Debian Server Network Setup
Debian Network - Server Interface Setup
As of Debian 10 (Buster) Debian still by default uses this interface Setup. It can be setup to use netplan inface.
Ubuntu (as of version 14.04) defaults to Predictable Network Interface Names, also see Systemd Docs. I have no problem with this. In any case, you should always check dev names and not assume names, such as “eth0”
To check available interfaces and names use: ip link
, or the more verbose ip a
.
The units 4 main port will be setup to look like a router with 1 WAN port and 3 LAN port. The WAN port will be setup on NIC1 with the LAN ports 1-3 will be on bridged NIC2-4.
Ensure the bridge utilities are loaded: sudo apt install bridge-utils
.
Edit the network configuration file: /etc/network/interfaces
as follows:
The following is a list of some stanza not used and why:
Note:
- Use
ip a
andip r
to analyse current network configuration - Use
sudo journalctl -xeu networking
to check any errors on networking
References:
- NetworkConfiguration see section on Bridging
Network - Netplan Setup
Debian still defaults to the interface style network setup. It can be set up to use netplan. It is very importqant to remember after installing and setting up netplan to disable the interfaces setup. This can be simply done by deleting, renaming, empting or commenting out the interfaces setup file.
Ubuntu now (as of version 14.04) defaults to Predictable Network Interface Names, also see Systemd Docs. I have no problem with this. In any case, you should always check dev names and not assume names, such as “eth0”
To check available interfaces and names use: ip link
, or the more verbose ip a
.
Netplan references is a good reference for setting up and using Netplan.
The NIC back panel layout:
IPMI_LAN DisplayPort USB2-1 USB3-1 LAN3(eth2) LAN4(eth3) HDMI USB2-0 USB3-0 LAN1(eth0) LAN2(eth1) VGA
Due to difficulties with the ISP it 2 modems were attempted in bridge mode; a Netgear DM200 and Draytek Vigor130. The premium Vigor 130 was selected for final use.
It is possible to access the modem web page. The modem manual clearly states that the modem address is “http://192.168.5.1” when in bridge mode.
The network must start-up the WAN NIC to allow pppoe modem Ethernet access and also assign a IP address on this NIC for modem web page access. As the modem is using 192.168.5.1 the router would assign the next address, 192.168.5.2.
To access the router modem webpage the router firewall must also be appropriately configured.
The remaining 3 NICs are setup in bridge mode as router LAN ports. When setup in bridge mode the 3 ports effectively act as a switch with any able to access the router LAN on 192.168.1.1 .
See the Netplan configuration below:
''sudo vim /etc/netplan/network.yaml''
sudo netplan –debug apply
To apply any changes to the network configuration.sudo netplan –debug generate
To generate backend specific configuration files.sudo netplan try
To try a new neplan configuration with automatic roll back.
As this setup is for a router the gateway stanza must not be set “#gateway4: 192.168.1.1”. The router is the gateway.
As the ipv6 tunnel uses the first to numerical ipv6/64 addresses; x:x:x:x::1 also the tunnel assigned gateway and x:x:x:x::2 the next simple ipv6 global static x:x:x:x::3 was used to identify the router.
As this router has a DNS server the “nameserver:” stanza can be set to this routers address e.g.: “addresses: [192.168.1.1]”
The use of the stanza “optional: true” on the LAN bridged NICs means during startup the system does not need to wait for these NICs to come up, potentially saving some boot time. The WAN NIC is required, so the optional sanza is not used here.
It is important that the network/interfaces method is disable or strange difficult to diagnose network affect may happen. Basically ensure that all items in file /etc/network/interfaces are commented out. For example:
ipv6 Hurricane Electric Setup notes
I set up the router network tunnel 6in4 to HEipv6. I could IPv6 ping WAN from the router, but could not so ping WAN from elsewhere on the local area network (lan).
The main tunnel connection is set up in the main network configuration file(s).
My routing table had 2001:470:1f2c:10d::/64 dev he-ipv6 proto kernel metric 256 pref medium
, I found that removing this from the routing table allowed remote lan access to function: The one off command to do this: sudo ip r del 2001:470:1f2c:10d::/64 dev he-ipv6
.
I looked for ways to adjust the netplan configuration, either to stop this line from being added, or increase its metric, but to no avail. So I created the following systemd service to perform this function on start-up after the network was up.“
To create and edit the service: sudo systemctl edit –force –full ipv6_start.service
, man systemctl
and search for
- The final command is used to enable the command to run at start-up:
sudo systemctl enable ipv6_start.service
. - This also needs to be performed after each time netplan apply is used:
sudo systemctl start ipv6_start.service
.
Router Configuration Network Setup
When I initially setup the router I want to use a different network setting. The following is my basic setup netplan yaml file.
''sudo vim /etc/netplan/50-cloud-init.yaml''
Currently Ubuntu (20.04) defaults to netplan.io, where as Debian 10 does not. So in Debian the /etc/network/interfaces
need to be disabled, if using netplan. Where as in Ubuntu the auto configuration needs to be disabled.
I am using Debian 12 now and am moving back to /etc/network/interfaces for network configuration. As the DHCP and DNS server now run in a VM/Docker containers, this simplifies settings on the main router functions.
I wrote 2 scripts to switch between configuration:
Use sudo bash tononrouter.sh
to move to non router configuration.
Use sudo bash tonrouter.sh
to move to non router configuration.
VLAN Info
My ISP states that its setup uses VLAN ID=0. This is a bit ambiguous, does this mean VLAN 801.1q is not used, or priority tagging 801.1p is used, which uses the full VLAN tag frame and has an effective VLAN ID = 0, but is referred to as a priority tag not VLAN? The general online documentation on this matter is vague too. Look's like an experiment to see what works is the only option: 1. Ignore 801.q VLAN entirely, and 2. Attempt too use VLAN priority tagging.
Load the vlan module: sudo apt install vlan
.
I tried a number of different configurations of VLAN using for example ip link add add link eno1 name eno1.1 vlan id 1
in the systemctl pppoe.service
configuration. I found that my ISP did not seem to need the VLAN defined, so I have not used, and not investigated further.
Some useful links:
- Wikipedia IEEE 802.1Q, IEEE P802.1p
- This one talks about reliable network target with systemdRunning Services After the Network is up.