Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux_router:network [2022-04-03 Sun wk13 11:10] – [Debian / Ubuntu Network - Interface Setup] baumkplinux_router:network [2023-07-08 Sat wk27 10:13] (current) – [Debian / Ubuntu Network - Interface Setup] baumkp
Line 19: Line 19:
   # This file describes the network interfaces available on your system   # This file describes the network interfaces available on your system
   # and how to activate them. For more information, see interfaces(5).   # and how to activate them. For more information, see interfaces(5).
-  source /etc/network/interfaces.d/*+   
 +  source /etc/network/interfaces.d/* 
 +  
   # The loopback network interface   # The loopback network interface
   auto lo   auto lo
Line 25: Line 27:
  
   # The WAN network interface   # The WAN network interface
-  auto eno1 +  auto eno1 eno1:0 
-  iface eno1 inet static +  iface eno1 inet dhcp 
-    # set up ip address to access modem web page on WAN NIC  +  # dhcp for IP/DHCP WAN (static? for PPPOE) 
-    address 192.168.5.2 +  # set up static ip address to access modem web page on WAN NIC  
-    netmask 255.255.255.+  iface eno1:inet static 
-    broadcast 192.168.5.255+    address 192.168.5.2/24
   
   # Then LAN networks are eno2 eno3 eno4 in bridged mode br1   # Then LAN networks are eno2 eno3 eno4 in bridged mode br1
   # on the 192.168.1.1 subnet   # on the 192.168.1.1 subnet
-  auto br1 +  auto br0 
-  iface br1 inet static+  iface br0 inet static
     bridge_ports eno2 eno3 eno4     bridge_ports eno2 eno3 eno4
-    address 192.168.1.1 +    address 192.168.1.1/24 
-    network 192.168.1.+    dns-nameservers 192.168.1.14 192.168.1.2 9.9.9.9
-    netmask 255.255.255.0 +
-    broadcast 192.168.1.255 +
-    dns-nameservers 192.168.1.1+
     bridge_stp off  # disable Spanning Tree Protocol     bridge_stp off  # disable Spanning Tree Protocol
-    bridge_fd 9  # forwarding delay +    #bridge_fd 9  # forwarding delay  # use default? 
-    bridge_hello 5 +    #bridge_hello 5  # use default? 
-    bridge_maxage 60+    #bridge_maxage 60  # use default?
 </code> </code>
 +++++
 The following is a list of some stanza not used and why: The following is a list of some stanza not used and why:
 +++++tl;dr;|
 <code> <code>
-++++ 
- 
 The gateway directive is not required as any traffic to 192.168.1.1 not on subnet /24 will be Netfiltered and if accepted passed to WAN The gateway directive is not required as any traffic to 192.168.1.1 not on subnet /24 will be Netfiltered and if accepted passed to WAN
   # gateway 192.168.1.1   # gateway 192.168.1.1
Line 67: Line 66:
 Each Ethernet hardware connection has its own defined unique MAC number, no need to define another. If Ethernet bonding were being used there maybe a need to use this stanza. Each Ethernet hardware connection has its own defined unique MAC number, no need to define another. If Ethernet bonding were being used there maybe a need to use this stanza.
   #hwaddress ether xx:xx:xx:xx:xx:xx   #hwaddress ether xx:xx:xx:xx:xx:xx
-</code> 
  
 +The "modern" way to specify static ip address as address 192.168.1.0/24'' this automatically assigns the network, netmask and broadcast addresses.
 +
 +The old fashion way was to manual assign as follows:
 +address 192.168.1.32
 +network 192.168.1.0
 +netmask 255.255.255.0
 +broadcast 192.168.1.255
 +Perhaps this is still required in special cases?
 +
 +</code>
 +++++
 +Note:
 +  *Use ''ip a'' and ''ip r'' to analyse current network configuration
 +  *Use ''sudo journalctl -xeu networking'' to check any errors on networking
 +References:
 +  *[[https://wiki.debian.org/NetworkConfiguration|NetworkConfiguration]] see section on Bridging
 +  *[[https://manpages.debian.org/bookworm/bridge-utils/bridge-utils-interfaces.5.en.html|/ bookworm / bridge-utils / bridge-utils-interfaces(5)]]
  
