Wednesday, 7 May 2014

Simple Router

For a simple router without IP forwarding a DHCP Server and a Ethernet Bridge are needed. In a first step the Bridge gets installed. Afterwards the DHCP Server is added to the Bridge.

The router will provide a network on the Ethernet interfaces eth2, eth3, eth4 and eth5 with the basic address 192.168.1.0.

Installation Bridge

First install the bridge utils

apt-get install bridge-utils

To configure a bridge, the file /etc/network/interfaces needs to be adapted. The bridge itself can be reached on the address 192.168.1.1 for all clients.

auto br0
iface br0 inet static
address 192.168.1.1
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
bridge-ports eth2 eth3 eth4 eth5

Configuration of the DHCP Server

At first define the interfaced to be used in the file /etc/default/isc-dhcp3-server

INTERFACES="br0"

In a second step the subnet need to be defined. For this, the interface and the address range needs to be defined for each net. All this settings are to be done in the file /etc/dhcp/dhcpd.conf.

authoritative;

default-lease-time 600;
max-lease-time 7200;


subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.10 192.168.1.250;
  interface br0;
  option broadcast-address 192.168.1.255;
}

Start and Stop of the service

sudo service isc-dhcp-server restart
sudo service isc-dhcp-server start
sudo service isc-dhcp-server stop

Enable Multicast

To enable multicast groups to be routed over the bridge, the system needs to be able to manage multicast groups. A possible group manager is the pimd.

apt-get install pimd

The configuration file for pimd is /etc/pimd.conf. With pimd -l it's possible to reload the config file and adapt the changes. By default the service is activated for all interfaces. For this use I limited its activity to the bridge by excluding all other interfaces. The current mutlicast groups managed and the interfaces accessed can be shown with pimd -r.

Setup Gateway

To be able to access the internet from the created switch, the hosting computer needs to work as a gateway. With the following commands it's possible to forward the traffic. In my case the eth0 is connected to the internet. Therefore the br0 bridge interface needs to be forwarded to the eth0.

sudo iptables -A FORWARD -o eth0 -i br0 -s 192.168.1.0/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -t nat -F POSTROUTING
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

The commands need to be executed everytime after boot up since the iptables are rewritten everytime. This could be realized with a startup script or another approach would be to save the current iptable and reload it after boot up.

Source

No comments:

Post a Comment