I have been working to set up a Soekris net5501 to act as a home router/server. My efforts are documented here an an example for others attempting similar tasks. Note that this guide is only intended to cover post-installation software setup and so should be applicable to nearly any hardware.
Under construction. I hope to get this finished eventually.
If you notice any errors please mail me, leave a ?comment, or fix them.
If you know of a better place in the wiki for this to go, please ?suggest it.
Here is a list of requirements with links to the relevant sections.
- 100% Debian, no external software unless absolutely necessary
- Stock Debian kernel
?dnsmasq server, providing
- DNS, including local DNS
- DHCP server, including static IPs
Support IPv4 and IPv6 - ?Firewall
Provide local private network bridge - ?Networking
Ethernet ports + private secured wireless (?hostap)
- Provide public network
Unsecured wireless (?hostap)
Simple and robust ?firewall
- Reasonable security for the router
- Port forwarding (single, range, or all)
With ?UPnP support
- Modify TOS packet header bits
?Traffic control to provide a better internet experience for multiple users/connections
- Use TOS packet header bits
Register with SixXS and request an AYIYA tunnel and subnet.
- eth0 is WAN ethernet port
- eth1-eth3 are LAN ethernet (private)
wlan0 is private wireless (?hostap)
wlan0_0 is public wireless (?hostap)
- br0 bridges eth1-eth3 and wlan0
- private local ipv4 network: 192.0.2.0/24 (choose your own, probably 192.168.x.0/24)
- private local ipv6 network: 2001:db8::/32 (? from SixXS)
- public local ipv4 network: 188.8.131.52/24 (choose your own, probably 192.168.x+1.0/24)
- public local ipv6 network: 2001:db8::1/32 (? from SixXS)
# The loopback network interface auto lo iface lo inet loopback # The primary network interface (WAN) auto eth0 #allow-hotplug eth0 # hotplugging does not seem to work reliably iface eth0 inet dhcp # Network bridge (LAN) auto br0 iface br0 inet static address 192.0.2.1 netmask 255.255.255.0 network 192.0.2.0 broadcast 192.0.2.255 bridge_ports eth1 eth2 eth3 wlan0 iface br0 inet6 static address (from sixxs) netmask 64 # Public wireless network auto wlan0_0 iface wlan0_0 inet static address 184.108.40.206 netmask 255.255.255.0 network 220.127.116.11 broadcast 18.104.22.168 iface wlan0_0 inet6 static address (from sixxs) netmask 64
Set up /etc/hosts to make local DNS work correctly:
Change this line:
127.0.1.1 hostname.example.org hostname
192.168.68.1 hostname.example.org hostname2.example2.org hostname
Test: make sure both hostname -s and hostname -f work correctly now.
interface=br0 dhcp-range=private,192.0.2.51,192.0.2.250,48h interface=wlan0_0 dhcp-range=public,22.214.171.124,126.96.36.199,48h domain-needed bogus-priv # Set the NTP time server address to be the same machine as # is running dnsmasq dhcp-option=42,0.0.0.0 # Send microsoft-specific option to tell windows to release the DHCP lease # when it shuts down. dhcp-option=vendor:MSFT,2,1i # Set the limit on DHCP leases, the default is 150 ## here, raised to the maximum number of hosts on networks dhcp-lease-max=506 # Set the DHCP server to authoritative mode. In this mode it will barge in # and take over the lease for any client which broadcasts on the network, # whether it has a record of the lease or not. This avoids long timeouts # when a machine wakes up on a new network. DO NOT enable this if there's # the slighest chance that you might end up accidentally configuring a DHCP # server for your campus/company accidentally. The ISC server uses # the same option, and this URL provides more information: # http://www.isc.org/index.pl?/sw/dhcp/authoritative.php #dhcp-authoritative
OPTIONAL: For static host configuration, create /etc/dnsmasq.d/static-hosts.conf:
# static DHCP hosts # Optionally, use IPs from 2 to 50 (outside of DHCP range). # example for private network #dhcp-host=xx:xx:xx:xx:xx:xx,192.0.2.10 # example for public network #dhcp-host=xx:xx:xx:xx:xx:xx,188.8.131.52
OPTIONAL: To use custom nameservers, create /etc/alt.dns:
# Google Public DNS nameserver 184.108.40.206 nameserver 220.127.116.11
And uncomment line in /etc/default/dnsmasq:
And add line to /etc/dnsmasq.conf:
iptables & ip6tables... TODO
6to4 versus Teredo... TODO
Public IPv4 address... TODO
Feedback is appreciated.
Thanks Paul, but I do not plan to include any hardware-specific installation information. I added a note above. -- ?green 2010-02-21 03:08:07