/hosts hosts to your dns
 +expand-hosts
 +
 +# forward dns request to this ip
 +# when you can't resolve an address
 +server=1.1.1.1
 +# if omitted, dnsmasq will use resolvconf to return
 +# the dns configuration inherited by the dhcp server
 +</file>
 +
 +Restart the **dnsmasq** server
 +<code bash>systemctl restart dnsmasq</code>
  
 +\\
 +=== Connect your server or laptop to the switch you've configured earlier, and wollah! ===
 +==== Enjoy! ====
docu/tutos/net/rpi_to_router.1581167913.txt.gz · Last modified: 2020/02/08 13:18 by admin

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki