For a simple router without IP forwarding a DHCP Server and a Ethernet Bridge are needed. In a first step the Bridge gets installed. Afterwards the DHCP Server is added to the Bridge.
The router will provide a network on the Ethernet interfaces eth2, eth3, eth4 and eth5 with the basic address 192.168.1.0.
Installation Bridge
First install the bridge utils
apt-get install bridge-utils
To configure a bridge, the file /etc/network/interfaces needs to be adapted. The bridge itself can be reached on the address 192.168.1.1 for all clients.
auto br0 iface br0 inet static address 192.168.1.1 network 192.168.1.0 netmask 255.255.255.0 broadcast 192.168.1.255 bridge-ports eth2 eth3 eth4 eth5
Configuration of the DHCP Server
At first define the interfaced to be used in the file /etc/default/isc-dhcp3-server
INTERFACES="br0"
In a second step the subnet need to be defined. For this, the interface and the address range needs to be defined for each net. All this settings are to be done in the file /etc/dhcp/dhcpd.conf.
authoritative; default-lease-time 600; max-lease-time 7200; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.10 192.168.1.250; interface br0; option broadcast-address 192.168.1.255; }
Start and Stop of the service
sudo service isc-dhcp-server restart sudo service isc-dhcp-server start sudo service isc-dhcp-server stop
Enable Multicast
To enable multicast groups to be routed over the bridge, the system needs to be able to manage multicast groups. A possible group manager is the pimd.
apt-get install pimd
The configuration file for pimd is /etc/pimd.conf. With pimd -l it's possible to reload the config file and adapt the changes. By default the service is activated for all interfaces. For this use I limited its activity to the bridge by excluding all other interfaces. The current mutlicast groups managed and the interfaces accessed can be shown with pimd -r.
Setup Gateway
To be able to access the internet from the created switch, the hosting computer needs to work as a gateway. With the following commands it's possible to forward the traffic. In my case the eth0 is connected to the internet. Therefore the br0 bridge interface needs to be forwarded to the eth0.
sudo iptables -A FORWARD -o eth0 -i br0 -s 192.168.1.0/24 -m conntrack --ctstate NEW -j ACCEPT sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -t nat -F POSTROUTING sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
The commands need to be executed everytime after boot up since the iptables are rewritten everytime. This could be realized with a startup script or another approach would be to save the current iptable and reload it after boot up.
No comments:
Post a Comment