Friday, May 29, 2015

One ipaddress into many.



Ever go somewhere and you need to have several systems be able to access their network, but they say all you can have is one Ipaddress. An Ipaddress is like a phone number for a computer.  You can only have one per system under normal circumstances. Here with an extra system, we will show you how to do this.

A multitude of reasons exist as to why one would want to build a custom router vs. suffer with the performance, reliability issues, and limitations of an off-the-shelf solution. In the spirit of keeping this post short, I won’t launch into a long diatribe on the pros and cons of each here, but I have plenty of thoughts on this, so if you are interested, just ask.

What we are about to do is configure an incredibly fast and stable router/gateway solution for your home/office in about 15 minutes. (Note: This post assumes you already have your machine loaded up with a fresh copy of Ubuntu 14.04 or an equivalent and you have the two needed NICs installed.) This is not a firewall.

First, let’s make three initial assumptions:

    eth0 is the public interface (the Cable/DSL modem is attached to this NIC)
    eth1 is the private interface (your switch is connected to this NIC)
    All of the client computers, servers, WAPs, etc. are connected to the switch

Let’s get started with the configuration. Set your timer and type quickly! :)

1.) Configure the network interfaces
You may need to make sure for older systems that plug and play os is enabled. Change the “address”, “netmask”, and “broadcast” values to match your internal network preferences. They must be different from the host aka wan network.

sudo nano -w /etc/network/interfaces
# The external WAN interface (eth0) public
allow-hotplug eth0
iface eth0 inet dhcp

# The internal LAN interface (eth1) private
allow-hotplug eth1
iface eth1 inet static
   address 10.1.10.1
   netmask 255.255.255.0
   network 10.1.10.0
   broadcast 10.1.10.255

2. Install and configure DNSmasq
DNSmasq is DNS forwarder and DHCP server. Change “domain” to the FQDN of your network and “dhcp-range” to the desired range of DHCP addresses you would like your router to serve out to clients.

sudo apt-get install dnsmasq

nano -w /etc/dnsmasq.conf
interface=eth1
listen-address=127.0.0.1
domain=home.andreimatei.com
0dhcp-range=10.1.10.100,10.1.10.110,12h

3.) Enable IP Forwarding
Uncomment the following line:

sudo nano -w /etc/sysctl.conf
net.ipv4.ip_forward=1

4.) Configure iptables
We create a file called /etc/iptables.rules and put this rule set inside of it.  As an example, this set includes allowing tcp traffic in from the outside world on port 222 (I run SSH on this alternate port) and also port-forwards tcp port 50,000 to an internal machine with the ip of 10,1,10.3 Use this as a guide for your own rules.

Note that when you do this access to the system will be locked down amd ssh not work. In fact a ping to the system will be ignored.

sudo nano -w /etc/iptables.rules

*nat
-A PREROUTING -i eth0 -p tcp -m tcp --dport 50000 -j DNAT --to-destination 192.168.0.3:50000
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT

*filter
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 222 -j ACCEPT
-A INPUT -i eth0 -j DROP
-A FORWARD -i eth0 -p tcp -m tcp --dport 50000 -m state --state NEW -j ACCEPT
COMMIT

5.) Activate your iptables rules

iptables-restore < /etc/iptables.rules

6.) Ensure iptables rules start on boot
Insert the following line into your /etc/network/interfaces file right underneath “iface lo inet loopback”

nano -w /etc/network/interfaces
pre-up iptables-restore < /etc/iptables.rules

7.) Reboot and Verify
That’s it! After a reboot, you should now have a very basic Linux Router/Gateway for your network.

Run through

router:~$ sudo nano -w /etc/iptables.rules
[sudo] password for eddie:

router:~$ sudo iptables-restore < /etc/iptables.rules

router:~$ sudo nano -w /etc/network/interfaces

router:~$ sudo reboot

router:~$
Broadcast message from router
    (/dev/pts/0) at 8:44 ...

The system is going down for reboot NOW!
Connection to 192.168.1.102 closed by remote host.

Connection to 192.168.1.102 closed.

You should be able to use your router now.

Note: you should be able to do this with most any distro, but using different commands. Want to try this with a Pentium 1 and Slackware. Did not have time to trying before putting this article out.

oedt01:~$ ssh 192.168.1.102
192.168.1.102's password:
Welcome to Ubuntu 14.04.2 LTS (GNU/Linux 3.13.0-53-generic i686)

 * Documentation:  https://help.ubuntu.com/
Last login: Fri May 29 07:39:02 2015

router:~$ cd /etc

router:/etc$ sudo vim  dnsmasq.conf
[sudo] password for eddie:

router:/etc$ sudo vim /etc/network/interfaces

router:/etc$ sudo vim  dnsmasq.conf

router:/etc$ sudo service dnsmasq restart

 * Restarting DNS forwarder and DHCP server dnsmasq                      [ OK ]

router:/etc$ sudo service dnsmasq status
 * Checking DNS forwarder and DHCP server dnsmasq                                * (running)

Connect to the client side. We used a tablet and crossover adapter to check dnsmasq. You could use a network switch also.

