Raspberry pi as a home router part 2: Basic routing

Introduction

In the previous article we turned TP-LINK router into VLAN-enhanced switch to support our “router on a stick” configuration. In this article we will configure basic routing and services needed to get working internet connection for your LAN devices. In this tutorial we will be using Raspberry PI version B (the one with fast ethernet port) and Raspbian linux – one of the most popular RPI linux distributions based on Debian.

Configuring VLAN interfaces

First we need to install proper kernel modules that add VLAN functionality. We will be issuing all commands as root.

apt-get install vlan

We need to make sure that the modules are loaded on system startup.

echo 8021q >> /etc/modules

Reboot your raspberry pi. If you don’t want to reboot it you can load it manually by typing:

modprobe 8021q

Next, it’s time to create VLAN subinterfaces. We could accomplish that by using vconfig utility but we want our configuration to persist through reboot so we will be editing proper configuration files. Interface eth0 will capture and transmit untagged frames. On the other hand interfaces eth0.N will work with tagged frames belonging to VLAN number N. Since we have chosen to tag both VLAN 1 and VLAN 2 on the trunk link in the previous part of the tutorial , we will create proper configuration for this scenario. I’ll just paste my configuration file. The file responsible for basic network configuration in Debian-like systems is /etc/network/interfaces:

auto lo eth0.1 eth0.2
allow-hotplug eth0
iface lo inet loopback

iface eth0.1 inet static
 address 192.168.33.1
 netmask 255.255.255.0
iface eth0.2 inet dhcp

The first line is very important. According to the debian documentation auto keyword means that the interface will start with the system. In my understanding if you skipped this you would have to start the interface manually each time using ifconfig eth0.1 up command. This is not the case. If you don’t include this line the interface will not even be created at startup so it is mandatory. allow-hotplug should bring the interface up when cable is plugged in if I understand it correctly but it’s still not working for me. This is minor flaw and I will think about fixing it later. You can reboot and check if the settings are applied.

WAN side

You should get your ip address from ISP automatically with the above settings. You can also configure it statically if your ISP gave you static IP address.

DNS servers addresses will be save automatically to the /etc/resolv.conf file.

LAN side – DHCP server

Devices in your LAN will be getting addresses from the DHCP server on your router. This is not mandatory – you can configure all of them statically, however I recommend setting up DHCP server because it is very easy. First install it:

apt-get install isc-dhcp-server

I also recommend installing a tool that will help you to easily manage which daemons will be started automatically at boot time:

apt-get install chkconfig

DHCP server configuration file is in /etc/dhcp/dhcpd.conf. You just have to add additional section at the bottom specifying the settings for your LAN subnet:

subnet 192.168.33.0 netmask 255.255.255.0 {
range 192.168.33.100 192.168.33.200;
option routers 192.168.33.1;
default-lease-time 86400;
max-lease-time 604800;
option domain-name-servers 8.8.8.8, 8.8.4.4;
}

range value defines addresses range that can be assigned dynamically

routers value is the default gateway

default-lease-time and max-lease-time – when a client requests the ip address, it is given to it only for a limited amount of time called the lease time. Default-lease-time is given when the client doesn’t ask for specific lease time. Max-lease-time is a maximum client can get.

domain-name-servers are addresses of DNS servers

You can add reservation for a client. This way that client will always get the same IP address from DHCP. The clients are recognized based on MAC address. Example:

host my_pc { hardware ethernet 01:23:45:67:89:ab ; fixed-address 192.168.33.20;}

Host name (my_pc in this case) is arbitrary and doesn’t have to correspond to any real value. Reservations should be configured outside of range of dynamically assigned addresses. If for some reason you need it to be in the middle of dynamic range you can split the range. For example, if you wanted to assign reservation for address 192.168.33.150 inside range 192.168.33.100-200, you can split the range in two:

range 192.168.33.100 192.168.33.149;
range 192.168.33.151 192.168.33.200;

In order to apply configuration changes you need to restart the DHCP server:

service isc-dhcp-server restart

To make sure that it is always started after reboot enter:

chkconfig isc-dhcp-server on

Routing

You don’t need to worry about basic routing. Routes for directly connected networks are automatically added to the routing table. Default gateway is automatically added to routing table by DHCP client based on the information from your ISP. You can display your routing table by issuing command:

route

You only need to enable routing because by default it is disabled. To enable it immediately (it will not persist after reboot):

echo 1 > /proc/sys/net/ipv4/ip_forward

To enable it permanently (reboot required) add or change or uncomment the following line in /etc/sysctl.conf:

net.ipv4.ip_forward=1

Network Address Translation

You need NAT so that multiple machines behind your router can use a single global IP address that ISP gives you. To enable NAT enter:

iptables -t nat -A POSTROUTING -o eth0.2 -j MASQUERADE

If you want to forward a port (for example port 80 on 192.168.33.138 internal address) to the server inside your LAN enter:

iptables -t nat -A PREROUTING -i eth0.2 -p tcp --dport 80 -j DNAT --to-destination 192.168.33.138:80

The changes will not persist through reboot. First, save the rules to the file:

iptables-save > /etc/iptables

Then you need to make sure those rules are applied when the system starts. A good place for that is to create a script inside /etc/network/if-pre-up.d directory. All scripts inside that directory are executed when the interface is brought up.

vi /etc/network/if-pre-up.d/iptables

Paste the following content:

#!/bin/bash

iptables-restore < /etc/iptables

exit 0

Then make sure it is executable:

chmod +x /etc/network/if-pre-up.d/iptables

You can display the contents of your iptables NAT table by typing:

iptables -L -t nat

Iptables is quite powerful linux firewall and it has much more features. I will make an article about them sometime later.

Summary

This should get your Raspberry Pi router up and running really fast but with basic functionalities (similar to the features of cheap 20$ routers). I will be covering more advanced topis later. It is very possible that I forgot something or I made a mistake. If so, please let me know down below in comments section.

Leave a Reply

Your email address will not be published. Required fields are marked *