103 lines
3.9 KiB
Markdown
103 lines
3.9 KiB
Markdown
---
|
|
title: "Set up a router with ArchLinux ARM"
|
|
date: 2016-11-19
|
|
url: set-up-a-router-with-archlinux-arm
|
|
layout: post
|
|
category: Hacking
|
|
---
|
|
|
|
[![A missing blog post image](/img/blog/set-up-a-router-with-archlinux-arm.png)](/img/blog/set-up-a-router-with-archlinux-arm.png)
|
|
|
|
The goal of this article is to set up completely a router with a Raspberry Pi running on ArchLinux. The procedure may be easily adapted to the Raspbian OS.
|
|
|
|
Let's assume that you have an interface **wlan0** connected to Internet, and on another interface **eth0** some computers ready to reach it !
|
|
If your configuration is not exactly this, don't hesitate to modify the interfaces names with your case.
|
|
|
|
For the beginning, we have to enable the IP forwarding on the Pi. Edit this file :
|
|
|
|
`# nano /etc/sysctl.d/30-ipforward.conf`
|
|
|
|
... add in there the following content :
|
|
|
|
> net.ipv4.ip_forward=1
|
|
> net.ipv6.conf.default.forwarding=1
|
|
> net.ipv6.conf.all.forwarding=1
|
|
|
|
Since this step, let's assume that your router will create a subnetwork **192.168.42.0/24**. Change this information in the future as the one you need.
|
|
|
|
We've to set up the "devices" interface, and assign an IP address to your router, on this subnetwork :
|
|
|
|
`# ip link set up dev eth0`
|
|
`# ip addr add 192.168.42.1/24 dev eth0`
|
|
|
|
In order to load this interface at boot, with a static IP, you'll need to edit this file :
|
|
|
|
`# nano /etc/netctl/eth0-router`
|
|
|
|
... and paste this (apply some changes on it if you have to) :
|
|
|
|
> Description='A basic static configuration for the subnetwork interface'
|
|
> Interface=eth0
|
|
> Connection=ethernet
|
|
> IP=static
|
|
> Address=('192.168.42.1/24')
|
|
|
|
**:warning: You may experience some issues if `systemd-networkd` service (managed with `networkctl`) tries to mess with your network interfaces (particularly `eth0` in this case). You'd want to remove the corresponding profile from `/etc/systemd/network/` folder to avoid that ! :warning:**
|
|
|
|
We've to make this configuration loaded on boot :
|
|
|
|
`# netctl enable eth0-router`
|
|
|
|
Now, let's configure the firewall to secure the router, and enable the connection forwarding for the devices, and in order to allow DHCP and DNS requests :
|
|
|
|
`# iptables -X`
|
|
`# iptables -F`
|
|
`# iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE`
|
|
`# iptables -P FORWARD DROP`
|
|
`# iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT`
|
|
`# iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT`
|
|
`# iptables -I INPUT -p udp --dport 67 -i eth0 -j ACCEPT`
|
|
`# iptables -I INPUT -p udp --dport 53 -s 192.168.42.0/24 -j ACCEPT`
|
|
`# iptables -I INPUT -p tcp --dport 53 -s 192.168.42.0/24 -j ACCEPT`
|
|
|
|
Let's here save the rules within the backup file :
|
|
|
|
`# iptables-save > /etc/iptables/iptables.rules`
|
|
|
|
Now let's make `iptables` starting on boot automatically :
|
|
|
|
`# systemctl enable --now iptables`
|
|
|
|
---
|
|
|
|
At this point, your router is supposed to _route_, but your devices won't have an IP automatically, let's install and set up a DHCP server on your router :
|
|
|
|
`# pacman -S dhcp`
|
|
|
|
Now let's configure this server (you may wanna change the DNS server IPs by yours or some others) :
|
|
|
|
`# nano /etc/dhcpd.conf`
|
|
|
|
... add the following (don't forget to change the addresses if you have to) :
|
|
|
|
> option domain-name-servers 9.9.9.9, 208.67.222.222;
|
|
> option subnet-mask 255.255.255.0;
|
|
> option routers 192.168.42.1;
|
|
> subnet 192.168.42.0 netmask 255.255.255.0 {
|
|
> range 192.168.42.2 192.168.42.253;
|
|
> }
|
|
>
|
|
> \# Don't listen to the other interface !
|
|
> subnet 192.168.1.0 netmask 255.255.255.0 {
|
|
> }
|
|
|
|
With these lines, the DHCP server won't listen to the other subnetwork (**192.168.1.0** in this example), and should give addresses between **192.168.42.2** and **192.168.42.253**.
|
|
|
|
Identically as above, let's make DHCPD running on boot :
|
|
|
|
`# systemctl enable --now dhcpd4`
|
|
|
|
---
|
|
|
|
That's all ! Your devices should have access to Internet through your little router **after a reboot**. You are now able to build your own firewall rules, and do some others things easily :wink:
|