Wednesday 7 May 2014

Simple Router

For a simple router without IP forwarding a DHCP Server and a Ethernet Bridge are needed. In a first step the Bridge gets installed. Afterwards the DHCP Server is added to the Bridge.

The router will provide a network on the Ethernet interfaces eth2, eth3, eth4 and eth5 with the basic address 192.168.1.0.

Installation Bridge

First install the bridge utils 

apt-get install bridge-utils

To configure a bridge, the file /etc/network/interfaces needs to be adapted. The bridge itself can be reached on the address 192.168.1.1 for all clients. 

auto br0
iface br0 inet static
address 192.168.1.1
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
bridge-ports eth2 eth3 eth4 eth5

Configuration of the DHCP Server

At first define the interfaced to be used in the file /etc/default/isc-dhcp3-server 

INTERFACES="br0"

In a second step the subnet need to be defined. For this, the interface and the address range needs to be defined for each net. All this settings are to be done in the file /etc/dhcp/dhcpd.conf. 

authoritative;

default-lease-time 600;
max-lease-time 7200;


subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.10 192.168.1.250;
  interface br0;
  option broadcast-address 192.168.1.255;
}

Start and Stop of the service 

sudo service isc-dhcp-server restart
sudo service isc-dhcp-server start
sudo service isc-dhcp-server stop

Enable Multicast

To enable multicast groups to be routed over the bridge, the system needs to be able to manage multicast groups. A possible group manager is the pimd. 

apt-get install pimd

The configuration file for pimd is /etc/pimd.conf. With pimd -l it's possible to reload the config file and adapt the changes. By default the service is activated for all interfaces. For this use I limited its activity to the bridge by excluding all other interfaces. The current mutlicast groups managed and the interfaces accessed can be shown with pimd -r.

Setup Gateway

To be able to access the internet from the created switch, the hosting computer needs to work as a gateway. With the following commands it's possible to forward the traffic. In my case the eth0 is connected to the internet. Therefore the br0 bridge interface needs to be forwarded to the eth0. 

sudo iptables -A FORWARD -o eth0 -i br0 -s 192.168.1.0/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -t nat -F POSTROUTING
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

The commands need to be executed everytime after boot up since the iptables are rewritten everytime. This could be realized with a startup script or another approach would be to save the current iptable and reload it after boot up.

Source

Posted by at No comments:
Labels: , , , , ,

Tuesday 6 May 2014

DHCP Server

How to install a DHCP Server on Ubuntu 12.04

The setup is a Ubuntu PC with 4 Ethernet ports. 

eth2, eth3, eth4, eth5

Each port is in a separate subnet.

Install the DHCP-Server 

apt-get install isc-dhcp-server

Configuration of the DHCP Server

At first define the interfaced to be used in the file /etc/default/isc-dhcp3-server 

INTERFACES="eth2 eth3 eth4 eth5"

In a second step the subnets need to be defined. For this, the interface and the address range needs to be defined for each net. The lease times can be defined global for all nets. To prevent any other DHCP Server to interract with your subnet, the Server is set in authoritative mode.  All this settings are to be done in the file /etc/dhcp/dhcpd.conf. 

authoritative;

default-lease-time 600;
max-lease-time 7200;


subnet 192.168.150.0 netmask 255.255.255.0 {
  range 192.168.150.10 192.168.150.250;
  interface eth2;
  option broadcast-address 192.168.150.255;
}


subnet 192.168.151.0 netmask 255.255.255.0 {
  range 192.168.151.10 192.168.151.250;
  interface eth3;
  option broadcast-address 192.168.151.200;
}

subnet 192.168.152.0 netmask 255.255.255.0 {
  range 192.168.152.10 192.168.152.250;
  interface eth4;
  option broadcast-address 192.168.152.255;
}

subnet 192.168.153.0 netmask 255.255.255.0 {
  range 192.168.153.10 192.168.153.250;
  interface eth5;
  option broadcast-address 192.168.153.255;
}

At last the interfaces need to be added to the subnets itself. Therefore just define the interfaces in the file /etc/network/interfaces by adding this lines. 

auto eth2
iface eth2 inet static
address 192.168.150.1
netmask 255.255.255.0

auto eth3
iface eth3 inet static
address 192.168.151.1
netmask 255.255.255.0

auto eth4
iface eth4 inet static
address 192.168.152.1
netmask 255.255.255.0

auto eth5
iface eth5 inet static
address 192.168.153.1
netmask 255.255.255.0

The following commands help to control the DHCP Server when trying out the changes 

sudo service isc-dhcp-server restart
sudo service isc-dhcp-server start
sudo service isc-dhcp-server stop

Source:

http://askubuntu.com/questions/201746/dhcp-server-with-multiple-interfaces-on-ubuntu-destroys-default-gateway
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)