User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
router:networking [2024/02/09 11:55] willyrouter:networking [2025/02/06 09:17] (current) – removed willy
Line 1: Line 1:
-====== Network Configuration for the Home Router ====== 
- 
-{{ :selfhost:architecture_v2.png?800 |}} 
- 
-The network architecture i will referring to it's divided into different zones: 
-  * The **external** zone, which is internet or in general anywhere **outside** your home. This will be on the other side of your ISP gateway. It's considered dangerous and //hic sunt leones//. 
-  * The **internal** zone, which is your home network, it's considered safe and comfy. Do not let unknown strangers have the WiFi password! 
- 
-There are also your ISP's gateways networks, which i will assume are //192.168.1.0// and //192.168.1.0//, which is quite typical. 
- 
-You **do not need** to have two ISPs. It's a resilience point tough, if you plan to host critical services you might want to have two. If you have only one, just ignore anything related to the second one in the followings. 
- 
-===== Internal network ===== 
- 
-The **internal** network is considered somehow a safe zone, where all your home devices (or devices while at home) will connect. This network will be able to access to all your home services and also the internet, in a safe way. 
- 
-The key point for mobile devices (laptops, tables, phones etc) that can move between inside and outside home is to be able to access the services both when inside and outside home in the same way. This will **not** include how to provide safe internet access to mobile devices while outside home, since this might require root access in some cases or the mandatory use of a VPN. 
- 
-I will show you how do all this **without** the need for a VPN, not because i dislike using a VPN but because it's a complexity layer that applies to end-users, and this might not be acceptable for someone (elderly parents, spuses, kids...). Moreover, i do not want mobile devices to be using the home network connection when outside for general browsing and navigation, because this will add delay and use up twice the home bandwidth and data caps, which is not desirable. 
- 
-For the **internal** network it is important that you choose a good subnet range. The IANA defines  [[https://en.wikipedia.org/wiki/Private_network|ranges]] os private subnets that you can safely use. I suggest you don't use a subnet in the 192.168.x.y range as many of these ranges are already used by ISP routers and devices and in case of a clash you might end up having to replace addresses on all your internal hosts, and this can be a mess. A good idea is to use the 10.a.b.c ranges and choose something meaningful for you, or totally random. I will assume you are using **10.0.0.0** subnet. 
- 
-I will assume your home server is 10.0.0.1. 
- 
-Note that your internal network must be connected **only** to your home server and **never** directly to your ISPs gateways! 
- 
-===== External network ===== 
- 
-I will assume that your access to the **external network** is hidden behind  CG-NAT (Carrier Grade NAT) and thus you do not have, and cannot have, a static IP visible from outside in any possible way. This is the common truth for mostly everybody nowadays. 
- 
-(For you lucky from the USA, where sometimes you can, maybe paying or even for free, get a static IP, this might not apply, but since the world is big and 99% of people cannot access a static IP anymore...) 
- 
-I will assume that you have two ISPs (for resilience and load sharing). **ISP1** is high-speed but has a monthly data-cap, and it's gateway is on the 192.168.0.0 subnet. **ISP2** is lower-speed but has no data-cap. It's gateway is on the 192.168.1.0 subnet. 
- 
-I also assume you have an **external server**, or better that you have **two** external servers for resilience and redundancy: 
-  * external server 1: 99.99.99.99 
-  * external server 2: 77.77.77.77 (only needed if you have two ISPs) 
- 
-(IPs are totally random, but you need static IPs accessible on the internet). 
- 
-You can get very cheap VPS by shopping around. You will not be running much on them, so you don't need CPU or RAM nor storage, make sure you have a decent network bandwidth as that will determine the quality of accessing your home services while outside. 
- 
-===== Home Domain name ===== 
- 
-You **need** a domain name. This is not optional, because SSL certificates can be released only to domain names and not directly to IP addresses, and also because when you are outside home, you need a //name// to reach home. 
- 
-I will assume you own **mydomain.com**. There are plenty of cheapo domains and also some are for free, remember you don't need a second-level domain. You will need somebody to manage your DNS records (you **cannot** use your home server for this) and you will also be able to create sub-domains (like service.mydomain.com). 
- 
-So, i assume you have the following sub-domains: 
-  * mydomain.com: your main domain 
-  * home.mydomain.com: your home server subdomain 
-  * external1.mydomain.com: a second subdomain pointing to //home.mydomain.com// 
-  * external2.mydomain.com: a third subdomain pointing to //home.mydomain.com// 
- 
-The key point is that you will be configuring this sub-domains differently **inside** and **outside** home, so that your mobile devices will be able to reach your home server with the same sub-domains both when inside and outside home.  
