linux router with external nic and bridged internal nic + wi

Kernels & Hardware, configuring network, installing services

linux router with external nic and bridged internal nic + wi

Postby x0rg » 2017-04-01 11:14

Hello all,

I’m having issues with the following…

My goal is to have a linux-based router set up as follows (not unlike what cheap commercial routers do)

eth1 --> internet

eth0 and wlan0 bridge --> br0 --> (w)lan

The problem is however that after 5 to 10 minutes the wired clients get cut off and the router no longer responds to dhcp requests from the wired clients either. The wireless clients have no problem whatsoever though they retain internet access and new wireless clients can be connected...

For the 5 to 10 minutes that it works – isc-dhcp-server is giving out IP addresses on br0 perfectly to both wired and wireless clients in the same network range.

I can of course set up both eth0 and wlan0 as separate networks and have isc-dhcp-server issue different IP’s on both networks, but that isn’t the goal here.

Relevant files (I believe):

/etc/network/interfaces:

Code: Select all
auto lo
iface lo inet loopback

auto eth1
iface eth1 inet dhcp

allow-hotplug eth0
iface eth0 inet manual

allow-hotplug wlan0
iface wlan0 inet manual

auto br0
iface br0 inet static
     address 192.168.100.1
     network 192.168.100.0
     netmask 255.255.255.0
     broadcast 192.168.100.255
     bridge_ports eth0 wlan0
     bridge_fd 9
     bridge_hello 2
     bridge_maxage 12
     bridge_stp off


test firewall rules:

Code: Select all
LAN=”br0”
LAN_NET=”192.168.100.1”

WAN=”eth1”

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

iptables -A FORWARD -i $WAN -o $LAN -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

iptables -A INPUT -i $LAN -s $LAN_NET -j ACCEPT
iptables -A OUTPUT -o $LAN -d $LAN_NET -j ACCEPT
iptables -A FORWARD -i $LAN -o $LAN -j ACCEPT

iptables -A INPUT -i $WAN -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $WAN -j ACCEPT

iptables -t nat -A POSTROUTING -s $LAN_NET -o $WAN -j MASQUERADE


test settings /etc/sysct.conf (uncommented section)

Code: Select all
net.ipv4.tcp_syncookies=1
net.ipv4.ip_forward=1
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.all.log_martians = 1


What am I missing...? (ebtables perhaps...?)

(OS Raspbian Jessie with dhcpcd disabled and isc-dhcp-server, bind9, hostapd and netfilter-persistent installed)

(System: Raspberry Pi 3b with an external USB ethernet adapter (eth1) for internet access and eth0 and wlan0 bridged as br0)
x0rg
 
Posts: 1
Joined: 2017-04-01 11:09

Return to System configuration

Who is online

Users browsing this forum: No registered users and 9 guests

fashionable