3.9 KiB
| title | date | url | layout | category |
|---|---|---|---|---|
| Set up a router with ArchLinux ARM | 2016-11-19 | set-up-a-router-with-archlinux-arm | post | Hacking |
The goal of this article is to set up completely a router with a Raspberry Pi running on ArchLinux. The procedure may be easily adapted to the Raspbian OS.
Let's assume that you have an interface wlan0 connected to Internet, and on another interface eth0 some computers ready to reach it !
If your configuration is not exactly this, don't hesitate to modify the interfaces names with your case.
For the beginning, we have to enable the IP forwarding on the Pi. Edit this file :
# nano /etc/sysctl.d/30-ipforward.conf
... add in there the following content :
net.ipv4.ip_forward=1
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1
Since this step, let's assume that your router will create a subnetwork 192.168.42.0/24. Change this information in the future as the one you need.
We've to set up the "devices" interface, and assign an IP address to your router, on this subnetwork :
# ip link set up dev eth0
# ip addr add 192.168.42.1/24 dev eth0
In order to load this interface at boot, with a static IP, you'll need to edit this file :
# nano /etc/netctl/eth0-router
... and paste this (apply some changes on it if you have to) :
Description='A basic static configuration for the subnetwork interface'
Interface=eth0
Connection=ethernet
IP=static
Address=('192.168.42.1/24')
⚠️ You may experience some issues if systemd-networkd service (managed with networkctl) tries to mess with your network interfaces (particularly eth0 in this case). You'd want to remove the corresponding profile from /etc/systemd/network/ folder to avoid that ! ⚠️
We've to make this configuration loaded on boot :
# netctl enable eth0-router
Now, let's configure the firewall to secure the router, and enable the connection forwarding for the devices, and in order to allow DHCP and DNS requests :
# iptables -X
# iptables -F
# iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
# iptables -P FORWARD DROP
# iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT
# iptables -I INPUT -p udp --dport 67 -i eth0 -j ACCEPT
# iptables -I INPUT -p udp --dport 53 -s 192.168.42.0/24 -j ACCEPT
# iptables -I INPUT -p tcp --dport 53 -s 192.168.42.0/24 -j ACCEPT
Let's here save the rules within the backup file :
# iptables-save > /etc/iptables/iptables.rules
Now let's make iptables starting on boot automatically :
# systemctl enable --now iptables
At this point, your router is supposed to route, but your devices won't have an IP automatically, let's install and set up a DHCP server on your router :
# pacman -S dhcp
Now let's configure this server (you may wanna change the DNS server IPs by yours or some others) :
# nano /etc/dhcpd.conf
... add the following (don't forget to change the addresses if you have to) :
option domain-name-servers 9.9.9.9, 208.67.222.222;
option subnet-mask 255.255.255.0;
option routers 192.168.42.1;
subnet 192.168.42.0 netmask 255.255.255.0 {
range 192.168.42.2 192.168.42.253;
}# Don't listen to the other interface !
subnet 192.168.1.0 netmask 255.255.255.0 {
}
With these lines, the DHCP server won't listen to the other subnetwork (192.168.1.0 in this example), and should give addresses between 192.168.42.2 and 192.168.42.253.
Identically as above, let's make DHCPD running on boot :
# systemctl enable --now dhcpd4
That's all ! Your devices should have access to Internet through your little router after a reboot. You are now able to build your own firewall rules, and do some others things easily 😉