Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux_router:ubuntu [2024-06-16 Sun wk24 12:09] baumkplinux_router:ubuntu [2025-05-22 Thu wk21 16:07] (current) – [Router Configuration & Server Setup] baumkp
Line 1: Line 1:
-{{tag>linux router "router configuration" setup debian ubuntu snap snaps}} +{{tag>linux router "router configuration" setup debian ubuntu snap snaps switch network}} 
-======Router Basic Debian Server Setup======+======Router Configuration, Switch & Server Setup======
  
 =====Router Configuration===== =====Router Configuration=====
Line 10: Line 10:
     - Track network traffic, allows traffic incoming only if response to out going (one way traffic) This is primary firewall action and primary security action! This is often confused with NAT, NAT is additional to this!     - Track network traffic, allows traffic incoming only if response to out going (one way traffic) This is primary firewall action and primary security action! This is often confused with NAT, NAT is additional to this!
   - NAT (Network Address Translation) is basically mandatory for IPv4 due to limited address space and optional for IPv6   - NAT (Network Address Translation) is basically mandatory for IPv4 due to limited address space and optional for IPv6
-    - NAT obfuscates Local IP addresses behind public addressable WAN IP address(es).  This obfuscation arguably provides some security. The key security is the restriction of gateway traffic into the LAN. See interesting notes on this from [[https://www.grc.com/nat/nat.htm|GRC NAT Router Security Solutions]], note that I do not necessarily agree with NAT being a primary security function.+    - NAT obfuscates Local IP addresses behind public addressable WAN IP address(es).  This obfuscation arguably provides some security. The key security is the restriction of gateway traffic into the LAN. See interesting notes on this from [[https://www.grc.com/nat/nat.htm|GRC NAT Router Security Solutions]], note that I do not necessarily agree with NAT being a primary security function (The primary security function is the firewall that only allows a type of one way start of discourseNAT does provide some obfuscation, but this is of very limited security value to an experience hacker, double NAT also allows double fire wall, but the performance affects and complexity on the LAN are simply not worth the trouble.  Also again many vectors of hacker attack can by-pass this type of security.)
     - NAT obfuscation wrecks simple end to end IP addressing that is required for some services, e.g. VoIP.  This requires additional services to compensate, e.g. STUN/TURN services.     - NAT obfuscation wrecks simple end to end IP addressing that is required for some services, e.g. VoIP.  This requires additional services to compensate, e.g. STUN/TURN services.
 +    - I have tried to use IPv6 via a HE tunnel arrangement, but felt this was not would the trouble in the end.  I am not sure if I would use NAT on a IPv6 LAN, but a good firewall is absolutely mandatory in all cases.
 Key networks services, such as DNS and DHCP are separate functions that a router may perform, although correct router setup is required to allow these services to function. Key networks services, such as DNS and DHCP are separate functions that a router may perform, although correct router setup is required to allow these services to function.
  
-=====Debian===== +=====Debian Router Setup===== 
-Basically the same as Ubuntu, except I tried with Debian Buster (10).  I updated to Debian Bullseye (11). When I updated to Bookwork (12) the update failed. then managed to corrupt the configuration files on the router..... Hopefully these notes expedite recovery.+Basically the same as Ubuntu, except I tried with Debian Buster (10).  I updated to Debian Bullseye (11). When I updated to Bookwork (12) the update failed. had managed to corrupt the configuration files on the router..... Hopefully these notes expedite recovery.
  
-Having used Ubuntu for the past many years I have grown use to netplan.  This is not native on Debian Buster, so needs to be installed: ''sudo apt install netplan.io''  it basically just seems to work.+Having used Ubuntu for the past many years I have grown use to netplan.  This is not native on Debian Buster, so needs to be installed: ''sudo apt install netplan.io''  it basically just seems to work.  Now I have gone back to preferring /etc/network/interfaces.
  
 One of the benefits of Debian is no **Snaps**!   Also a whole pile of other Ubuntu crud is not there! One of the benefits of Debian is no **Snaps**!   Also a whole pile of other Ubuntu crud is not there!
Line 23: Line 24:
 ---- ----
  
-=====Ubuntu=====+=====Ubuntu Router Setup=====
 ++++tl;dr;| ++++tl;dr;|
 +See [[https://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch/|The Ars guide to building a Linux router from scratch]]\\
 Download the latest Ubuntu Server amd64 ISO file from the Ubuntu website. I setup the IPMI KVM to provide virtual storage to the Ubuntu ISO file and started up the Router. The Ubuntu software loads up of the ISO across the KVM virtual storage setup and can be then setup as normal. When setting up Ubuntu below are some the of keypoints: Download the latest Ubuntu Server amd64 ISO file from the Ubuntu website. I setup the IPMI KVM to provide virtual storage to the Ubuntu ISO file and started up the Router. The Ubuntu software loads up of the ISO across the KVM virtual storage setup and can be then setup as normal. When setting up Ubuntu below are some the of keypoints:
   *I set-up Ubuntu to use LAN port 2, as I want to use LAN port 1 as the Router WAN port.   *I set-up Ubuntu to use LAN port 2, as I want to use LAN port 1 as the Router WAN port.
Line 45: Line 47:
 ---- ----
 ++++ ++++
 +
 +======Manual Network Setup======
 +A lot of network equipment, such as routers and managed switches come with a default access IP address. In most cases this address does not align with the existing address space.  These device usually can not be directly plugged into an existing address space and function correctly if at all.  Normally an individual computer needs to have a manual address assigned that matches the default equipment address to allow allow access to the equipment to change the default access address to match that required.  
 +
 +There are many ways to manually change the computer IP to facilitate this, and this depends upon the operating system and software used by that computer.  A key point is that the assigned manual address and address mask must place the manual assigned address in the same address range as the equipment to be configured.  It may not be the same address.  Say the equipment default assigned address is 192.168.56.34, then the computer must have an address assigned in the space 192.168.56.x/24 (or mask 255.255.255.0), where x is between 2 - 254, except in this case 34, which is the default assigned to the equipment to be configured. 
 +  * ''ip a add 192.168.1.200/24 dev eth0''  to add an IP address to interface eth0
 +  * ''ip a del 192.168.1.200/24 dev eth0''  to add an IP address to interface eth0
 +
 +Once the computer network has been manually assigned and network reset check that the network address and mask have been correctly set.  If the assigned network mask is incorrect, that is in most cases not /24 (255.255.255.0), such as /32 (255.255.255.255) it is unlikely that the computer will be able to communicate to the equipment. In linux the following commands can be used to help:
 +  * ''%%ip a%%'' will return the computer interface IP address and mask.
 +  * ''%%nmap -sn 192.168.56.x/24%%'' should list the local computer address and the connected equipment address.  If only the computer then it is unlikely a connection to the remote device is available.
 +  * If accessing the equipment via a web browser, open a new page and ensure that the page is open directly not from cache.
 +
 <-  linux_router:hardware|Prev page ^ linux_router:start|Start page ^ linux_router:network|Next page -> <-  linux_router:hardware|Prev page ^ linux_router:start|Start page ^ linux_router:network|Next page ->