Network Configuration for the Home Router

As i already described in the My Self-Host Architecture, you will have three different network zones in your setup.

Additionally, i will also show you how to manage multiple upstream network connections to split the outgoing load for resillience, load balancing or just because.

I assume you have two ISPs, let's call them FastISP and ReliableISP. If you have only one ISP, just ignore anything related to the second one. I will also assume that you are renting / have access to two separate static IP's on the internet that will be your public facing access. Two for resilience: if you have only one, that's fine.

You will be handling the following networks:

• Internal network: 10.0.0.0/24 - all home devices will connect to this network
• FastISP network: 192.168.1.0/24 - ISP router on 192.168.1.1
• ReliableISP network 192.168.0.0/24 - ISP router on 192.168.0.1
• Main external host: static IP 99.99.99.99
• Secondary external host: static IP 75.75.75.75

The two external servers should ideally be on different networks, but that is not mandatory.

Your internal server will act as home router and provide DHCP and DNS services to any device inside your home.

Your server will then require three network connections. I suggest them to be three wired ethernet, but you can also use one WiFi device. Since most computers come with one single ethernet (sometimes nowadays not even that), i found useful to purchase USB ethernet cards to. I suggest you don't cheap out on brand and prefer USB-C ones to get good quality hardware, which is critical when going USB.

So, the internal server interfaces will be:

• LAN: with static IP 10.0.0.1
• FastISP on WAN1: with static IP 192.168.1.10
• ReliableISP on WAN2: with static IP 192.168.0.10

Use all static IPs for the internal server, it will save you lost of headache and will allow the use of SNAT which is faster than MASQUERADING.

For a full static network setup you don't need to go fancy and stock Gentoo network configuration is pretty easy and straightforward. If you need to support WiFi / WAP or other stuff, please refer to the Gentoo Handbook network section.

First of all you need to find out the names of your ethernet devices, these can be found under /sys/class/net. Trial and error will help you pinpoint which one is which one. Refer to this page for more detailed instruction on how to setup networking. Fill up the /etc/conf.d/net configuration file like this (adapt to your needs!):

net

# LAN on enp0s31f6
config_enp0s31f6="10.0.0.1/24"

# FastISP on enp59s0u2u4c2
config_enp59s0u2u4c2="192.168.1.10/24"
routes_enp59s0u2u4c2="default via 192.168.1.254"

# ReliableISP on enp0s20f0u4u4c2
config_enp0s20f0u5u3="192.168.0.10/24"

this assumes that your default route will go trough FastISP. You will be able to change this later on with a neat script, even on the fly.

Now, create the needed symlinks and start the networks:

 > for i in enp0s31f6 enp59s0u2u4c2 enp0s20f0u4u4c2
> do
 >   ln -s /etc/init.d/net.lo /etc/init.d/net.$i
>    rc-upate add net.$i default

Now you need to tell Gentoo that only one of these needs to be up for networking to be ready. If you don't do this, then all your services will fail as soon as one goes down. Edit the file /etc/rc.conf and change the following line to “NO”:

rc_depend_strict="NO"

One last step is to enable IP forwarding, since you will need this both for containerized services and the home network. Create a new file called /etc/sysctl.d/ip_forward.conf:

ip_forward.conf

net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter=1

Now either reboot or manually enable:

 > sysctl net.ipv4.ip_forward=1
> sysctl net.ipv4.conf.default.rp_filter=1

It's time you configure your local server to act as router for the home network….

DnsMasq

You should, now, route your home network to the outside world…

SNAT / script

<code>

routes setup script

Now you can access internet safely from the home network.

To learn how to reach the internal server from the internet, head to the SSH tunnel description