|
Size: 10546
Comment:
|
Size: 10647
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 253: | Line 253: |
= Configuring the Firewall = == Background == == The Firewall Script == = DHCP and DNS = |
This is where the new Ubuntu Router page is in development, please visit ["UbuntuWirelessRouter/New"] for more information
1. Setting up an Ubuntu Wired/Wirless Router
1.1. Preface
This article exists due a lack of concise information and easily followed instructions on the subject of setting up a wired and/or wireless Ubuntu router. It is intended for intermediate and advanced users who have or would like to set up a dedicated Ubuntu installation acting as a router at home or in their office. The end result is a powerful router that can provide functionality similar to popular products (for example, the Linksys WRT54G).
1.2. Technical Overview
The router that will be created is an Internet gateway for wired and/or wireless clients to share one broadband connection with one IP address.
The basics this router will provide are:
- A firewall
- IP Masquerading
- Port forwarding (optional)
- DHCP server
- DNS caching server
2. Prerequisites
2.1. Broadband Connection
A broadband connection like a cable or DSL modem is required. Your broadband service provider must either provide the necessary information to configure your IP address statically or provide a dynamically assigned address via DHCP.
2.2. Router Hardware
You'll need a dedicated computer to act as the router. The computer can use old hardware and having the minimum requirements to install Ubuntu should suffice. The author of this article runs his router on a P3 600mhz processor with 256MB of RAM. You are encouraged use this as a server for other applications perhaps by installing postfix, apache, mysql, and/or samba. This guide recommends a server installation of Ubuntu, but there's no reason why a desktop installation wouldn't work. If you plan to be able to access the router remotely, install ssh before proceeding.
The following needs to be physically installed and recognized by the kernel on your router:
- A network adapter connected to the broadband cable or DSL modem
For a wired network,
- Another network adapter connected to a hub or switch
For a wireless network,
- A wireless network adapter (which must be able to be set in "master" mode)
sudo iwconfig <device name> mode master should not return an error
If your wireless network adapter is not recognized by your server installation of Ubuntu, it may use the madwifi chipset (like the D-Link DWL-G520). Please visit ["Router/Madwifi"] for more information.
- A wireless network adapter (which must be able to be set in "master" mode)
For both a wired and wireless network,
- All of the above
Running ifconfig -a will show you what network interfaces are available.
3. Internal Network Information
Here are the values we'll use to set up your internal network. Advanced users use caution when changing them as the changes will need to be reflected in all further router configuration.
Router |
|
Address |
192.168.0.1 |
Network |
192.168.0.0 |
Netmask |
255.255.255.0 |
Broadcast |
192.168.0.255 |
Clients |
|
Addresses |
192.168.0.2 - 192.168.0.254 |
Netmask |
255.255.255.0 |
Broadcast |
192.168.0.255 |
Gateway |
192.168.0.1 |
4. Setting Up Your Network Interfaces
4.1. Device Naming Overview
Network Device |
Internal or External Network |
Description |
eth0 |
External |
Network adapter connected to an external network (your broadband connection) |
eth1 |
Internal |
Network adapter connected to a hub or switch |
wlan0 |
Internal |
Wireless network adapter |
br0 |
Internal |
Network bridge between eth1 and wlan0 that will treat the two like one device |
It is important to note that the names of the network devices above (eth0, eth1, and wlan0) are used as convention. It is very likely that your router will recognize its devices under different names (for example, madwifi calls its wireless device ath0). Please substitute the names of your device accordingly. For information about how to change the names of your network devices, try man iftab.
4.2. Taking a Backup
Issue the following command to take a backup of your current network configuration: {{{sudo cp /etc/network/interfaces /etc/network/interfaces.bak }}}
4.3. Configuring External Network Interfaces
4.3.1. Configuring ifup
Here, we configure the Ubuntu networking system to bring the the local loopback and external network interfaces up by editing /etc/networking/interfaces. The primary goal here is to set up your external network interface (eth0, or whatever you're using in place of it) to be brought up by the networking subsystem. The examples below are only for the most basic setups. If your setup requires additional configuration, for example you need to setup [:ADSLPPPoE:ADSL with PPPoE], adapt the following examples so that the end result is your external network interface connected to the Internet.
4.3.1.1. For Dynamic IP Addresses (DHCP) Only
Open /etc/network/interfaces with your favourite editor. Delete everything and paste in what is below. Follow the commented out instructions carefully.
{{{# Set up the local loopback interface auto lo iface lo inet loopback
# Set up the external interface # # Don't forget to change eth0 to the proper name of the external # interface if applicable. # auto eth0 iface eth0 inet dhcp}}}
4.3.1.2. For Static IP Address Only
Open /etc/network/interfaces with your favourite editor. Delete everything and paste in what is below. Follow the commented out instructions carefully.
