Redes

Esta sección describe como se configura por defecto la red en FreedomBox y como se puede adaptar. Ver también la sección Cortafuegos para más información acerca de cómo funciona éste.

1. Configuración por defecto

En una imágen fresca de FreedomBox la red no está configurada. La configuración se realiza cuando la imágen se graba en una tarjeta SD y el dispositivo arranca. Durante el primer arranque el paquete FreedomBox setup detecta los interfaces (tarjetas) de red e intenta configurarlos automáticamente de modo que la FreedomBox quede disponible para seguir configurandola a través del interfaz web de otra máquina, sin necesidad de conectar un monitor a la FreedomBox. La configuración automática también procura dejar la FreedomBox operativa para sus escenarios de uso más importantes.

Trata 2 escenarios:

1.1. interfaz (tarjeta) ethernet único

Cuando el dispositivo hardware solo tiene 1 único interfaz (tarjeta) ethernet hay poco margen para que haga de router. En tal caso se asume que el dispositivo es solo una máquina más en la red. En consecuencia el único interfaz (tarjeta) disponible se configura para ser un interfaz interno en modo de configuración automática. Esto significa que se conecta a Internet empleando la configuración provista por un router de la red y que hace todos sus servicios (internos y externos) accesibles a todos los clientes que haya en esta red.

network_single.png

1.2. Múltiples interfaces (tarjetas) ethernet

Cuando el dispositivo hardware tiene múltiples interfaces (tarjetas) ethernet el dispositivo puede actuar como router. Entonces los interfaces se configuran para ejecutar esta función.

Aunque el proceso de asignación es determinista actualmente no está muy claro qué interfaz será WAN (los demás serán LAN). Así que averiguar cual es cual conllevará un poco de prueba y error. En el futuro esto estará bien documentado para cada dispositivo.

1.3. Configuración de la Wi-Fi

Todos los interfaces Wi-Fi se configuran para ser LAN o interfaces internos en modo de configuración compartido. También se configuran para ser puntos de acceso Wi-Fi con los siguientes datos:

2. Compartición de la Conexión a Internet

Aunque la principal obligación de FreedomBox es proporcionar servicios descentralizados también puede ejercer como router casero. Por tanto en la mayoría de los casos FreedomBox se conecta a Internet y proporciona a otras máquinas de la red la posibilidad de usar esa conexión a Internet. FreedomBox puede hacer esto de 2 formas: usando un modo de conexión compartido o empleando una conexión interna.

Cuando se configura un interfaz en modo compartido puedes conectarle tu máquina directamente, sea por cable desde este interfaz a tu máquina o conectando a través del punto de acceso Wi-Fi. Este caso es el más facil de usar porque FreedomBox automaticamente proporciona a tu máquina la configuración de red necesaria. Tu máquina conectará automaticamente a la red proporcionada por FreedomBox y podrá conectar a Internet ya que FreedomBox puede a su vez conectarse a Internet.

En ocasiones la configuración anterior podría no ser posible porque el dispositivo hardware tenga un único interfaz de red o por otros motivos. Incluso en este caso tu máquina puede todavía conectarse a Internet a través de la FreedomBox. Para que esto funcione asegúrate de que el interfaz de red al que se está conectando tu máquina esté en modo interno. Entonces conecta tu máquina a la red en la que está la FreedomBox. Después de esto configura la red de tu máquina indicando como puerta de enlace la dirección IP de la FreedomBox. FreedomBox aceptará entonces el tráfico de red de tu maquina y lo enviará a Internet. Esto funciona porque los interfaces de red en modo interno están configurados para enmascarar hacia Internet los paquetes que lleguen desde máquinas locales, así como para recibir paquetes desde Internet y reenviarlos hacia las máquinas locales.

3. Adaptaciones

La configuración por defecto anterior podría no servir para tu caso. Puedes adecuar la configuración para ajustarla a tus necesidades desde el área Redes de la sección Configuración del interfaz web de tu FreedomBox.

3.1. Conexiones PPPoE

Si tu ISP no proporciona configuración de red automática via DHCP y te obliga a conectar por PPPoE, para configurarlo elimina toda conexión de red existente en el interfaz y añade una de tipo PPPoE. Aquí, si procede, indica el usuario y la contraseña que te ha dado tu ISP y activa la conexión.

3.2. Connect to Internet via Wi-Fi

By default Wi-Fi devices attached during first boot will be configured as access points. They can be configured as regular Wi-Fi devices instead to connection to a local network or an existing Wi-Fi router. To do this, click on the Wi-Fi connection to edit it. Change the mode to Infrastructure instead of Access Point mode and IPv4 Addressing Method to Automatic (DHCP) instead of Shared mode. Then the SSID provided will mean the Wi-Fi network name you wish to connect to and passphrase will be the used to while making the connection.

3.2.1. Problems with Privacy Feature

NetworkManager used by FreedomBox to connect to the Wi-Fi networks has a privacy feature that uses a different identity when scanning for networks and when actually connecting to the Wi-Fi access point. Unfortunately, this causes problems with some routers that reject connections from such devices. Your connection won't successfully activate and disconnect after trying to activate. If you have control over the router's behaviour, you could also turn off the feature causing problem. Otherwise, the solution is to connect with a remote shell using SSH or Cockpit, editing a file /etc/NetworkManager/NetworkManager.conf and adding the line wifi.scan-rand-mac-address=no in the [device] section. This turns off the privacy feature.

