Difference between revisions of "Novena Dogfood Setup"
(→Network Setup) |
(→DHCP server) |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
==Network Setup== | ==Network Setup== | ||
| − | + | Install required packages: | |
| − | auto eth1 | + | apt-get install bridge-utils |
| + | |||
| + | Replace /etc/network/interfaces with the following: | ||
| + | |||
| + | auto br0 eth1 lo | ||
| + | |||
| + | iface lo inet loopback | ||
| + | |||
iface eth1 inet static | iface eth1 inet static | ||
| − | + | address 210.23.25.254 | |
| − | + | gateway 210.23.25.253 | |
| − | + | network 210.23.25.252 | |
| + | netmask 255.255.255.252 | ||
| + | dns-nameserver 210.23.4.6 | ||
| + | dns-nameserver 210.23.1.3 | ||
| + | |||
| + | iface br0 inet static | ||
| + | bridge_ports wlan0 eth0 | ||
| + | address 10.0.49.1 | ||
| + | network 10.0.49.0 | ||
| + | netmask 255.255.255.0 | ||
| + | up /sbin/ifconfig br0 up | ||
| + | down /sbin/ifconfig br0 down | ||
| + | |||
| + | iface eth0 inet static | ||
| + | |||
| + | iface wlan0 inet static | ||
| + | |||
| + | Add the following to /etc/resolv.conf: | ||
| + | |||
| + | nameserver 210.23.4.6 | ||
| + | nameserver 210.23.1.3 | ||
| + | |||
| + | Create a file called /etc/iptables.up.rules: | ||
| + | |||
| + | *raw | ||
| + | :PREROUTING ACCEPT [7778:649264] | ||
| + | :OUTPUT ACCEPT [8166:10358462] | ||
| + | COMMIT | ||
| + | # Completed on Tue May 27 08:14:31 2014 | ||
| + | # Generated by iptables-save v1.4.21 on Tue May 27 08:14:31 2014 | ||
| + | *nat | ||
| + | :PREROUTING ACCEPT [1139:92224] | ||
| + | :INPUT ACCEPT [34:1862] | ||
| + | :OUTPUT ACCEPT [3:428] | ||
| + | :POSTROUTING ACCEPT [0:0] | ||
| + | -A POSTROUTING -j MASQUERADE | ||
| + | COMMIT | ||
| + | # Completed on Tue May 27 08:14:31 2014 | ||
| + | # Generated by iptables-save v1.4.21 on Tue May 27 08:14:31 2014 | ||
| + | *mangle | ||
| + | :PREROUTING ACCEPT [7778:649264] | ||
| + | :INPUT ACCEPT [6457:408198] | ||
| + | :FORWARD ACCEPT [1251:238839] | ||
| + | :OUTPUT ACCEPT [8166:10358462] | ||
| + | :POSTROUTING ACCEPT [9417:10597301] | ||
| + | COMMIT | ||
| + | # Completed on Tue May 27 08:14:31 2014 | ||
| + | # Generated by iptables-save v1.4.21 on Tue May 27 08:14:31 2014 | ||
| + | *filter | ||
| + | :INPUT ACCEPT [527:36345] | ||
| + | :FORWARD ACCEPT [341:42451] | ||
| + | :OUTPUT ACCEPT [614:811000] | ||
| + | -A INPUT -p udp -m udp --dport 53 -j DROP | ||
| + | -A FORWARD -i br0 -o eth1 -m conntrack --ctstate NEW -j ACCEPT | ||
| + | -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | ||
| + | COMMIT | ||
| + | # Completed on Tue May 27 08:14:31 2014 | ||
| + | |||
| + | Create /etc/network/if-pre-up.d/iptables: | ||
| + | #!/bin/sh | ||
| + | /sbin/iptables-restore < /etc/iptables.up.rules | ||
| + | |||
| + | Mark it as executable: | ||
| + | |||
| + | chmod a+x /etc/network/if-pre-up.d/iptables | ||
| + | |||
| + | Create /etc/sysctl.d/local.conf: | ||
| + | |||
| + | net.ipv4.ip_forward=1 | ||
| + | |||
| + | ==DHCP server== | ||
| + | Install ISC DHCP server: | ||
| + | |||
| + | apt-get install isc-dhcp-server | ||
| + | |||
| + | Edit /etc/default/isc-dhcp-server and set it to only start up on br0: | ||
| + | |||
| + | INTERFACES="br0" | ||
| + | |||
| + | Configure /etc/dhcp/dhcpd.conf: | ||
| + | |||
| + | ddns-update-style none; | ||
| + | |||
| + | option domain-name "bunniefoo.com"; | ||
| + | option domain-name-servers 210.23.4.6, 210.23.1.3; | ||
| + | |||
| + | default-lease-time 600; | ||
| + | max-lease-time 7200; | ||
| + | |||
| + | authoritative; | ||
| + | |||
| + | subnet 10.0.49.0 netmask 255.255.255.0 { | ||
| + | range 10.0.49.100 10.0.49.200; | ||
| + | option routers 10.0.49.1; | ||
| + | } | ||
| + | |||
| + | ==Wifi Host== | ||
| + | Install hostapd: | ||
| + | |||
| + | apt-get install hostapd | ||
| + | |||
| + | Add the configuration file /etc/hostapd/hostapd.conf: | ||
| + | |||
| + | interface=wlan0 | ||
| + | bridge=br0 | ||
| + | driver=nl80211 | ||
| + | country_code=SG | ||
| + | channel=2 | ||
| + | |||
| + | ssid=bunniefoo | ||
| + | wpa_passphrase=xxx | ||
| + | |||
| + | # These four, combined, enable 802.11n | ||
| + | hw_mode=g | ||
| + | ieee80211n=1 | ||
| + | wmm_enabled=1 | ||
| + | ht_capab=[HT40][SHORT-GI-40][RX-STBC1] | ||
| + | |||
| + | # Static WPA2 key configuration | ||
| + | #1=wpa1, 2=wpa2, 3=both | ||
| + | wpa=2 | ||
| + | |||
| + | # Encrypton | ||
| + | wpa_key_mgmt=WPA-PSK | ||
| + | rsn_pairwise=CCMP | ||
| + | auth_algs=3 | ||
| + | macaddr_acl=0 | ||
| + | ignore_broadcast_ssid=0 | ||
| + | |||
| + | # Needed for Windows clients | ||
| + | eapol_key_index_workaround=0 | ||
| − | + | Enable it by setting the config file in /etc/default/hostapd: | |
| − | + | ||
| − | + | DAEMON_CONF="/etc/hostapd/hostapd.conf" | |
| − | |||
| − | |||
| − | |||
Latest revision as of 08:50, 27 May 2014
Novena is now running, serving bunniefoo.com. This is what we had to do to configure it. The board is running Debian Jessie.
