User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
selfhost:router [2024/02/07 16:33] willyselfhost:router [2024/02/08 17:29] (current) – removed willy
Line 1: Line 1:
-====== Network Configuration for the Home Router ====== 
- 
-As i already described in the [[selfhost:architecture|My Self-Host Architecture]], you will have three different //network zones// in your setup.  
- 
-Additionally, i will also show you how to manage multiple upstream network connections to split the outgoing load for resillience, load balancing or just because. 
- 
-I assume you have two ISPs, let's call them **FastISP** and **ReliableISP**. If you have only one ISP, just ignore anything related to the second one. I will also assume that you are renting / have access to two separate static IP's on the internet that will be your public facing access. Two for resilience: if you have only one, that's fine. 
- 
-You will be handling the following //networks//: 
-  * Internal network: 10.0.0.0/24 - all home devices will connect to this network 
-  * FastISP network: 192.168.1.0/24 - ISP router on 192.168.1.1 
-  * ReliableISP network 192.168.0.0/24 - ISP router on 192.168.0.1 
-  * Main external host: static IP 99.99.99.99 
-  * Secondary external host: static IP 75.75.75.75 
- 
-The two external servers should ideally be on different networks, but that is not mandatory. 
- 
-Your internal server will act as home router and provide DHCP and DNS services to any device inside your home. 
- 
-Your server will then require three network connections. I suggest them to be three wired ethernet, but you can also use one WiFi device. Since most computers come with one single ethernet (sometimes nowadays not even that), i found useful to purchase USB ethernet cards to. I suggest you don't cheap out on brand and prefer USB-C ones to get good quality hardware, which is critical when going USB. 
- 
-So, the internal server interfaces will be: 
-  * LAN: with static IP 10.0.0.1 
-  * FastISP on WAN1: with static IP 192.168.1.10 
-  * ReliableISP on WAN2: with static IP 192.168.0.10 
- 
-Use all static IPs for the internal server, it will save you lost of headache and will allow the use of SNAT which is faster than MASQUERADING. 
- 
-===== Gentoo Network Configuration ===== 
- 
-For a full static network setup you don't need to go fancy and stock Gentoo network configuration is pretty easy and straightforward. If you need to support WiFi / WAP or other stuff, please refer to the Gentoo Handbook network section. 
- 
-First of all you need to find out the names of your ethernet devices, these can be found under **/sys/class/net**. Trial and error will help you pinpoint which one is which one. Refer to [[https://wiki.gentoo.org/wiki/Netifrc|this page]] for more detailed instruction on how to setup networking. Fill up the **/etc/conf.d/net** configuration file like this (//adapt to your needs!//): 
-<file - net> 
-# LAN on enp0s31f6 
-config_enp0s31f6="10.0.0.1/24" 
- 
-# FastISP on enp59s0u2u4c2 
-config_enp59s0u2u4c2="192.168.1.10/24" 
-routes_enp59s0u2u4c2="default via 192.168.1.254" 
- 
-# ReliableISP on enp0s20f0u4u4c2 
-config_enp0s20f0u5u3="192.168.0.10/24" 
-</file> 
- 
-this assumes that your **default route** will go trough FastISP. You will be able to change this later on with a neat script, even on the fly. 
- 
-Now, create the needed symlinks and start the networks: 
-<code bash> 
- > for i in enp0s31f6 enp59s0u2u4c2 enp0s20f0u4u4c2 
-> do 
- >   ln -s /etc/init.d/net.lo /etc/init.d/net.$i 
->    rc-upate add net.$i default 
-</code> 
- 
-Now you need to tell Gentoo that only **one** of these needs to be up for networking to be ready. If you don't do this, then all your services will fail as soon as one goes down. Edit the file **/etc/rc.conf** and change the following line to "NO": 
-<code> 
-rc_depend_strict="NO" 
-</code> 
- 
-One last step is to enable IP forwarding, since you will need this both for containerized services and the home network. Create a new file called **/etc/sysctl.d/ip_forward.conf**: 
-<file - ip_forward.conf> 
-net.ipv4.ip_forward=1 
-net.ipv4.conf.default.rp_filter=1 
-</file> 
- 
-Now either reboot or manually enable: 
-<code bash> 
- > sysctl net.ipv4.ip_forward=1 
-> sysctl net.ipv4.conf.default.rp_filter=1 
-</code> 
- 
-===== Router configuration ===== 
- 
-It's time you configure your local server to act as router for the home network.... 
- 
-DnsMasq 
- 
-===== Enabling NAT ===== 
- 
-You should, now, route your home network to the outside world... 
- 
-SNAT / script 
- 
- 
-===== Ready? ===== 
- 
-Now you can access internet safely from the home network.  
- 
-To learn how to reach the internal server from the **internet**, head to the [[selfhost:ssh_tunnel|SSH tunnel description]] 
- 
-<WRAP center round todo 60%> 
-Add DNS forced redirection to force all devices to go trough your ad blocker filters 
-</WRAP> 
  

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information