Edit a file:

$ sudo nano /etc/NetworkManager/NetworkManager.conf

Add the following:

[device]
wifi.scan-rand-mac-address=no

Then reboot the machine.

3.3. Adding a new network device

When a new network device is added, network manager will automatically configure it. In most cases this will not work to your liking. Delete the automatic configuration created on the interface and create a new network connection. Select your newly added network interface in the add connection page.

3.4. Configuring a mesh network

FreedomBox has rudimentary support for participating in BATMAN-Adv based mesh networks. It is possible to either join an existing network in your area or create a new mesh network and share your Internet connection with the rest of the nodes that join the network. Currently, two connections have to be created and activated manually to join or create a mesh network.

3.4.1. Joining a mesh network

To join an existing mesh network in your area, first consult the organizers and get information about the mesh network.

  1. Create a new connection, then select the connection type as Wi-Fi. In the following dialog, provide the following values:

    Field Name

    Example Value

    Explanation

    Connection Name

    Mesh Join - BATMAN

    The name must end with 'BATMAN' (uppercase)

    Physical Interface

    wlan0

    The Wi-Fi device you wish to use for joining the mesh network

    Firewall Zone

    External

    Since you don't wish that participants in mesh network to use internal services of FreedomBox

    SSID

    ch1.freifunk.net

    As provided to you by the operators of the mesh network. You should see this as a network in Nearby Wi-Fi Networks

    Mode

    Ad-hoc

    Because this is a peer-to-peer network

    Frequency Band

    2.4Ghz

    As provided to you by the operators of the mesh network

    Channel

    1

    As provided to you by the operators of the mesh network

    BSSID

    12:CA:FF:EE:BA:BE

    As provided to you by the operators of the mesh network

    Authentication

    Open

    Leave this as open, unless you know your mesh network needs it be otherwise

    Passphrase

    Leave empty unless you know your mesh network requires one

    IPv4 Addressing Method

    Disabled

    We don't want to request IP configuration information yet

    Save the connection. Join the mesh network by activating this newly created connection.
  2. Create a second new connection, then select the connection type as Generic. In the following dialog, provide this following values:

    Field Name

    Example Value

    Explanation

    Connection Name

    Mesh Connect

    Any name to identify this connection

    Physical Interface

    bat0

    This interface will only show up after you successfully activate the connection in first step

    Firewall Zone

    External

    Since you don't wish that participants in mesh network to use internal services of FreedomBox

    IPv4 Addressing Method

    Auto

    Mesh networks usually have a DHCP server somewhere that provide your machine with IP configuration. If not, consult the operator and configure IP address setting accordingly with Manual method

    Save the connection. Configure your machine for participation in the network by activating this connection. Currently, this connection has to be manually activated every time you need to join the network. In future, FreedomBox will do this automatically. You will now be able reach other nodes in the network. You will also be able to connect to the Internet via the mesh network if there is an Internet connection point somewhere in mesh as setup by the operators.

3.4.2. Creating a mesh network

To create your own mesh network and share your Internet connection with the rest of the nodes in the network:

  1. Follow the instructions as provided above in step 1 of Joining a mesh network but choose and fix upon your own valid values for SSID (a name for you mesh network), Frequency Band (usually 2.4Ghz), Channel (1 to 11 in 2.4Ghz band) and BSSID (a hex value like 12:CA:DE:AD:BE:EF). Create this connection and activate it.

  2. Follow the instructions as provided above in step 2 of Joining a mesh network but select IPv4 Addressing Method as Shared. This will provide automatic IP configuration to other nodes in the network as well as share the Internet connection on your machine (achieved using a second Wi-Fi interface, using Ethernet, etc.) with other nodes in the mesh network.

Spread the word about your mesh network to your neighbors and let them know the parameters you have provided when creating the network. When other nodes connect to this mesh network, they have to follow steps in Joining a mesh network but use the values for SSID, Frequency Band and Channel that you have chosen when you created the mesh network.

4. Manual Network Operation

FreedomBox automatically configures networks by default and provides a simplified interface to customize the configuration to specific needs. In most cases, manual operation is not necessary. The following steps describe how to manually operate network configuration in the event that a user finds FreedomBox interface to insufficient for task at hand or to diagnose a problem that FreedomBox does not identify.

On the command line interface:

For text based user interface for configuring network connections:

nmtui

To see the list of available network devices:

nmcli device

To see the list of configured connections:

nmcli connection

To see the current status of a connection:

nmcli connection show '<connection_name>'

To see the current firewall zone assigned to a network interface:

nmcli connection show '<connection_name>' | grep zone

or

firewall-cmd --zone=internal --list-all
firewall-cmd --zone=external --list-all

To create a new network connection:

nmcli con add con-name "<connection_name>" ifname "<interface>" type ethernet
nmcli con modify "<connection_name>" connection.autoconnect TRUE
nmcli con modify "<connection_name>" connection.zone internal

To change the firewall zone for a connection:

nmcli con modify "<connection_name>" connection.zone "<internal|external>"

For more information on how to use nmcli command, see its man page. Also for a full list of configuration settings and type of connections accepted by Network Manager see:

https://developer.gnome.org/NetworkManager/stable/ref-settings.html

To see the current status of the firewall and manually operate it, see the Firewall section.


CategoryFreedomBox