{{{# Set up the local loopback interface auto lo iface lo inet loopback
# Set up the External interface # # For every xxx.xxx.xxx.xxx, enter the numeric address given to you # by your Internet provider. Don't forget to change eth0 to the proper # name of the external interface if applicable. # auto eth0 iface eth0 inet static
- address xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx gateway xxx.xxx.xxx.xxx}}}
Now, set up your DNS servers as given to you by your service provider in /etc/resolv.conf, which should look something like this {{{nameserver xxx.xxx.xxx.xxx nameserver xxx.xxx.xxx.xxx}}}
You can visit the [https://help.ubuntu.com/6.06/ubuntu/serverguide/C/network-configuration.html Ubuntu Server Guide - Network Configuration] documentation for more information
4.3.2. Testing Connectivity
Reload the network configuration and test for connectivity, {{{sudo /etc/init.d/networking restart ping -c 3 -W 10 ubuntu.com}}} And if all goes well something similar should return: {{{PING ubuntu.com (82.211.81.166) 56(84) bytes of data. 64 bytes from signey.ubuntu.com (82.211.81.166): icmp_seq=1 ttl=43 time=99.9 ms 64 bytes from signey.ubuntu.com (82.211.81.166): icmp_seq=2 ttl=43 time=109 ms 64 bytes from signey.ubuntu.com (82.211.81.166): icmp_seq=3 ttl=43 time=100 ms
--- ubuntu.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 99.982/103.450/109.419/4.254 ms}}}
4.4. Configuring Internal Network Interfaces
4.4.1. Wired Only
Append the following to /etc/network/interfaces and follow the commented out instructions carefully. {{{# Set up the internal wired network # # Don't forget to change eth1 to the proper name of the internal # wired network interface if applicable. # auto eth1 iface eth1 inet static
- address 192.168.0.1 network 192.168.0.0 netmask 255.255.255.0 broadcast 192.168.0.255}}}
Your internal network interface is: eth1 (or whatever you're using in place of it)
4.4.2. Wireless Only
If you plan on using WEP, generate a network key, {{{dd if=/dev/random bs=1 count=13 2>/dev/null | xxd -p }}}
Append the following to /etc/network/interfaces and follow the commented out instructions carefully. {{{# Set up the internal wireless network # # Don't forget to change wlan0 to the proper name of the internal # wireless network interface if applicable. # # If you would like to use WEP, uncomment the line 'wireless-key' # and replace '<key goes here>' with a WEP key. # # You may also change the network essid and channel. # auto wlan0 iface wlan0 inet static
- wireless-mode master
wireless-essid "UbuntuWireless" wireless-channel 1 #wireless-key <key goes here> address 192.168.0.1 network 192.168.0.0 netmask 255.255.255.0 broadcast 192.168.0.255}}}
Your internal network interface is: wlan0 (or whatever you're using in place of it)
4.4.3. Both Wired and Wireless
First install the necessary tools to create a network bridge, {{{sudo apt-get install bridge-utils }}}
If you plan on using WEP, generate a network key, {{{dd if=/dev/random bs=1 count=13 2>/dev/null | xxd -p }}}
Append the following to /etc/network/interfaces and follow the commented out instructions carefully. {{{# Set up the internal wireless network # # Don't forget to change wlan0 to the proper name of the internal # wireless network interface if applicable. # # If you would like to use WEP, uncomment the line 'wireless-key' # and replace '<key goes here>' with a WEP key. # # You may also change the network essid and channel. # auto wlan0 iface wlan0 inet manual
- wireless-mode master
wireless-essid "UbuntuWireless" wireless-channel 1 #wireless-key <key goes here>
# Set up the internal wired network # # It's not necessary to bring this interface up as the bridge # we are about to create does this. Leave these lines commented. # #auto eth1 #iface eth1 inet manual
# Set up the internal wired/wireless network bridge # # Don't forget to change wlan0 and eth1 to the proper name of # the internal wired and wireless interfaces if applicable. # auto br0 iface br0 inet static
- address 192.168.0.1 network 192.168.0.0 netmask 255.255.255.0 broadcast 192.168.0.255 bridge-ports eth1 wlan0}}}
Your internal network interface is: br0
4.5. Restart Networking
Now, if the following command is executes successfully, your networking devices have been properly configured. {{{sudo /etc/init.d/networking restart }}}
5. Configuring the Firewall
5.1. Background
5.2. The Firewall Script