- 
-So, from **inside** home (i will show you how to set this up in [[router:dnsmasq|Router configuration|this section]]): 
-  * mydomain.com: 10.0.0.1 
-  * home.mydomain.com: 10.0.0.1 
-  * external1.mydomain.com: 99.99.99.99 
-  * external2.mydomain.com: 77.77.77.77 
- 
-And from **outside** home: 
-  * mydomain.com: 99.99.99.99 
-  * home.mydomain.com: 99.99.99.99 
-  * external1.mydomain.com: 99.99.99.99 
-  * external2.mydomain.com: 77.77.77.77 
- 
-(if you have only one ISP, you don't need external2.mydomain.com) 
- 
-====== Home Server Networking setup ====== 
- 
-You will need at least two network connections on your home server. I mean at least two physical network Ethernet card. You could use one WiFi link, but i prefer to have the backbone on wired. 
- 
-You need one Ethernet connection that will be plugging your internal network, i will call this **enp0s31f6** or LAN. 
- 
-You need one Ethernet connection for each ISP gateway, while you might do with only one for both, provided you properly assign multiple IP addresses to the same interface. I will call ISP1 **enp0s20f0u4u4c2** and ISP2 **enp59s0u2u4c2**.  The hardware aspect of the network devices has been discussed in [[selfhost:hardware|here]]. 
- 
-Sorry guys, these are default Linux naming scheme, i know it looks messed up, but there are good reasons for this. You can list all your network devices under **/sys/class/net**. 
- 
-Here is a summary of the information you will need: 
- 
-  * Internal network: 10.0.0.0/24  
-  * ISP1 network: 192.168.0.0/24 - ISP router on 192.168.0.1 
-  * ISP2 network 192.168.1.0/24 - ISP router on 192.168.1.254 
-  * Home server, on ISP1 network: 192.168.0.10 (static IP) 
-  * Home server, on ISP2 network: 192.168.1.10 (static IP) 
-  * Home server, on internal network: 10.0.0.1 (static IP) 
-  * Main external host: static IP 99.99.99.99 
-  * Secondary external host: static IP 77.77.77.77 
- 
-The two external servers should ideally be on different networks/providers, but that is not mandatory. 
- 
- 
- 
-So, the internal server interfaces will be: 
-  * LAN: with static IP 10.0.0.1 
-  * FastISP on WAN1: with static IP 192.168.1.10 
-  * ReliableISP on WAN2: with static IP 192.168.0.10 
- 
-Use all static IPs for the internal server, it will save you lost of headache and will allow the use of SNAT which is faster than MASQUERADING. 
- 
-====== Gentoo Network Configuration ====== 
- 
-For a full static network setup you don't need to go fancy and stock Gentoo network configuration is pretty easy and straightforward. If you need to support WiFi / WAP or other stuff, please refer to the Gentoo Handbook network section. 
- 
-First of all you need to find out the names of your ethernet devices, these can be found under **/sys/class/net**. Trial and error will help you pinpoint which one is which one. Refer to [[https://wiki.gentoo.org/wiki/Netifrc|this page]] for more detailed instruction on how to setup networking. Fill up the **/etc/conf.d/net** configuration file like this (//adapt to your needs!//): 
-<file - net> 
-# LAN on enp0s31f6 
-config_enp0s31f6="10.0.0.1/24" 
- 
-# FastISP on enp59s0u2u4c2 
-config_enp59s0u2u4c2="192.168.1.10/24" 
-routes_enp59s0u2u4c2="default via 192.168.1.254" 
- 
-# ReliableISP on enp0s20f0u4u4c2 
-config_enp0s20f0u5u3="192.168.0.10/24" 
-</file> 
- 
-this assumes that your **default route** will go trough FastISP. You will be able to change this later on with a neat script, even on the fly. 
- 
-Now, create the needed symlinks and start the networks: 
-<code bash> 
- > for i in enp0s31f6 enp59s0u2u4c2 enp0s20f0u4u4c2 
- > do 
- > ln -s /etc/init.d/net.lo /etc/init.d/net.$i 
- > rc-upate add net.$i default 
-</code> 
- 
-Now you need to tell Gentoo that only **one** of these needs to be up for networking to be ready. If you don't do this, then all your services will fail as soon as one goes down. Edit the file **/etc/rc.conf** and change the following line to "NO": 
-<code> 
-rc_depend_strict="NO" 
-</code> 
  

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information