263
Comment: Initial commit
|
3648
Add construction comment
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
= Debian home router/server = I have been working to set up a [[http://www.soekris.com/net5501.htm|Soekris net5501]] to act as a home router/server. I will document my efforts here. If you know of a better place in the wiki for this to go, please suggest it. |
## page was renamed from green/router = Introduction = ''If you know of a better place in the wiki for this to go, please suggest it in the [[#Comments|Comments]] section.'' '''Under construction. I hope to get this finished eventually.''' I have been working to set up a [[http://www.soekris.com/net5501.htm|Soekris net5501]] to act as a home router/server. My efforts are documented here. Note that this is not intended to cover any hardware issues; software only. = Contents = <<TableOfContents(2)>> = Requirements = Here is a list of requirements with links to the relevant sections. * 100% Debian, no external software unless absolutely necessary * Stock Debian kernel * [[#dnsmasq|dnsmasq]] server, providing * DNS, including local DNS * DHCP server, including static IPs * Support IPv4 and IPv6 - [[#Firewall|Firewall]] * [[#IPv6|IPv6]] address * [[#Teredo|Teredo]] * [[#6to4|6to4]] * Provide local private network bridge - [[#Basic Networking|Networking]] * Ethernet ports + private secured wireless ([[#hostapd|hostap]]) * Provide public network * Unsecured wireless ([[#hostapd|hostap]]) * Simple and robust [[#Firewall|firewall]] * Reasonable security for the router * Port forwarding (single, range, or all) * With [[#UPnP|UPnP]] support * Modify TOS packet header bits * [[#Traffic Control|Traffic control]] to provide a better internet experience for multiple users/connections * Use TOS packet header bits = Assumptions = * eth0 is WAN ethernet port, others are LAN ethernet * wlan0 is wireless = Basic Networking = Internal network is all bridged to one subnet 192.168.5.0/24. Notice the wlan0 port is bridged also; otherwise it could have it's own section similar to br0. /etc/network/interfaces: {{{ # The loopback network interface auto lo iface lo inet loopback # The primary network interface (WAN) auto eth0 allow-hotplug eth0 iface eth0 inet dhcp # Network bridge (LAN) auto br0 iface br0 inet static address 192.168.5.1 netmask 255.255.255.0 network 192.168.5.0 broadcast 192.168.5.255 bridge_ports eth1 eth2 eth3 wlan0 }}} The "allow-hotplug" stanza does not seem to work quite as well as I hoped in the case of unplugging from one device (eg. cable modem) to another. Perhaps the DHCP lease must expire? ---- Set up /etc/hosts to make local DNS work correctly: Change this line: {{{ 127.0.1.1 hostname.example.org hostname }}} To: {{{ 192.168.5.1 hostname.example.org hostname2.example2.org hostname }}} ''hostname -s'' and ''hostname -f'' should both work correctly now. = dnsmasq = dnsmasq.conf... TODO = Firewall = iptables & ip6tables... TODO == UPnP == upnpd.conf... TODO = hostap = hostapd.conf... TODO = IPv6 = 6to4 versus Teredo... TODO == 6to4 == Public IPv4 address... TODO == Teredo == miredo... TODO = Traffic Control = script... TODO = Comments = ''Feedback is appreciated.'' * I'd suggest recording the installation parts in the InstallingDebianOn namespace -- PaulWise <<DateTime(2010-02-21T09:01:02+0800)>> * Thanks Paul, but I do not plan to include any hardware-specific installation information. I added a note above. -- [[green]] <<DateTime(2010-02-20T21:08:07-0600)>> * Contributing to InstallingDebianOn would still be appreciated, as would the hardware info that the InstallingDebianOn templates suggest to add -- PaulWise <<DateTime(2010-02-21T20:37:45+0800)>> * [[InstallingDebianOn/Soekris/net5501|Done]], though it probably needs further work. -- [[green]] <<DateTime(2010-02-21T21:38:53-0600)>> |
Introduction
If you know of a better place in the wiki for this to go, please suggest it in the ?Comments section.
Under construction. I hope to get this finished eventually.
I have been working to set up a Soekris net5501 to act as a home router/server. My efforts are documented here. Note that this is not intended to cover any hardware issues; software only.
Contents
Contents
Requirements
Here is a list of requirements with links to the relevant sections.
- 100% Debian, no external software unless absolutely necessary
- Stock Debian kernel
?dnsmasq server, providing
- DNS, including local DNS
- DHCP server, including static IPs
Support IPv4 and IPv6 - ?Firewall
?IPv6 address
Provide local private network bridge - ?Networking
Ethernet ports + private secured wireless (?hostap)
- Provide public network
Unsecured wireless (?hostap)
Simple and robust ?firewall
- Reasonable security for the router
- Port forwarding (single, range, or all)
With ?UPnP support
- Modify TOS packet header bits
?Traffic control to provide a better internet experience for multiple users/connections
- Use TOS packet header bits
Assumptions
- eth0 is WAN ethernet port, others are LAN ethernet
- wlan0 is wireless
Basic Networking
Internal network is all bridged to one subnet 192.168.5.0/24. Notice the wlan0 port is bridged also; otherwise it could have it's own section similar to br0.
/etc/network/interfaces:
# The loopback network interface auto lo iface lo inet loopback # The primary network interface (WAN) auto eth0 allow-hotplug eth0 iface eth0 inet dhcp # Network bridge (LAN) auto br0 iface br0 inet static address 192.168.5.1 netmask 255.255.255.0 network 192.168.5.0 broadcast 192.168.5.255 bridge_ports eth1 eth2 eth3 wlan0
The "allow-hotplug" stanza does not seem to work quite as well as I hoped in the case of unplugging from one device (eg. cable modem) to another. Perhaps the DHCP lease must expire?
Set up /etc/hosts to make local DNS work correctly:
Change this line:
127.0.1.1 hostname.example.org hostname
To:
192.168.5.1 hostname.example.org hostname2.example2.org hostname
hostname -s and hostname -f should both work correctly now.
dnsmasq
dnsmasq.conf... TODO
Firewall
iptables & ip6tables... TODO
UPnP
upnpd.conf... TODO
hostap
hostapd.conf... TODO
IPv6
6to4 versus Teredo... TODO
6to4
Public IPv4 address... TODO
Teredo
miredo... TODO
Traffic Control
script... TODO
Comments
Feedback is appreciated.
I'd suggest recording the installation parts in the InstallingDebianOn namespace -- PaulWise 2010-02-21 01:01:02
Thanks Paul, but I do not plan to include any hardware-specific installation information. I added a note above. -- ?green 2010-02-21 03:08:07
Contributing to InstallingDebianOn would still be appreciated, as would the hardware info that the InstallingDebianOn templates suggest to add -- PaulWise 2010-02-21 12:37:45