I’m having issues with the following…
My goal is to have a linux-based router set up as follows (not unlike what cheap commercial routers do)
eth1 --> internet
eth0 and wlan0 bridge --> br0 --> (w)lan
The problem is however that after 5 to 10 minutes the wired clients get cut off and the router no longer responds to dhcp requests from the wired clients either. The wireless clients have no problem whatsoever though they retain internet access and new wireless clients can be connected...
For the 5 to 10 minutes that it works – isc-dhcp-server is giving out IP addresses on br0 perfectly to both wired and wireless clients in the same network range.
I can of course set up both eth0 and wlan0 as separate networks and have isc-dhcp-server issue different IP’s on both networks, but that isn’t the goal here.
Relevant files (I believe):
/etc/network/interfaces:
Code: Select all
auto lo
iface lo inet loopback
auto eth1
iface eth1 inet dhcp
allow-hotplug eth0
iface eth0 inet manual
allow-hotplug wlan0
iface wlan0 inet manual
auto br0
iface br0 inet static
address 192.168.100.1
network 192.168.100.0
netmask 255.255.255.0
broadcast 192.168.100.255
bridge_ports eth0 wlan0
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off
Code: Select all
LAN=”br0”
LAN_NET=”192.168.100.1”
WAN=”eth1”
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -A FORWARD -i $WAN -o $LAN -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i $LAN -s $LAN_NET -j ACCEPT
iptables -A OUTPUT -o $LAN -d $LAN_NET -j ACCEPT
iptables -A FORWARD -i $LAN -o $LAN -j ACCEPT
iptables -A INPUT -i $WAN -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $WAN -j ACCEPT
iptables -t nat -A POSTROUTING -s $LAN_NET -o $WAN -j MASQUERADE
Code: Select all
net.ipv4.tcp_syncookies=1
net.ipv4.ip_forward=1
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.all.log_martians = 1
(OS Raspbian Jessie with dhcpcd disabled and isc-dhcp-server, bind9, hostapd and netfilter-persistent installed)
(System: Raspberry Pi 3b with an external USB ethernet adapter (eth1) for internet access and eth0 and wlan0 bridged as br0)