Novena Dogfood Setup

Novena is now running, serving bunniefoo.com. This is what we had to do to configure it. The board is running Debian Jessie.

Network Setup

Install required packages:

apt-get install bridge-utils

Replace /etc/network/interfaces with the following:

auto br0 eth1 lo

iface lo inet loopback

iface eth1 inet static
        address 210.23.25.254
        gateway 210.23.25.253
        network 210.23.25.252
        netmask 255.255.255.252
        dns-nameserver 210.23.4.6
        dns-nameserver 210.23.1.3

iface br0 inet static
        bridge_ports wlan0 eth0
        address 10.0.49.1
        network 10.0.49.0
        netmask 255.255.255.0
        up /sbin/ifconfig br0 up
        down /sbin/ifconfig br0 down

iface eth0 inet static

iface wlan0 inet static

Add the following to /etc/resolv.conf:

nameserver 210.23.4.6
nameserver 210.23.1.3 

Create a file called /etc/iptables.up.rules:

*raw
:PREROUTING ACCEPT [7778:649264]
:OUTPUT ACCEPT [8166:10358462]
COMMIT
# Completed on Tue May 27 08:14:31 2014
# Generated by iptables-save v1.4.21 on Tue May 27 08:14:31 2014
*nat
:PREROUTING ACCEPT [1139:92224]
:INPUT ACCEPT [34:1862]
:OUTPUT ACCEPT [3:428]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Tue May 27 08:14:31 2014
# Generated by iptables-save v1.4.21 on Tue May 27 08:14:31 2014
*mangle
:PREROUTING ACCEPT [7778:649264]
:INPUT ACCEPT [6457:408198]
:FORWARD ACCEPT [1251:238839]
:OUTPUT ACCEPT [8166:10358462]
:POSTROUTING ACCEPT [9417:10597301]
COMMIT
# Completed on Tue May 27 08:14:31 2014
# Generated by iptables-save v1.4.21 on Tue May 27 08:14:31 2014
*filter
:INPUT ACCEPT [527:36345]
:FORWARD ACCEPT [341:42451]
:OUTPUT ACCEPT [614:811000]
-A INPUT -p udp -m udp --dport 53 -j DROP
-A FORWARD -i br0 -o eth1 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Tue May 27 08:14:31 2014

Create /etc/network/if-pre-up.d/iptables:

#!/bin/sh
/sbin/iptables-restore < /etc/iptables.up.rules

DHCP server

Install ISC DHCP server:

apt-get install isc-dhcp-server

Edit /etc/default/isc-dhcp-server and set it to only start up on br0:

INTERFACES="br0"