This is an old revision of the document!
As of Debian 10 (Buster) Debian still by default uses this interface Setup. It can be setup to use netplan inface.
Ubuntu (as of version 14.04) defaults to Predictable Network Interface Names, also see Systemd Docs. I have no problem with this. In any case, you should always check dev names and not assume names, such as “eth0”
To check available interfaces and names use: ip link
, or the more verbose ip a
.
The units 4 main port will be setup to look like a router with 1 WAN port and 3 LAN port. The WAN port will be setup on NIC1 with the LAN ports 1-3 will be on bridged NIC2-4.
Ensure the bridge utilities are loaded: sudo apt install bridge-utils
.
Edit the network configuration file: /etc/network/interfaces
as follows:
/etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The WAN network interface
auto eno1
iface eno1 inet static
# set up ip address to access modem web page on WAN NIC
address 192.168.5.2
netmask 255.255.255.0
broadcast 192.168.5.255
# Then LAN networks are eno2 eno3 eno4 in bridged mode br1
# on the 192.168.1.1 subnet
auto br1
iface br1 inet static
bridge_ports eno2 eno3 eno4
address 192.168.1.1
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
dns-nameservers 192.168.1.1
bridge_stp off # disable Spanning Tree Protocol
bridge_fd 9 # forwarding delay
bridge_hello 5
bridge_maxage 60
The following is a list of some stanza not used and why:
++++
The gateway directive is not required as any traffic to 192.168.1.1 not on subnet /24 will be Netfiltered and if accepted passed to WAN
# gateway 192.168.1.1
auto eno2 and iface eno2 inet manual are not required as iface inet br1 will bring up the components assigned to it.
# iface eno2 inet manual
# iface eno3 inet manual
# iface eno4 inet manual
The use of allow-hotplug eth1 is not used as normally these interfaces should be running. The br1 interface will be used for virtual machine access and must be running to allow correct VM startup. During initial boot this will cause delays as attempts are made to find network devices, particularly any not used. These delays are necessary for reliable start-up and operation.
# allow-hotplug eno2
# iface eno2 inet manual
# pre-up ifconfig $IFACE up
# pre-down ifconfig $IFACE down
Each Ethernet hardware connection has its own defined unique MAC number, no need to define another. If Ethernet bonding were being used there maybe a need to use this stanza.
#hwaddress ether xx:xx:xx:xx:xx:xx
Debian still defaults to the interface style network setup. It can be set up to use netplan. It is very importqant to remember after installing and setting up netplan to disable the interfaces setup. This can be simply done by deleting, renaming, empting or commenting out the interfaces setup file.
Ubuntu now (as of version 14.04) defaults to Predictable Network Interface Names, also see Systemd Docs. I have no problem with this. In any case, you should always check dev names and not assume names, such as “eth0”
To check available interfaces and names use: ip link
, or the more verbose ip a
.
Netplan references is a good reference for setting up and using Netplan.
The NIC back panel layout:
IPMI_LAN
DisplayPort USB2-1 USB3-1 LAN3(eth2) LAN4(eth3)
HDMI USB2-0 USB3-0 LAN1(eth0) LAN2(eth1) VGA
Due to difficulties with the ISP it 2 modems were attempted in bridge mode; a Netgear DM200 and Draytek Vigor130. The premium Vigor 130 was selected for final use.
It is possible to access the modem web page. The modem manual clearly states that the modem address is “http://192.168.5.1” when in bridge mode.
The network must start-up the WAN NIC to allow pppoe modem Ethernet access and also assign a IP address on this NIC for modem web page access. As the modem is using 192.168.5.1 the router would assign the next address, 192.168.5.2.
To access the router modem webpage the router firewall must also be appropriately configured.
The remaining 3 NICs are setup in bridge mode as router LAN ports. When setup in bridge mode the 3 ports effectively act as a switch with any able to access the router LAN on 192.168.1.1 .
See the Netplan configuration below:
sudo vim /etc/netplan/network.yaml
|
network:
#setup network interfaces
version: 2
renderer: networkd
ethernets:
eno1: #start for pppoe and setup modem IP access
dhcp4: no
dhcp6: no
addresses:
- [192.168.5.2/24] #Access to the modem web interface
eno2:
dhcp4: no
dhcp6: no
optional: true
eno3:
dhcp4: no
dhcp6: no
optional: true
eno4:
dhcp4: no
dhcp6: no
optional: true
#Setup Bridge Interface
bridges:
br0:
addresses:
- 192.168.1.1/24 #IPv4
- "2001:470:1f2c:20c::3/64" #IPv6
interfaces: [eno2, eno3, eno4]
nameservers:
addresses: ["2001:470:1f2c:20c::3", 192.168.1.1, 9.9.9.9, 1.1.1.1]
parameters:
stp: off # disable Spanning Tree Protocol
forward-delay: 9 # forwarding delay
hello-time: 2 # see netplan.io for definition
max-age: 12 # see netplan.io for definition
#Setup Tunnel Interfaces
tunnels:
he-ipv6: # Hurricane Electric IPv6 tunnel
mode: sit
remote: 216.218.142.50
local: 112.213.222.38
addresses:
- "2001:470:1f2c:10d::2/64"
gateway6: "2001:470:1f2c:10d::1"
*''sudo netplan --debug apply'' To apply any changes to the network configuration.
