User Tools

This is an old revision of the document!

Network Configuration for the Home Router

As i already described in the My Self-Host Architecture, you will have three different network zones in your setup.

Additionally, i will also show you how to manage multiple upstream network connections to split the outgoing load for resillience, load balancing or just because.

I assume you have two ISPs, let's call them FastISP and ReliableISP. If you have only one ISP, just ignore anything related to the second one. I will also assume that you are renting / have access to two separate static IP's on the internet that will be your public facing access. Two for resillience: if you have only one, that's fine.

You will be handling the following networks:

  • Internal network: 10.0.0.0/24 - all home devices will connect to this network
  • FastISP network: 192.168.1.0/24 - ISP router on 192.168.1.1
  • ReliableISP network 192.168.0.0/24 - ISP router on 192.168.0.1
  • Main external host: static IP 99.99.99.99
  • Secondary external host: static IP 75.75.75.75

user $sudo sysctl net.ipv4.ip_forward=1 A more permanent change can be made with: FILE /etc/sysctl.d/local.confEnable ip forwarding persistently net.ipv4.ip_forward=1

a PC with more than one ethernet devices:

  • LAN: interface for internal network (10.0.0.1/24)
  • WAN1: interface for main internet access (192.168.1.10/24, gateway on 192.168.1.254)
  • WAN2: interface for secondary internet access (192.168.0.10/24, gateway on 192.168.0.1)
  • MOBILE: emergency interface for internet access (192.168.42.10/24 gateway on 192.168.42.129)

Network configuration /etc/conf.d/net:

net
# LAN interface: enp0s31f6
# FastWeb (ADSL) interface: enp59s0u2u4c2
 
# LAN
config_enp0s31f6="10.70.43.1/24"
 
# Fastweb ADSL
config_enp59s0u2u4c2="192.168.1.10/24"
 
# Mobile
config_enp0s20f0u5u3="192.168.42.10/24"
 
# Vodafone 5G FWA
config_enp0s20f0u4u4c2="192.168.0.10/24"

This script:

01-nat.start
#!/bin/bash
 
source /etc/conf.d/nat
 
LAN=enp0s31f6 # internal network
WAN=
WAN_IP=
WAN_GW=
 
if [ "$D" != "" ]
then
        echo NOTICE: enabled demo mode
fi
 
if [ "$mode" = "fastweb" ]
then
        WAN=enp59s0u2u4c2
        WAN_IP=192.168.1.10
        WAN_GW=192.168.1.254
elif [ "$mode" = "vodafone" ]
then
        WAN=enp0s20f0u4u4c2
        WAN_IP=192.168.0.10
        WAN_GW=192.168.0.1
elif [ "$mode" = "mobile" ]
then
        WAN=enp0s20f0u5u3
        WAN_IP=
        WAN_GW=192.168.42.129
else
        echo ERROR: invalid value of \"$mode\" for \$mode
        echo mode must me one of: "fastweb|vodafone|mobile"
        exit 255
fi
 
if [ "$WAN" = "" ]
then
        echo invalid selection
        exit 254
fi
 
echo Extracting $WAN details...
if [ "$WAN_IP" = "" ]
then
        WAN_IP=$(ip -f inet addr show $WAN | grep -Po 'inet \K[\d.]+')
fi
echo Will use $WAN with SNAT to $WAN_IP and default gateway $WAN_GW
 
echo Flushing tables clean...
$D iptables -F
$D iptables -F -t nat
$D iptables -F -t mangle
 
echo Setting up security...
$D iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$D iptables -A INPUT -m state --state NEW -i $LAN -j ACCEPT
$D iptables -P INPUT DROP
 
echo Enabling SNAT to $mode
$D iptables -t nat -A POSTROUTING -o $WAN -j SNAT --to $WAN_IP
 
echo Enabling IP forwarding...
echo 1 > /proc/sys/net/ipv4/ip_forward
 
echo Removing old default route...
$D ip route del to default
 
echo Setting up new default route...
$D ip route add default dev $WAN
 
echo 'All done!'

With following config file under /etc/conf.d/nat:

nat
# Valid for mode= fastweb|vodafone|mobile
mode=mobile
# unset this to actually do something:
D=echo

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information