In case you do not already have a router or your existing router cannot be set up accordingly, any machine which fulfills the requirements for a minimal Debian installation and which has at least two network interfaces can be turned into a gateway between the existing network and the DebianEdu one.
Setting up a gateway using debian-edu-router
The debian-edu-router-config package simplifies the the setup of a gateway for a DebianEdu network through an interactive configuration process where the necessary information is obtained through a series of dialogues.
In order to make use of it, perform a minimal Debian installation. Be sure to use the regular Debian installer and not the DebianEdu installer since DebianEdu installations are not supported by debian-edu-router-config.
Install the debian-edu-router-config package using
DEBIAN_FRONTEND=noninteractive apt install -y -q debian-edu-router-config
Error messages regarding the configuration are expected and can be ignored for now.
For the configuration process following the installation of debian-edu-router-config, physical access to the computer is required.
The network interfaces may already be connected to the corresponding networks but do not have to be. However it is necessary to be aware which interface will be connected to which network. In order to obtain more information about the network hardware
lshw -class network
can be used.
Remove the configuration of the two network interfaces to be used from /etc/network/interfaces or files in /etc/network/interfaces.d/ and un-configure the two interfaces using
ip addr flush <interface>
The actual configuration process is started with
dpkg-reconfigure --force uif debian-edu-router
When asked about the uif firewall configuration method choose "debian-edu-router". Confirm that you want to set up the firewall for Debian Edu Router.
Decide whether you want to respond to ping and traceroute. If unsure answer with yes as it can be useful for diagnosing network issues.
Confirm that you want to enable IP packet forwarding.
Next, assign networks to the network interfaces in your router, choose one of the offered options depending on whether your network interfaces are already connected or not.
Select the interface which is connected to the upstream network.
Select an internal network, in case you are unsure and simply want a single internal network select "Education" here.
Select whether VLANs should be used for internal networks, if you are unsure select no here.
Select "IPv4" here.
Select "Uplink" if your upstream network requires a static IP address and, if you followed the above suggestion on internal networks, "Education".
Set 10.0.0.1/8 as the static IP address for the internal network "Education" if you followed the above suggestion on internal networks.
Enable NAT for the internal network.
Enable internet access for internal networks.
If you want to expose any internal services to the internet you can configure them using the described syntax. Note that SSH access to the gateway can be configured using the following dialog.
Decide from which networks you want to allow SSH access to the gateway.
Configure the SSH port, this should be 22 if the configuration has not been changed.
Do not enable DHCP for the internal networks, it will be offered by the DebianEdu main server.
Connect the network interfaces if you have not already done so and reboot the machine.
If SSH access has been enabled the gateway can be reconfigured remotely via the menu offered when logging in as root. Pressing c in the main menu switches to the configuration menu from which all or parts of the configuration can be changed using the same dialogue system which was used for the initial configuration.