User Tools

Site Tools

Translations of this page:
en

en:bpi-r2:network:start

Network-Configuration

ip-command needs package iproute2

Configuration on this page is based on debian stretch, should work the same way with Ubuntu needs Kernel 4.14 or above (DSA-driver for Port-separation)

in Kernel 4.14 eth0 is the connection between CPU and the Switch-Circuit (mt7530), on which the Ports wan and lan0-4 are connected. this connection have to be set to “up” first.

bringing up then cpu-port(s)

ip link set eth0 up
ip link set eth1 up

or via /etc/network/interfaces

auto eth0
iface eth0 inet manual
  pre-up ip link set $IFACE up
  post-down ip link set $IFACE down

auto eth1
iface eth1 inet manual
  pre-up ip link set $IFACE up
  post-down ip link set $IFACE down

the mapping of ports to gmac is defined in dts-file and can be shown with “ip a”

With 4.14 >.52 on my repo gmac #2 (eth1) is added and wan is connected to this.

by default each lan-port is separated and needs an own ip-configuration in different subnets

most users like to use all lan-ports in 1 network-segment, so these can be bridged together to make only 1 ip-configuration for “LAN

MAC-Address

The MAC-address can only be set for the GMAC (connection between Switch and CPU). In Kernel 4.14 only 1 GMAC is detected (eth0). There are 2 GMACs in Hardware.

UDEV-way from here

$ cat /etc/udev/rules.d/00-static-mac-address.rules
ACTION=="add", SUBSYSTEM=="net", KERNELS=="1b100000.ethernet", RUN+="/sbin/ip link set dev %k address ae:fc:de:ad:be:ef"

/etc/network/interfaces

iface lan0 inet static
  address 192.168.0.10
  netmask 255.255.255.0
  gateway 192.168.0.5
#  pre-up ip link set $IFACE up
  pre-up ip link set $IFACE address 02:01:02:03:04:08 up

IP

permanent

/etc/network/interfaces:

#first set the upstream-Port (NIC between CPU and MT7530-Switch) up
auto eth0
iface eth0 inet manual
  pre-up ip link set $IFACE up
  post-down ip link set $IFACE down

auto eth1
iface eth1 inet manual
  pre-up ip link set $IFACE up
  post-down ip link set $IFACE down

#then configure the lan-ports
auto lan0
iface lan0 inet static
  hwaddress ether 08:00:00:00:00:00 # if you want to set MAC manually
  address 192.168.0.10
  netmask 255.255.255.0
  gateway 192.168.0.5
  pre-up ip link set $IFACE up
  post-down ip link set $IFACE down
  

temporary

ifconfig lan0 192.168.0.10 netmask 255.255.255.0 broadcast 192.168.0.255
ip addr add 192.168.0.10/24 broadcast 192.168.0.255 dev lan0

make sure only 1 port is in the specific subnet.

ip a
#or
ip addr show lan0

DHCP

Client

/etc/network/interfaces:

auto lan3
allow-hotplug lan3
iface lan3 inet dhcp

Renew ip via

sudo dhclient -v -r lan3

Server

/etc/dnsmasq.conf (activate line by removing # on begin of line)

conf-dir=/etc/dnsmasq.d

/etc/dnsmasq.d/interfaces.conf

interface=wlan1
interface=ap0
 
# DHCP-Server not active for Interface
no-dhcp-interface=eth0
no-dhcp-interface=eth1
 
#dhcp-authoritative (interface+range+leasetime, default-gateway-ip as option 3)
dhcp-range=ap0,192.168.10.100,192.168.10.150,255.255.255.0,48h
dhcp-option=ap0,3,192.168.10.1
dhcp-range=wlan1,192.168.11.100,192.168.11.150,255.255.255.0,48h
dhcp-option=wlan1,3,192.168.11.1

/etc/dnsmasq.d/interfaces.conf

service dnsmasq start

more info here: dnsmasq

IPv6

NAT/Routing

NAT

to enable Network Adress Translation (net with private IPs behind one public IP)

ipt=/sbin/iptables
if_wan=wan
${ipt} -t nat -A POSTROUTING -o ${if_wan} -j MASQUERADE

HW-Nat

HW-Nat is currently only available in LEDE (Kernel 4.9)

i have merged the Lede-Patches to my 4.9-main and ported to 4.14 (4.14-hnat), see HW-NAT

Routing

enable routing for IPv4

echo 1 > /proc/sys/net/ipv4/ip_forward

alternative:

nano /etc/sysctl.conf
#activate net.ipv4.ip_forward=1 and net.ipv6.conf.all.forwarding=1 by removing # at beginning of line
sysctl -p /etc/sysctl.conf

manipulating default route:

ip route del default
ip route add default via 192.168.50.2

show routing table

ip route show

remember you need DNS-resolving (/etc/resolv.conf) for translating domains to ip-addresses

adding static routes to other networks

Pakets are sent to the default-gateway, if the net is not known (directly connected or route available). In normal home-networks there is only 1 router and in this the default-gateway is the Internet-interface and on client-PCs the default-gateway is this router.

static routes are needed, if a net is not directly connected to a router and not accessable via its default-gateway

  • in router #1 a static route must be added for net 10.0.3.0/24 with next-hop 10.0.2.2 (send pakets over lan#2)
    • ip route add 10.0.3.0/24 via 10.0.2.2
  • in router #2 a static route must be added for net 10.0.1.0/24 with next-hop 10.0.2.1 (send pakets over lan#1)
    • ip route add 10.0.1.0/24 via 10.0.2.1

example for net 192.168.50.x behind router with ip 192.168.0.10

ip route add 192.168.50.0/24 via 192.168.0.10

DNS

/etc/resolv.conf

Netbridge

if 2 or more lan-ports should use same network-segment (configure only 1 IP-address for “LAN”), you can bridge ports together.

apt-get install bridge-utils

/etc/network/interfaces:

auto br0
iface br0 inet static
  address 192.168.40.1
  netmask 255.255.255.0
  bridge_ports lan1 lan2
  bridge_fd 5
  bridge_stp no

VLAN

/etc/network/interfaces:

auto lan3.60
iface lan3.60 inet static
  address 192.168.60.10
  netmask 255.255.255.0

Firewall (iptables)

Monitoring

sudo tcpdump -i eth0 port not 22 > tcpdump.log

Discussion

en/bpi-r2/network/start.txt · Last modified: 2018/11/25 17:32 by frank