I have been working to set up a Soekris net5501 to act as a home router/server. My efforts are documented here. Note that this guide only covers software setup and so should be applicable to nearly any hardware.
Under construction. I hope to get this finished eventually.
If you know of a better place in the wiki for this to go, please suggest it in the ?Comments section.
Here is a list of requirements with links to the relevant sections.
- 100% Debian, no external software unless absolutely necessary
- Stock Debian kernel
?dnsmasq server, providing
- DNS, including local DNS
- DHCP server, including static IPs
Support IPv4 and IPv6 - ?Firewall
Provide local private network bridge - ?Networking
Ethernet ports + private secured wireless (?hostap)
- Provide public network
Unsecured wireless (?hostap)
Simple and robust ?firewall
- Reasonable security for the router
- Port forwarding (single, range, or all)
With ?UPnP support
- Modify TOS packet header bits
?Traffic control to provide a better internet experience for multiple users/connections
- Use TOS packet header bits
Register with SixXS and request an AYIYA tunnel and subnet.
- eth0 is WAN ethernet port
- eth1-eth3 are LAN ethernet
wlan0 is private wireless (?hostap)
wlan0_0 is public wireless (?hostap)
- private local ipv4 network: 192.0.2.0/24 (choose your own, probably 192.168.x.0/24)
- private local ipv6 network: 2001:db8::/32 (? from SixXS)
- public local ipv4 network: 126.96.36.199/24 (choose your own, probably 192.168.x+1.0/24)
- public local ipv6 network: 2001:db8::1/32 (? from SixXS)
Internal network is all bridged to one subnet 192.168.68.0/24. Notice the wlan0 port is bridged also; otherwise it could have it's own section similar to br0.
# The loopback network interface auto lo iface lo inet loopback # The primary network interface (WAN) auto eth0 #allow-hotplug eth0 # hotplugging does not seem to work reliably iface eth0 inet dhcp # Network bridge (LAN) auto br0 iface br0 inet static address 192.168.68.1 netmask 255.255.255.0 network 192.168.68.0 broadcast 192.168.68.255 bridge_ports eth1 eth2 eth3 wlan0 iface br0 inet6 static address (from sixxs) netmask 64 # Public wireless network auto wlan0_0 iface wlan0_0 inet static address 192.168.67.1 netmask 255.255.255.0 network 192.168.67.0 broadcast 192.168.67.255 iface wlan0_0 inet6 static address (from sixxs) netmask 64
Set up /etc/hosts to make local DNS work correctly:
Change this line:
127.0.1.1 hostname.example.org hostname
192.168.68.1 hostname.example.org hostname2.example2.org hostname
Test: make sure both hostname -s and hostname -f work correctly now.
iptables & ip6tables... TODO
6to4 versus Teredo... TODO
Public IPv4 address... TODO
Feedback is appreciated.
Thanks Paul, but I do not plan to include any hardware-specific installation information. I added a note above. -- ?green 2010-02-21 03:08:07