Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

linux router with external nic and bridged internal nic + wi

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
x0rg
Posts: 1
Joined: 2017-04-01 11:09

linux router with external nic and bridged internal nic + wi

#1 Post by x0rg »

Hello all,

I’m having issues with the following…

My goal is to have a linux-based router set up as follows (not unlike what cheap commercial routers do)

eth1 --> internet

eth0 and wlan0 bridge --> br0 --> (w)lan

The problem is however that after 5 to 10 minutes the wired clients get cut off and the router no longer responds to dhcp requests from the wired clients either. The wireless clients have no problem whatsoever though they retain internet access and new wireless clients can be connected...

For the 5 to 10 minutes that it works – isc-dhcp-server is giving out IP addresses on br0 perfectly to both wired and wireless clients in the same network range.

I can of course set up both eth0 and wlan0 as separate networks and have isc-dhcp-server issue different IP’s on both networks, but that isn’t the goal here.

Relevant files (I believe):

/etc/network/interfaces:

Code: Select all

auto lo
iface lo inet loopback

auto eth1
iface eth1 inet dhcp

allow-hotplug eth0
iface eth0 inet manual

allow-hotplug wlan0
iface wlan0 inet manual

auto br0
iface br0 inet static
     address 192.168.100.1
     network 192.168.100.0
     netmask 255.255.255.0
     broadcast 192.168.100.255
     bridge_ports eth0 wlan0
     bridge_fd 9
     bridge_hello 2
     bridge_maxage 12
     bridge_stp off
test firewall rules:

Code: Select all

LAN=”br0”
LAN_NET=”192.168.100.1”

WAN=”eth1”

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

iptables -A FORWARD -i $WAN -o $LAN -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

iptables -A INPUT -i $LAN -s $LAN_NET -j ACCEPT
iptables -A OUTPUT -o $LAN -d $LAN_NET -j ACCEPT
iptables -A FORWARD -i $LAN -o $LAN -j ACCEPT

iptables -A INPUT -i $WAN -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $WAN -j ACCEPT

iptables -t nat -A POSTROUTING -s $LAN_NET -o $WAN -j MASQUERADE
test settings /etc/sysct.conf (uncommented section)

Code: Select all

net.ipv4.tcp_syncookies=1
net.ipv4.ip_forward=1
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.all.log_martians = 1
What am I missing...? (ebtables perhaps...?)

(OS Raspbian Jessie with dhcpcd disabled and isc-dhcp-server, bind9, hostapd and netfilter-persistent installed)

(System: Raspberry Pi 3b with an external USB ethernet adapter (eth1) for internet access and eth0 and wlan0 bridged as br0)

Post Reply