Differences

This shows you the differences between two versions of the page.

--- selfhost:router [2024/02/07 16:10] – willy
+++ selfhost:router [2024/02/08 17:29] (current) – removed willy
@@ Line 1: / Line 1: @@
-====== Network Configuration for the Home Router ======
-As i already described in the [[selfhost:architecture|My Self-Host Architecture]], you will have three different //network zones// in your setup.
-Additionally, i will also show you how to manage multiple upstream network connections to split the outgoing load for resillience, load balancing or just because.
-I assume you have two ISPs, let's call them **FastISP** and **ReliableISP**. If you have only one ISP, just ignore anything related to the second one. I will also assume that you are renting / have access to two separate static IP's on the internet that will be your public facing access. Two for resillience: if you have only one, that's fine.
-You will be handling the following //networks//:
-  * Internal network: 10.0.0.0/24 - all home devices will connect to this network
-  * FastISP network: 192.168.1.0/24 - ISP router on 192.168.1.1
-  * ReliableISP network 192.168.0.0/24 - ISP router on 192.168.0.1
-  * Main external host: static IP 99.99.99.99
-  * Secondary external host: static IP 75.75.75.75
-user $sudo sysctl net.ipv4.ip_forward=1
-A more permanent change can be made with:
-FILE /etc/sysctl.d/local.confEnable ip forwarding persistently
-net.ipv4.ip_forward=1
-a PC with more than one ethernet devices:
-  * LAN: interface for internal network (10.0.0.1/24)
-  * WAN1: interface for main internet access (192.168.1.10/24, gateway on 192.168.1.254)
-  * WAN2: interface for secondary internet access (192.168.0.10/24, gateway on 192.168.0.1)
-  * MOBILE: emergency interface for internet access (192.168.42.10/24 gateway on 192.168.42.129)
-Network configuration **/etc/conf.d/net**:
-<file txt net>
-# LAN interface: enp0s31f6
-# FastWeb (ADSL) interface: enp59s0u2u4c2
-# LAN
-config_enp0s31f6="10.70.43.1/24"
-# Fastweb ADSL
-config_enp59s0u2u4c2="192.168.1.10/24"
-# Mobile
-config_enp0s20f0u5u3="192.168.42.10/24"
-# Vodafone 5G FWA
-config_enp0s20f0u4u4c2="192.168.0.10/24"
-</file>
-This script:
-<file bash 01-nat.start>
-#!/bin/bash
-source /etc/conf.d/nat
-LAN=enp0s31f6 # internal network
-WAN=
-WAN_IP=
-WAN_GW=
-if [ "$D" != "" ]
-then
-        echo NOTICE: enabled demo mode
-fi
-if [ "$mode" = "fastweb" ]
-then
-        WAN=enp59s0u2u4c2
-        WAN_IP=192.168.1.10
-        WAN_GW=192.168.1.254
-elif [ "$mode" = "vodafone" ]
-then
-        WAN=enp0s20f0u4u4c2
-        WAN_IP=192.168.0.10
-        WAN_GW=192.168.0.1
-elif [ "$mode" = "mobile" ]
-then
-        WAN=enp0s20f0u5u3
-        WAN_IP=
-        WAN_GW=192.168.42.129
-else
-        echo ERROR: invalid value of \"$mode\" for \$mode
-        echo mode must me one of: "fastweb|vodafone|mobile"
-        exit 255
-fi
-if [ "$WAN" = "" ]
-then
-        echo invalid selection
-        exit 254
-fi
-echo Extracting $WAN details...
-if [ "$WAN_IP" = "" ]
-then
-        WAN_IP=$(ip -f inet addr show $WAN | grep -Po 'inet \K[\d.]+')
-fi
-echo Will use $WAN with SNAT to $WAN_IP and default gateway $WAN_GW
-echo Flushing tables clean...
-$D iptables -F
-$D iptables -F -t nat
-$D iptables -F -t mangle
-echo Setting up security...
-$D iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-$D iptables -A INPUT -m state --state NEW -i $LAN -j ACCEPT
-$D iptables -P INPUT DROP
-echo Enabling SNAT to $mode
-$D iptables -t nat -A POSTROUTING -o $WAN -j SNAT --to $WAN_IP
-echo Enabling IP forwarding...
-echo 1 > /proc/sys/net/ipv4/ip_forward
-echo Removing old default route...
-$D ip route del to default
-echo Setting up new default route...
-$D ip route add default dev $WAN
-echo 'All done!'
-</file>
-With following config file under **/etc/conf.d/nat**:
-<file txt nat>
-# Valid for mode= fastweb|vodafone|mobile
-mode=mobile
-# unset this to actually do something:
-D=echo
-</file>

Willy's Wiki

User Tools

Differences