Differences between revisions 1 and 10 (spanning 9 versions)
Revision 1 as of 2010-02-21 00:45:18
Size: 263
Editor: ?green
Comment: Initial commit
Revision 10 as of 2010-05-12 19:31:51
Size: 3648
Editor: ?green
Comment: Add construction comment
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= Debian home router/server =
I have been working to set up a [[http://www.soekris.com/net5501.htm|Soekris net5501]] to act as a home router/server. I will document my efforts here. If you know of a better place in the wiki for this to go, please suggest it.
## page was renamed from green/router
= Introduction =
''If you know of a better place in the wiki for this to go, please suggest it in the [[#Comments|Comments]] section.''

'''Under construction. I hope to get this finished eventually.'''

I have been working to set up a [[http://www.soekris.com/net5501.htm|Soekris net5501]] to act as a home router/server. My efforts are documented here. Note that this is not intended to cover any hardware issues; software only.

= Contents =
<<TableOfContents(2)>>

= Requirements =
Here is a list of requirements with links to the relevant sections.

 * 100% Debian, no external software unless absolutely necessary
 * Stock Debian kernel
 * [[#dnsmasq|dnsmasq]] server, providing
  * DNS, including local DNS
  * DHCP server, including static IPs
 * Support IPv4 and IPv6 - [[#Firewall|Firewall]]
 * [[#IPv6|IPv6]] address
  * [[#Teredo|Teredo]]
  * [[#6to4|6to4]]
 * Provide local private network bridge - [[#Basic Networking|Networking]]
  * Ethernet ports + private secured wireless ([[#hostapd|hostap]])
 * Provide public network
  * Unsecured wireless ([[#hostapd|hostap]])
 * Simple and robust [[#Firewall|firewall]]
  * Reasonable security for the router
  * Port forwarding (single, range, or all)
  * With [[#UPnP|UPnP]] support
  * Modify TOS packet header bits
 * [[#Traffic Control|Traffic control]] to provide a better internet experience for multiple users/connections
  * Use TOS packet header bits

= Assumptions =
 * eth0 is WAN ethernet port, others are LAN ethernet
 * wlan0 is wireless

= Basic Networking =
Internal network is all bridged to one subnet 192.168.5.0/24. Notice the wlan0 port is bridged also; otherwise it could have it's own section similar to br0.

/etc/network/interfaces:
{{{
# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface (WAN)
auto eth0
allow-hotplug eth0
iface eth0 inet dhcp

# Network bridge (LAN)
auto br0
iface br0 inet static
  address 192.168.5.1
  netmask 255.255.255.0
  network 192.168.5.0
  broadcast 192.168.5.255
  bridge_ports eth1 eth2 eth3 wlan0
}}}

The "allow-hotplug" stanza does not seem to work quite as well as I hoped in the case of unplugging from one device (eg. cable modem) to another. Perhaps the DHCP lease must expire?
----
Set up /etc/hosts to make local DNS work correctly:

Change this line:
{{{
127.0.1.1 hostname.example.org hostname
}}}

To:
{{{
192.168.5.1 hostname.example.org hostname2.example2.org hostname
}}}

''hostname -s'' and ''hostname -f'' should both work correctly now.

= dnsmasq =
dnsmasq.conf... TODO

= Firewall =
iptables & ip6tables... TODO

== UPnP ==
upnpd.conf... TODO

= hostap =
hostapd.conf... TODO

= IPv6 =
6to4 versus Teredo... TODO

== 6to4 ==
Public IPv4 address... TODO

== Teredo ==
miredo... TODO

= Traffic Control =
script... TODO

= Comments =
''Feedback is appreciated.''
 * I'd suggest recording the installation parts in the InstallingDebianOn namespace -- PaulWise <<DateTime(2010-02-21T09:01:02+0800)>>
  * Thanks Paul, but I do not plan to include any hardware-specific installation information. I added a note above. -- [[green]] <<DateTime(2010-02-20T21:08:07-0600)>>
   * Contributing to InstallingDebianOn would still be appreciated, as would the hardware info that the InstallingDebianOn templates suggest to add -- PaulWise <<DateTime(2010-02-21T20:37:45+0800)>>
    * [[InstallingDebianOn/Soekris/net5501|Done]], though it probably needs further work. -- [[green]] <<DateTime(2010-02-21T21:38:53-0600)>>

Introduction

If you know of a better place in the wiki for this to go, please suggest it in the ?Comments section.

Under construction. I hope to get this finished eventually.

I have been working to set up a Soekris net5501 to act as a home router/server. My efforts are documented here. Note that this is not intended to cover any hardware issues; software only.

Contents

Requirements

Here is a list of requirements with links to the relevant sections.

  • 100% Debian, no external software unless absolutely necessary
  • Stock Debian kernel
  • ?dnsmasq server, providing

    • DNS, including local DNS
    • DHCP server, including static IPs
  • Support IPv4 and IPv6 - ?Firewall

  • ?IPv6 address

    • ?Teredo

    • ?6to4

  • Provide local private network bridge - ?Networking

    • Ethernet ports + private secured wireless (?hostap)

  • Provide public network
    • Unsecured wireless (?hostap)

  • Simple and robust ?firewall

    • Reasonable security for the router
    • Port forwarding (single, range, or all)
    • With ?UPnP support

    • Modify TOS packet header bits
  • ?Traffic control to provide a better internet experience for multiple users/connections

    • Use TOS packet header bits

Assumptions

  • eth0 is WAN ethernet port, others are LAN ethernet
  • wlan0 is wireless

Basic Networking

Internal network is all bridged to one subnet 192.168.5.0/24. Notice the wlan0 port is bridged also; otherwise it could have it's own section similar to br0.

/etc/network/interfaces:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface (WAN)
auto eth0
allow-hotplug eth0
iface eth0 inet dhcp

# Network bridge (LAN)
auto br0
iface br0 inet static
  address 192.168.5.1
  netmask 255.255.255.0
  network 192.168.5.0
  broadcast 192.168.5.255
  bridge_ports eth1 eth2 eth3 wlan0

The "allow-hotplug" stanza does not seem to work quite as well as I hoped in the case of unplugging from one device (eg. cable modem) to another. Perhaps the DHCP lease must expire?


Set up /etc/hosts to make local DNS work correctly:

Change this line:

127.0.1.1      hostname.example.org hostname

To:

192.168.5.1    hostname.example.org hostname2.example2.org hostname

hostname -s and hostname -f should both work correctly now.

dnsmasq

dnsmasq.conf... TODO

Firewall

iptables & ip6tables... TODO

UPnP

upnpd.conf... TODO

hostap

hostapd.conf... TODO

IPv6

6to4 versus Teredo... TODO

6to4

Public IPv4 address... TODO

Teredo

miredo... TODO

Traffic Control

script... TODO

Comments

Feedback is appreciated.

  • I'd suggest recording the installation parts in the InstallingDebianOn namespace -- PaulWise 2010-02-21 01:01:02

    • Thanks Paul, but I do not plan to include any hardware-specific installation information. I added a note above. -- ?green 2010-02-21 03:08:07

      • Contributing to InstallingDebianOn would still be appreciated, as would the hardware info that the InstallingDebianOn templates suggest to add -- PaulWise 2010-02-21 12:37:45

        • Done, though it probably needs further work. -- ?green 2010-02-22 03:38:53