# Gateway box This documents initially setting up an internet gateway for Couchdesign for these gateways: "perilin.jones.dk" locally at "192.168.222.1". "graograman.jones.dk" locally at "192.168.222.2". ## Install and initially setup system Follow the guide at to install image from there. Run "box-add-tui" to have terminal user-interface (TUI) tools like Midnight Commander. Run "box-add-gateway" to have DHCP service and network routing setup. ## Adapt gateway settings to local network Edit file /etc/systemd/network/10-eth0.network; locate this (likely last) line: DHCP=yes replacing the line to set fixed address in a /24 subnet, like this (adapt address to match this system): Address=192.168.222.2/24 Edit file /etc/dhcp/dhcpd.conf; locate the (likely almost last) long line starting like this: subnet 192.168.101.0 ... add similar line below but with all mentions of network changed to "192.168.222" and router changed to the address of this system, like this (adapt address to match this system): subnet 192.168.222.0 netmask 255.255.255.0 { range 192.168.222.50 192.168.222.250; option routers 192.168.222.2; } Edit file /etc/default/isc-dhcp-server; locate this (likely almost last) line: INTERFACESv4="" add builtin network interface like this: INTERFACESv4="eth0" ## Install and setup firewall service Install package firewalld: apt install firewalld Adapt firewalld to match our network topology (press the actual [TAB] key where mentioned, to autocomplete): firewall-cmd --set-default-zone=external firewall-cmd --add-interface=en[TAB] firewall-cmd --add-service=dhcpv6-client firewall-cmd --add-service=mosh firewall-cmd --zone=internal --remove-service=samba-client firewall-cmd --zone=internal --remove-service=dhcpv6-client firewall-cmd --zone=internal --add-interface=eth0 firewall-cmd --zone=internal --add-service=dhcp firewall-cmd --zone=internal --add-service=dhcpv6 firewall-cmd --zone=internal --add-service=dns firewall-cmd --add-forward-port=proto=tcp:toaddr=192.168.222.250:port=80 firewall-cmd --add-forward-port=proto=tcp:toaddr=192.168.222.250:port=443 firewall-cmd --runtime-to-permanent Edit file /etc/firewalld/firewalld.conf; locate this (likely almost last) line: FirewallBackend=iptables changing the line to use backend "nftables", like this: FirewallBackend=nftables Edit file /etc/systemd/network/10-eth0.network; locate in section [Network] these options IPMasquerade=yes IPForward=yes Remove both options if they exist (handled by firewalld now). reboot the system.