*''sudo netplan --debug generate'' To generate backend specific configuration files.
*''sudo netplan try'' To try a new neplan configuration with automatic roll back.
As this setup is for a router the gateway stanza must not be set "#gateway4: 192.168.1.1". The router is the gateway.
As this router has a DNS server the "nameserver:" stanza can be set to this routers address e.g.: "addresses: [192.168.1.1]"
The use of the stanza "optional: true" on the LAN bridged NICs means during startup the system does not need to wait for these NICs to come up, potentially saving some boot time. The WAN NIC is required, so the optional sanza is not used here.
It is important that the network/interfaces method is disable or strange difficult to diagnose network affect may happen.
Basically ensure that all items in file /etc/network/interfaces are commented out. For example:
++++''sudo vim /etc/netplan/network.yaml''
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
#Using netplan.io, see /etc/netplan
#source /etc/network/interfaces.d/*
# The loopback network interface
#auto lo
#iface lo inet loopback
# The primary network interface
#allow-hotplug eno2
#iface eno2 inet dhcp
I set up the router network tunnel 6in4 to HEipv6. I could IPv6 ping WAN from the router, but could not so ping WAN from elsewhere on the local area network (lan).
My routing table had 2001:470:1f2c:10d::/64 dev he-ipv6 proto kernel metric 256 pref medium
, I found that removing this from the routing table allowed remote lan access to function: The one off command to do this: sudo ip r del 2001:470:1f2c:10d::/64 dev he-ipv6
.
I looked for ways to adjust the netplan configuration, either to stop this line from being added, or increase its metric, but to no avail. So I created the following systemd service to perform this function on start-up after the network was up.“
To create and edit the service: sudo systemctl edit –force –full ipv6_start.service
, man systemctl
and search for
[Unit]
Description=Remove route to he-ipv6
Wants=network.target
After=network-online.target
[Service]
Type=oneshot
ExecStart=:/bin/bash -c "ip r del 2001:470:1f2c:10d::/64 dev he-ipv6"
[Install]
WantedBy=multi.user.target default.target
When I initially setup the router I want to use a different network setting. The following is my basic setup netplan yaml file.
''sudo vim /etc/netplan/50-cloud-init.yaml''
# This file is generated from information provided by
# the datasource. Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
version: 2
renderer: networkd
ethernets:
# eno1 is always reservered for WAN only
eno2:
dhcp4: no
dhcp6: no
optional: true
eno3:
dhcp4: no
dhcp6: no
optional: true
eno4:
dhcp4: no
dhcp6: no
optional: true
#Setup Bridge Interface
bridges:
br0:
dhcp4: no
dhcp6: no
addresses: [192.168.1.6/24]
interfaces: [eno2, eno3, eno4]
gateway4: 192.168.1.1
nameservers:
addresses: [192.168.1.1]
parameters:
stp: off
forward-delay: 9s
hello-time: 2s
max-age: 12s
Currently Ubuntu (20.04) defaults to netplan.io, where as Debian 10 does not. So in Debian the /etc/network/interfaces
need to be disabled, if using netplan. Where as in Ubuntu the auto configuration needs to be disabled.
I wrote 2 scripts to switch between configuration:
''vim tononrouter.sh''
systemctl disable bind9
systemctl disable isc-dhcp-server
mv /etc/netplan/50-cloud-init.yaml.old /etc/netplan/50-cloud-init.yaml
mv /etc/netplan/network.yaml /etc/netplan/network.yaml.old
Use sudo bash tononrouter.sh
to move to non router configuration.
''vim torouter.sh''
systemctl enable bind9
systemctl enable isc-dhcp-server
mv /etc/netplan/50-cloud-init.yaml /etc/netplan/50-cloud-init.yaml.old
mv /etc/netplan/network.yaml.old /etc/netplan/network.yaml
Use sudo bash tonrouter.sh
to move to non router configuration.
My ISP states that its setup uses VLAN ID=0. This is a bit ambiguous, does this mean VLAN 801.1q is not used, or priority tagging 801.1p is used, which uses the full VLAN tag frame and has an effective VLAN ID = 0, but is referred to as a priority tag not VLAN? The general online documentation on this matter is vague too. Look's like an experiment to see what works is the only option: 1. Ignore 801.q VLAN entirely, and 2. Attempt too use VLAN priority tagging.
Load the vlan module: sudo apt install vlan
.
I tried a number of different configurations of VLAN using for example ip link add add link eno1 name eno1.1 vlan id 1
in the systemctl pppoe.service
configuration. I found that my ISP did not seem to need the VLAN defined, so I have not used, and not investigated further.
Some useful links: