Talk:Home router
Before creating a discussion or leaving a comment, please read about using talk pages. To create a new discussion, click here. Comments on an existing discussion should be signed using
~~~~
:
A comment [[User:Larry|Larry]] 13:52, 13 May 2024 (UTC) : A reply [[User:Sally|Sally]] 05:52, 5 November 2024 (UTC) :: Your reply ~~~~
NAT and PPPoE
I encounter problems with the NAT and PPPoE, some request responses never finished or loaded endless.
My solution was to fix the MTU with following rule:
root # iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
just before:
root # iptables -I FORWARD -i ${LAN} -d 192.168.0.0/255.255.0.0 -j DROP
root # iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 -j ACCEPT
root # iptables -A FORWARD -i ${WAN} -d 192.168.0.0/255.255.0.0 -j ACCEPT
root # iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE
— The preceding unsigned comment was added by S34 (talk • contribs) 05:51, 9 May 2014
Update supported kernels
This guide only supports ancient Linux kernels (2.4/2.6): "Router is running Linux 2.4 or 2.6; other versions of the kernel are not supported by this guide"
Someone with appropriate knowledge (not me, unfortunately...) should update the guide and use the latest kernels available.
--Fturco (talk) 09:59, 21 March 2017 (UTC)
- I will work on updating it. Should not be too bad, there are not very many options in this article. --Maffblaster (talk) 00:30, 15 April 2017 (UTC)
Basic router setup script
While reading this guide I decided to put the fundamental parts in a bash script. In case it is useful to someone I post it below. Note: this script misses several things, most notably the hostapd configuration in case a WLAN interface is used. It makes several assumptions regarding networks. Also, my knowledge of Gentoo and OpenRC is not exhaustive.
#!/bin/bash
set -e # Stop execution when any command fails
### Change as needed
NET_CONFIG="1" # Whether to apply any network interface configuration at all
LAN="wlp2s0b1"
WLAN="1" # Indicates if LAN interface is wireless
LAN_IP_PREFIX="192.168.202"
LAN_NET="${LAN_IP_PREFIX}.0/24"
WAN="enp1s0"
WAN_IP_PREFIX="192.168.5"
CONFIG_WAN="0" # Whether WAN should be configured or not
RESOLV="/etc/resolv.conf"
function net_config {
if [[ ${CONFIG_WAN} == "1" ]]; then
# Assuming 255.255.255.0 subnet for WAN + static IP
# WAN interface configuration + DNS (in case it has not been configured yet)
cat >> /etc/conf.d/net.${WAN} <<EOF
config_${WAN}="${WAN_IP_PREFIX}.2/24"
routes_${WAN}="default via ${WAN_IP_PREFIX}.1"
EOF
fi
if [[ $(cat $RESOLV | grep "${WAN_IP_PREFIX}.1") == "" ]]; then
echo "nameserver ${WAN_IP_PREFIX}.1" >> ${RESOLV}
fi
# LAN interface config
if [[ $WLAN == "1" ]]; then
# Disable WLAN client modules
echo "modules_${LAN}='!iwconfig !wpa_supplicant'" >> /etc/conf.d/net.${LAN}
fi
echo "config_${LAN}=\"${LAN_NET}\"" >> /etc/conf.d/net.${LAN}
# Set OpenRC init scripts of network interfaces to depend on iptables initscript
echo 'rc_need="iptables"' >> /etc/conf.d/net.${LAN}
echo 'rc_need="iptables"' >> /etc/conf.d/net.${WAN}
}
if [[ $NET_CONFIG == "1" ]]; then net_config; fi
## Packages
# Install necessary packages and start on boot
pkgs="dnsmasq net-misc/dhcpcd iptables"
if [[ $WLAN == "1" ]]; then pkgs="${pkgs} hostapd"; fi
emerge --ask -n ${pkgs}
rc-update add dnsmasq default
rc-update add iptables default
if [[ $WLAN == "1" ]]; then rc-update add hostapd default; fi
# dnsmasq config
mv /etc/dnsmasq.conf /etc/dnsmaq.conf.bak_$(date -I)
cat > /etc/dnsmasq.conf <<EOF
dhcp-range=${LAN},${LAN_IP_PREFIX}.100,${LAN_IP_PREFIX}.250,180d
interface=${LAN}
EOF
## iptables
# Flush tables
iptables -F
iptables -t nat -F
# Set default policy
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
# LAN services
iptables -I INPUT 1 -i ${LAN} -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -p UDP --dport bootps ! -i ${LAN} -j REJECT
iptables -A INPUT -p UDP --dport domain ! -i ${LAN} -j REJECT
# Allow SSH access from WAN
iptables -A INPUT -p TCP --dport ssh -i ${WAN} -j ACCEPT
# Drop packets to privileged ports (up to 1024)
iptables -A INPUT -p TCP ! -i ${LAN} -d 0/0 --dport 0:1023 -j DROP
iptables -A INPUT -p UDP ! -i ${LAN} -d 0/0 --dport 0:1023 -j DROP
# NAT rules
iptables -I FORWARD -i ${LAN} -d ${LAN_NET} -j DROP
iptables -A FORWARD -i ${LAN} -s ${LAN_NET} -j ACCEPT
iptables -A FORWARD -i ${WAN} -d ${LAN_NET} -j ACCEPT
iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE
# Enable routing in kernel
echo 1 > /proc/sys/net/ipv4/ip_forward
for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done
# Save config
/etc/init.d/iptables save
if [[ $(cat /etc/sysctl.conf | grep 'net.ipv4.ip_forward = 1') == "" ]]; then
cat >> /etc/sysctl.conf <<EOF
# Necessary for IP routing
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
EOF
fi
echo "Finished."
— The preceding unsigned comment was added by Realimp (talk • contribs) 16:48, 24 March 2018
Notes on rtl8723be
There are two problems i encountered this driver:
- bad signal
- arping working but not ping
Both were solved with a 4.9
kernel, instead of 4.14
or 4.19
and the two options:
# The best ant_sel value was different to some kernels.
# -
options rtl8723be ant_sel=1 disable_watchdog=1
Note: The second error was systemic, occuring after a reboot or a long idle time (no clients).
--Daemon (talk) 04:26, 14 January 2019 (UTC)
Page update/overhaul
It might be worth updating/overhauling this page, specifically
- Kernels 2.4 and 2.6 are long outdated/gone
- systemd setup for those interested
- Swap DNSMASq for ISC DHCP and [BIND] as they're a bit more full-featured
- Swap out IPtables for NFtables perhaps?
- Add some more "router-like" functionality like UPnP
- Maybe VPN using Wireguard or OpenVPN?
If nobody wants to tackle this, I'd be happy to do it when I have some time free to replace my existing router (PFsense)
--Intelminer (talk) 18:18, 11 July 2019 (UTC)
- You will probably be the only one with time to update the page. We all volunteer our time, so we can only update what we're currently interested or able to do. Feel free to update the article anytime! Kind regards, --Maffblaster (talk) 22:23, 11 July 2019 (UTC)