Difference between revisions of "Novena Dogfood Setup"

From Studio Kousagi Wiki
Jump to: navigation, search
(Network Setup)
(DHCP server)
 
(2 intermediate revisions by the same user not shown)
Line 6: Line 6:
 
  apt-get install bridge-utils
 
  apt-get install bridge-utils
  
Add a file under /etc/network/interfaces.d/ called eth1:
+
Replace /etc/network/interfaces with the following:
  
  auto eth1
+
  auto br0 eth1 lo
 +
 +
iface lo inet loopback
 +
 
  iface eth1 inet static
 
  iface eth1 inet static
        address 210.23.25.254
+
        address 210.23.25.254
        gateway 210.23.25.253
+
        gateway 210.23.25.253
        netmask 255.255.255.252
+
        network 210.23.25.252
 +
        netmask 255.255.255.252
 +
        dns-nameserver 210.23.4.6
 +
        dns-nameserver 210.23.1.3
 +
 +
iface br0 inet static
 +
        bridge_ports wlan0 eth0
 +
        address 10.0.49.1
 +
        network 10.0.49.0
 +
        netmask 255.255.255.0
 +
        up /sbin/ifconfig br0 up
 +
        down /sbin/ifconfig br0 down
 +
 +
iface eth0 inet static
 +
 +
iface wlan0 inet static
 +
 
 +
Add the following to /etc/resolv.conf:
 +
 
 +
nameserver 210.23.4.6
 +
nameserver 210.23.1.3
 +
 
 +
Create a file called /etc/iptables.up.rules:
 +
 
 +
*raw
 +
:PREROUTING ACCEPT [7778:649264]
 +
:OUTPUT ACCEPT [8166:10358462]
 +
COMMIT
 +
# Completed on Tue May 27 08:14:31 2014
 +
# Generated by iptables-save v1.4.21 on Tue May 27 08:14:31 2014
 +
*nat
 +
:PREROUTING ACCEPT [1139:92224]
 +
:INPUT ACCEPT [34:1862]
 +
:OUTPUT ACCEPT [3:428]
 +
:POSTROUTING ACCEPT [0:0]
 +
-A POSTROUTING -j MASQUERADE
 +
COMMIT
 +
# Completed on Tue May 27 08:14:31 2014
 +
# Generated by iptables-save v1.4.21 on Tue May 27 08:14:31 2014
 +
*mangle
 +
:PREROUTING ACCEPT [7778:649264]
 +
:INPUT ACCEPT [6457:408198]
 +
:FORWARD ACCEPT [1251:238839]
 +
:OUTPUT ACCEPT [8166:10358462]
 +
:POSTROUTING ACCEPT [9417:10597301]
 +
COMMIT
 +
# Completed on Tue May 27 08:14:31 2014
 +
# Generated by iptables-save v1.4.21 on Tue May 27 08:14:31 2014
 +
*filter
 +
:INPUT ACCEPT [527:36345]
 +
:FORWARD ACCEPT [341:42451]
 +
:OUTPUT ACCEPT [614:811000]
 +
-A INPUT -p udp -m udp --dport 53 -j DROP
 +
-A FORWARD -i br0 -o eth1 -m conntrack --ctstate NEW -j ACCEPT
 +
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 +
COMMIT
 +
# Completed on Tue May 27 08:14:31 2014
 +
 
 +
Create /etc/network/if-pre-up.d/iptables:
 +
#!/bin/sh
 +
/sbin/iptables-restore < /etc/iptables.up.rules
 +
 
 +
Mark it as executable:
 +
 
 +
chmod a+x /etc/network/if-pre-up.d/iptables
 +
 
 +
Create /etc/sysctl.d/local.conf:
  
Add a file under /etc/network/interfaces.d/ called bro:
+
  net.ipv4.ip_forward=1
auto br0
 
  iface br0 inet static
 
bridge_ports wlan0 eth0
 
        address 10.0.49.1
 
        gateway 10.0.49.1
 
        network 10.0.49.0
 
        netmask 255.255.255.0
 
  
 
==DHCP server==
 
==DHCP server==
Line 31: Line 93:
  
 
  INTERFACES="br0"
 
  INTERFACES="br0"
 +
 +
Configure /etc/dhcp/dhcpd.conf:
 +
 +
ddns-update-style none;
 +
 +
option domain-name "bunniefoo.com";
 +
option domain-name-servers 210.23.4.6, 210.23.1.3;
 +
 +
default-lease-time 600;
 +
max-lease-time 7200;
 +
 +
authoritative;
 +
 +
subnet 10.0.49.0 netmask 255.255.255.0 {
 +
  range 10.0.49.100 10.0.49.200;
 +
  option routers 10.0.49.1;
 +
}
 +
 +
==Wifi Host==
 +
Install hostapd:
 +
 +
apt-get install hostapd
 +
 +
Add the configuration file /etc/hostapd/hostapd.conf:
 +
 +
interface=wlan0
 +
bridge=br0
 +
driver=nl80211
 +
country_code=SG
 +
channel=2
 +
 +
ssid=bunniefoo
 +
wpa_passphrase=xxx
 +
 +
# These four, combined, enable 802.11n
 +
hw_mode=g
 +
ieee80211n=1
 +
wmm_enabled=1
 +
ht_capab=[HT40][SHORT-GI-40][RX-STBC1]
 +
 +
# Static WPA2 key configuration
 +
#1=wpa1, 2=wpa2, 3=both
 +
wpa=2
 +
 +
# Encrypton
 +
wpa_key_mgmt=WPA-PSK
 +
rsn_pairwise=CCMP
 +
auth_algs=3
 +
macaddr_acl=0
 +
ignore_broadcast_ssid=0
 +
 +
# Needed for Windows clients
 +
eapol_key_index_workaround=0
 +
 +
Enable it by setting the config file in /etc/default/hostapd:
 +
 +
DAEMON_CONF="/etc/hostapd/hostapd.conf"

Latest revision as of 08:50, 27 May 2014

Novena is now running, serving bunniefoo.com. This is what we had to do to configure it. The board is running Debian Jessie.

Network Setup

Install required packages:

apt-get install bridge-utils

Replace /etc/network/interfaces with the following:

auto br0 eth1 lo

iface lo inet loopback

iface eth1 inet static
        address 210.23.25.254
        gateway 210.23.25.253
        network 210.23.25.252
        netmask 255.255.255.252
        dns-nameserver 210.23.4.6
        dns-nameserver 210.23.1.3

iface br0 inet static
        bridge_ports wlan0 eth0
        address 10.0.49.1
        network 10.0.49.0
        netmask 255.255.255.0
        up /sbin/ifconfig br0 up
        down /sbin/ifconfig br0 down

iface eth0 inet static

iface wlan0 inet static

Add the following to /etc/resolv.conf:

nameserver 210.23.4.6
nameserver 210.23.1.3 

Create a file called /etc/iptables.up.rules:

*raw
:PREROUTING ACCEPT [7778:649264]
:OUTPUT ACCEPT [8166:10358462]
COMMIT
# Completed on Tue May 27 08:14:31 2014
# Generated by iptables-save v1.4.21 on Tue May 27 08:14:31 2014
*nat
:PREROUTING ACCEPT [1139:92224]
:INPUT ACCEPT [34:1862]
:OUTPUT ACCEPT [3:428]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Tue May 27 08:14:31 2014
# Generated by iptables-save v1.4.21 on Tue May 27 08:14:31 2014
*mangle
:PREROUTING ACCEPT [7778:649264]
:INPUT ACCEPT [6457:408198]
:FORWARD ACCEPT [1251:238839]
:OUTPUT ACCEPT [8166:10358462]
:POSTROUTING ACCEPT [9417:10597301]
COMMIT
# Completed on Tue May 27 08:14:31 2014
# Generated by iptables-save v1.4.21 on Tue May 27 08:14:31 2014
*filter
:INPUT ACCEPT [527:36345]
:FORWARD ACCEPT [341:42451]
:OUTPUT ACCEPT [614:811000]
-A INPUT -p udp -m udp --dport 53 -j DROP
-A FORWARD -i br0 -o eth1 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Tue May 27 08:14:31 2014

Create /etc/network/if-pre-up.d/iptables:

#!/bin/sh
/sbin/iptables-restore < /etc/iptables.up.rules

Mark it as executable:

chmod a+x /etc/network/if-pre-up.d/iptables

Create /etc/sysctl.d/local.conf:

net.ipv4.ip_forward=1

DHCP server

Install ISC DHCP server:

apt-get install isc-dhcp-server

Edit /etc/default/isc-dhcp-server and set it to only start up on br0:

INTERFACES="br0"

Configure /etc/dhcp/dhcpd.conf:

ddns-update-style none;

option domain-name "bunniefoo.com";
option domain-name-servers 210.23.4.6, 210.23.1.3;

default-lease-time 600;
max-lease-time 7200;

authoritative;

subnet 10.0.49.0 netmask 255.255.255.0 {
  range 10.0.49.100 10.0.49.200;
  option routers 10.0.49.1;
}

Wifi Host

Install hostapd:

apt-get install hostapd

Add the configuration file /etc/hostapd/hostapd.conf:

interface=wlan0
bridge=br0
driver=nl80211
country_code=SG
channel=2

ssid=bunniefoo
wpa_passphrase=xxx

# These four, combined, enable 802.11n
hw_mode=g
ieee80211n=1
wmm_enabled=1
ht_capab=[HT40][SHORT-GI-40][RX-STBC1]

# Static WPA2 key configuration
#1=wpa1, 2=wpa2, 3=both
wpa=2

# Encrypton
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
auth_algs=3
macaddr_acl=0
ignore_broadcast_ssid=0

# Needed for Windows clients
eapol_key_index_workaround=0

Enable it by setting the config file in /etc/default/hostapd:

DAEMON_CONF="/etc/hostapd/hostapd.conf"