Difference between revisions of "Router: Basic"

From ArchWiki
Jump to: navigation, search
(Defining Routes)
m
Line 1: Line 1:
 +
[[Category:Networking (English)]]
 
=Description=
 
=Description=
  

Revision as of 20:44, 18 October 2009

Description

If you'd like to build a router to forward connections to LAN client(s), you'll need the details of creating a basic router.

Hardware

You'll need to have at least two Network Card Interfaces (NIC's) on the computer you plan to use as a router. Once installed see that they are recognized by the kernel:

ifconfig -a

If the NIC(s) don't show up, then either 1) the kernel module (driver) will need be loaded, 2) the kernel will need to be rebuilt with support for the hardware, or 3) the kernel may not have support for the driver yet.

If there is a kernel module for you NIC, the generic Arch Linux kernel will likely have support for it. You can add it by:

modprobe <device-module>

If there is support in the kernel, but not in the Arch kernel take a look at Kernel Compilation with ABS.

Defining Routes

Routes are known paths of the network and can be added to the system-wide configuration file /etc/rc.conf:

eth0="dhcp"
eth1="eth1 192.168.0.7 netmask 255.255.255.0 broadcast 192.168.0.255"
INTERFACES=(eth0 eth1)

Here NIC eth0 will have it's routes defined by a DHCP server connected to the internet, and NIC eth1 is defined a static-route from within the IANA's three blocks of private internets:

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

With the example 192.168.0.7 you'll have a range of 192.168.0.0 to 192.168.0.255 of ip addresses that can be assigned to LAN client(s), minus 192.168.0.7.

Restart the network to define the routes:

/etc/rc.d/network restart

LAN Setup

For connecting to/from your LAN client(s), you can have to either add to the router a DHCP server (which will build the LAN client's routes for you) or define a static-route(s) manually.

DHCP Server

If you have a good number of LAN clients or would like dynamic IP's defined, add a DHCP server to the router. Dnsmasq is a lightweight DHCP server good for 50 or less LAN clients with a basic configuration. For a more industrial solution look at dhcp.

Static-Route

To assign a static-route (for example on a Arch Linux LAN client):

eth0="eth0 192.168.0.100 netmask 255.255.255.0 broadcast 192.168.0.255"
gateway="default gw 192.168.0.7"
ROUTES=(gateway)

Forward Requests

The kernel will need to be told it's allowed to forward packets to/from the LAN clients:

echo 1 > /proc/sys/net/ipv4/ip_forward

To permanently set this, enable ip forwarding in /etc/sysctl.conf:

net.ipv4.ip_forward=1

Redirection of packets to/from the LAN client(s) can be done with iptables.

pacman -S iptables

And add the rule:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

The rule can be added permanently in /etc/rc.local though you'll probably want to create a bash script for it to build a firewall later. More information about firewalls can be found on Simple stateful firewall HOWTO.