 =====Network - Netplan Setup===== =====Network - Netplan Setup=====
Line 105: Line 120:
   ethernets:   ethernets:
     eno1: #start for pppoe and setup modem IP access     eno1: #start for pppoe and setup modem IP access
-      dhcp4: no +      dhcp4: yes # yes for dhcp, no for pppoe 
-      dhcp6: no+      dhcp6: yes # yes for dhcp, no for pppoe or not required
       addresses:        addresses: 
          - [192.168.5.2/24] #Access to the modem web interface          - [192.168.5.2/24] #Access to the modem web interface
Line 141: Line 156:
       mode: sit       mode: sit
       remote: 216.218.142.50       remote: 216.218.142.50
-      local: 112.213.222.38+      local: 207.7.254.238
       addresses:       addresses:
          - "2001:470:1f2c:10d::2/64"          - "2001:470:1f2c:10d::2/64"
Line 150: Line 165:
   *''sudo netplan --debug generate'' To generate backend specific configuration files.   *''sudo netplan --debug generate'' To generate backend specific configuration files.
   *''sudo netplan try'' To try a new neplan configuration with automatic roll back.   *''sudo netplan try'' To try a new neplan configuration with automatic roll back.
-As this setup is for a router the gateway stanza must not be set "#gateway4: 192.168.1.1". The router is the gateway.+As this setup is for a router the gateway stanza must not be set "#gateway4: 192.168.1.1". The router is the gateway.\\ 
 + 
 +As the ipv6 tunnel uses the first to numerical ipv6/64 addresses; x:x:x:x::1 also the tunnel assigned gateway and x:x:x:x::2 the next simple ipv6 global static x:x:x:x::3 was used to identify the router.
  
 As this router has a DNS server the "nameserver:" stanza can be set to this routers address e.g.: "addresses: [192.168.1.1]" As this router has a DNS server the "nameserver:" stanza can be set to this routers address e.g.: "addresses: [192.168.1.1]"
Line 158: Line 175:
 It is important that the network/interfaces method is disable or strange difficult to diagnose network affect may happen. It is important that the network/interfaces method is disable or strange difficult to diagnose network affect may happen.
 Basically ensure that all items in file /etc/network/interfaces are commented out. For example: Basically ensure that all items in file /etc/network/interfaces are commented out. For example:
-++++''sudo vim /etc/netplan/network.yaml''|+++++''sudo vim /etc/network/interfaces''|
 <code> <code>
 # This file describes the network interfaces available on your system # This file describes the network interfaces available on your system
Line 179: Line 196:
 ====ipv6 Hurricane Electric Setup notes==== ====ipv6 Hurricane Electric Setup notes====
 I set up the router network tunnel 6in4 to HEipv6.  I could IPv6 ping WAN from the router, but could not so ping WAN from elsewhere on the local area network (lan).\\ I set up the router network tunnel 6in4 to HEipv6.  I could IPv6 ping WAN from the router, but could not so ping WAN from elsewhere on the local area network (lan).\\
 +The main tunnel connection is set up in the main network configuration file(s).\\
 My routing table had ''2001:470:1f2c:10d::/64 dev he-ipv6 proto kernel metric 256 pref medium'', I found that removing this from the routing table allowed remote lan access to function: The one off command to do this: ''sudo ip r del 2001:470:1f2c:10d::/64 dev he-ipv6''.\\ My routing table had ''2001:470:1f2c:10d::/64 dev he-ipv6 proto kernel metric 256 pref medium'', I found that removing this from the routing table allowed remote lan access to function: The one off command to do this: ''sudo ip r del 2001:470:1f2c:10d::/64 dev he-ipv6''.\\
 I looked for ways to adjust the netplan configuration, either to stop this line from being added, or increase its metric, but to no avail.  So I created the following systemd service to perform this function on start-up after the network was up."\\ I looked for ways to adjust the netplan configuration, either to stop this line from being added, or increase its metric, but to no avail.  So I created the following systemd service to perform this function on start-up after the network was up."\\
 To create and edit the service: ''sudo systemctl edit --force --full ipv6_start.service'', ''man systemctl'' and search for  To create and edit the service: ''sudo systemctl edit --force --full ipv6_start.service'', ''man systemctl'' and search for 
 +++++ipv6_start.service|
 <code> <code>
 [Unit] [Unit]
Line 195: Line 214:
 WantedBy=multi.user.target default.target  WantedBy=multi.user.target default.target 
 </code> </code>
 +++++
   *The final command is used to enable the command to run at start-up: ''sudo systemctl enable ipv6_start.service''.   *The final command is used to enable the command to run at start-up: ''sudo systemctl enable ipv6_start.service''.
   *This also needs to be performed after each time netplan apply is used:  ''sudo systemctl start ipv6_start.service''.   *This also needs to be performed after each time netplan apply is used:  ''sudo systemctl start ipv6_start.service''.
Line 240: Line 260:
 </code> ++++ </code> ++++
 Currently Ubuntu (20.04) defaults to netplan.io, where as Debian 10 does not. So in Debian the ''/etc/network/interfaces'' need to be disabled, if using netplan. Where as in Ubuntu the auto configuration needs to be disabled. Currently Ubuntu (20.04) defaults to netplan.io, where as Debian 10 does not. So in Debian the ''/etc/network/interfaces'' need to be disabled, if using netplan. Where as in Ubuntu the auto configuration needs to be disabled.
 +
 +I am using Debian 12 now and am moving back to /etc/network/interfaces for network configuration.  As the DHCP and DNS server now run in a VM/Docker containers, this simplifies settings on the main router functions. 
  
 I wrote 2 scripts to switch between configuration: I wrote 2 scripts to switch between configuration:
 ++++ ''vim tononrouter.sh'' | ++++ ''vim tononrouter.sh'' |
 <code> <code>
-systemctl disable bind9 +#systemctl disable bind9 
-systemctl disable isc-dhcp-server +#systemctl disable isc-dhcp-server 
-mv /etc/netplan/50-cloud-init.yaml.old /etc/netplan/50-cloud-init.yaml +#systemctl disable nftables 
-mv /etc/netplan/network.yaml /etc/netplan/network.yaml.old+#systemctl disable pppoe 
 +#mv /etc/netplan/50-cloud-init.yaml.old /etc/netplan/50-cloud-init.yaml 
 +#mv /etc/netplan/network.yaml /etc/netplan/network.yaml.old 
 +ln -sf /etc/nftables.conf.orig /etc/nftables.conf 
 +#ln -sf /etc/nftables.conf.router /etc/nftables.conf 
 +ln -sf /etc/network/interfaces.orig /etc/network/interfaces 
 +#ln -sf /etc/network/interfaces.router /etc/network/interfaces
 </code> ++++ </code> ++++
  
Line 254: Line 282:
 ++++ ''vim torouter.sh'' | ++++ ''vim torouter.sh'' |
 <code> <code>
-systemctl enable bind9 +#systemctl enable bind9 
-systemctl enable isc-dhcp-server +#systemctl enable isc-dhcp-server 
-mv /etc/netplan/50-cloud-init.yaml /etc/netplan/50-cloud-init.yaml.old +#systemctl enable nftables 
-mv /etc/netplan/network.yaml.old /etc/netplan/network.yaml+#systemctl enable pppoe 
 +#mv /etc/netplan/50-cloud-init.yaml  /etc/netplan/50-cloud-init.yaml.old 
 +#mv /etc/netplan/network.yaml.old  /etc/netplan/network.yaml 
 +#mv /etc/netplan/50-cloud-init.yaml.old /etc/netplan/50-cloud-init.yaml 
 +#mv /etc/netplan/network.yaml /etc/netplan/network.yaml.old 
 +#ln -sf /etc/nftables.conf.orig /etc/nftables.conf 
 +ln -sf /etc/nftables.conf.router /etc/nftables.conf 
 +#ln -sf /etc/network/interfaces.orig /etc/network/interfaces 
 +ln -sf /etc/network/interfaces.router /etc/network/interfaces 
 </code> ++++ </code> ++++
 Use ''sudo bash tonrouter.sh'' to move to non router configuration. Use ''sudo bash tonrouter.sh'' to move to non router configuration.