Network Setup
Install required packages:
apt-get install bridge-utils
Replace /etc/network/interfaces with the following:
auto br0 eth1 lo
iface lo inet loopback
iface eth1 inet static
address 210.23.25.254
gateway 210.23.25.253
network 210.23.25.252
netmask 255.255.255.252
dns-nameserver 210.23.4.6
dns-nameserver 210.23.1.3
iface br0 inet static
bridge_ports wlan0 eth0
address 10.0.49.1
network 10.0.49.0
netmask 255.255.255.0
up /sbin/ifconfig br0 up
down /sbin/ifconfig br0 down
iface eth0 inet static
iface wlan0 inet static
Add the following to /etc/resolv.conf:
nameserver 210.23.4.6 nameserver 210.23.1.3
Create a file called /etc/iptables.up.rules:
*raw :PREROUTING ACCEPT [7778:649264] :OUTPUT ACCEPT [8166:10358462] COMMIT # Completed on Tue May 27 08:14:31 2014 # Generated by iptables-save v1.4.21 on Tue May 27 08:14:31 2014 *nat :PREROUTING ACCEPT [1139:92224] :INPUT ACCEPT [34:1862] :OUTPUT ACCEPT [3:428] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -j MASQUERADE COMMIT # Completed on Tue May 27 08:14:31 2014 # Generated by iptables-save v1.4.21 on Tue May 27 08:14:31 2014 *mangle :PREROUTING ACCEPT [7778:649264] :INPUT ACCEPT [6457:408198] :FORWARD ACCEPT [1251:238839] :OUTPUT ACCEPT [8166:10358462] :POSTROUTING ACCEPT [9417:10597301] COMMIT # Completed on Tue May 27 08:14:31 2014 # Generated by iptables-save v1.4.21 on Tue May 27 08:14:31 2014 *filter :INPUT ACCEPT [527:36345] :FORWARD ACCEPT [341:42451] :OUTPUT ACCEPT [614:811000] -A INPUT -p udp -m udp --dport 53 -j DROP -A FORWARD -i br0 -o eth1 -m conntrack --ctstate NEW -j ACCEPT -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Tue May 27 08:14:31 2014
Create /etc/network/if-pre-up.d/iptables:
#!/bin/sh /sbin/iptables-restore < /etc/iptables.up.rules
Mark it as executable:
chmod a+x /etc/network/if-pre-up.d/iptables
Create /etc/sysctl.d/local.conf:
net.ipv4.ip_forward=1
DHCP server
Install ISC DHCP server:
apt-get install isc-dhcp-server
Edit /etc/default/isc-dhcp-server and set it to only start up on br0:
INTERFACES="br0"
Configure /etc/dhcp/dhcpd.conf:
ddns-update-style none;
option domain-name "bunniefoo.com";
option domain-name-servers 210.23.4.6, 210.23.1.3;
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 10.0.49.0 netmask 255.255.255.0 {
range 10.0.49.100 10.0.49.200;
option routers 10.0.49.1;
}
Wifi Host
Install hostapd:
apt-get install hostapd
Add the configuration file /etc/hostapd/hostapd.conf:
interface=wlan0 bridge=br0 driver=nl80211 country_code=SG channel=2 ssid=bunniefoo wpa_passphrase=xxx # These four, combined, enable 802.11n hw_mode=g ieee80211n=1 wmm_enabled=1 ht_capab=[HT40][SHORT-GI-40][RX-STBC1] # Static WPA2 key configuration #1=wpa1, 2=wpa2, 3=both wpa=2 # Encrypton wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP auth_algs=3 macaddr_acl=0 ignore_broadcast_ssid=0 # Needed for Windows clients eapol_key_index_workaround=0
Enable it by setting the config file in /etc/default/hostapd:
DAEMON_CONF="/etc/hostapd/hostapd.conf"