Note: if you get a usb to ethernet adapter, you can make a mice little Raspberry Pi router. You could also use a wireless card for the lan, but that requires a bit more security,

 -------------------------------------------

You may also want to setup webmin to make managing the router easier.


It is not required, but installing webmin can make managing the router easier.

router:/etc$ cd

router:~$ wget http://prdownloads.sourceforge.net/webadmin/webmin_1.750_all.deb
--2015-05-29 08:15:22--  http://prdownloads.sourceforge.net/webadmin/webmin_1.750_all.deb
Resolving prdownloads.sourceforge.net (prdownloads.sourceforge.net)... 216.34.181.59
Connecting to prdownloads.sourceforge.net (prdownloads.sourceforge.net)|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/webadmin/webmin/1.750/webmin_1.750_all.deb [following]
--2015-05-29 08:15:22--  http://downloads.sourceforge.net/project/webadmin/webmin/1.750/webmin_1.750_all.deb
Resolving downloads.sourceforge.net (downloads.sourceforge.net)... 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://hivelocity.dl.sourceforge.net/project/webadmin/webmin/1.750/webmin_1.750_all.deb [following]
--2015-05-29 08:15:22--  http://hivelocity.dl.sourceforge.net/project/webadmin/webmin/1.750/webmin_1.750_all.deb
Resolving hivelocity.dl.sourceforge.net (hivelocity.dl.sourceforge.net)... 74.50.101.106
Connecting to hivelocity.dl.sourceforge.net (hivelocity.dl.sourceforge.net)|74.50.101.106|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 26195366 (25M) [application/octet-stream]
Saving to: ‘webmin_1.750_all.deb’

100%[======================================>] 26,195,366   586KB/s   in 42s   

2015-05-29 08:16:04 (614 KB/s) - ‘webmin_1.750_all.deb’ saved [26195366/26195366]

router:~$ sudo dpkg -i webmin_1.750_all.debSelecting previously unselected package webmin.
(Reading database ... 57184 files and directories currently installed.)
Preparing to unpack webmin_1.750_all.deb ...
Unpacking webmin (1.750) ...
dpkg: dependency problems prevent configuration of webmin:
 webmin depends on libnet-ssleay-perl; however:
  Package libnet-ssleay-perl is not installed.
 webmin depends on libauthen-pam-perl; however:
  Package libauthen-pam-perl is not installed.
 webmin depends on libio-pty-perl; however:
  Package libio-pty-perl is not installed.
 webmin depends on apt-show-versions; however:
  Package apt-show-versions is not installed.

dpkg: error processing package webmin (--install):
 dependency problems - leaving unconfigured
Processing triggers for ureadahead (0.100.0-16) ...
Errors were encountered while processing:
 webmin

There will probably be an error. There is an easy fix.

router:~$ sudo apt-get upgrade -f
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Correcting dependencies... Done
Calculating upgrade... Done
The following NEW packages will be installed:
  apt-show-versions libapt-pkg-perl libauthen-pam-perl libio-pty-perl
  libnet-ssleay-perl
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
Need to get 425 kB of archives.
After this operation, 1,752 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://us.archive.ubuntu.com/ubuntu/ trusty/main libnet-ssleay-perl i386 1.58-1 [242 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu/ trusty/universe libauthen-pam-perl i386 0.16-2build3 [27.8 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu/ trusty/main libio-pty-perl i386 1:1.08-1build4 [36.7 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu/ trusty/main libapt-pkg-perl i386 0.1.29build1 [84.5 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu/ trusty/universe apt-show-versions all 0.22.3 [33.9 kB]
Fetched 425 kB in 1s (226 kB/s)        
Selecting previously unselected package libnet-ssleay-perl.
(Reading database ... 82053 files and directories currently installed.)
Preparing to unpack .../libnet-ssleay-perl_1.58-1_i386.deb ...
Unpacking libnet-ssleay-perl (1.58-1) ...
Selecting previously unselected package libauthen-pam-perl.
Preparing to unpack .../libauthen-pam-perl_0.16-2build3_i386.deb ...
Unpacking libauthen-pam-perl (0.16-2build3) ...
Selecting previously unselected package libio-pty-perl.
Preparing to unpack .../libio-pty-perl_1%3a1.08-1build4_i386.deb ...
Unpacking libio-pty-perl (1:1.08-1build4) ...
Selecting previously unselected package libapt-pkg-perl.
Preparing to unpack .../libapt-pkg-perl_0.1.29build1_i386.deb ...
Unpacking libapt-pkg-perl (0.1.29build1) ...
Selecting previously unselected package apt-show-versions.
Preparing to unpack .../apt-show-versions_0.22.3_all.deb ...
Unpacking apt-show-versions (0.22.3) ...
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
Setting up libnet-ssleay-perl (1.58-1) ...
Setting up libauthen-pam-perl (0.16-2build3) ...
Setting up libio-pty-perl (1:1.08-1build4) ...
Setting up libapt-pkg-perl (0.1.29build1) ...
Setting up apt-show-versions (0.22.3) ...
** initializing cache. This may take a while **
Setting up webmin (1.750) ...
Webmin install complete. You can now login to https://router:10000/
as root with your root password, or as any user who can use sudo
to run commands as root.
Processing triggers for ureadahead (0.100.0-16) ...

No comments:

Post a Comment