summaryrefslogtreecommitdiff
path: root/INSTALL.md
blob: 3d3830ab273310004edc08ae5aa3bc39098d4b28 (plain) 
Gateway box


This documents initially setting up an internet gateway for Couchdesign
for these gateways:


"perilin.jones.dk" locally at "192.168.222.1".


"graograman.jones.dk" locally at "192.168.222.2".


Install and initially setup system


Follow the guide at http://box.redpill.dk/ to install image from there.


Run "box-add-tui" to have terminal user-interface (TUI) tools like Midnight Commander.


Run "box-add-gateway" to have DHCP service and network routing setup.


Adapt gateway settings to local network


Edit file /etc/systemd/network/10-eth0.network;
locate this (likely last) line:
DHCP=yes
replacing the line to set fixed address in a /24 subnet,
like this (adapt address to match this system):
Address=192.168.222.2/24


Edit file /etc/dhcp/dhcpd.conf;
locate the (likely almost last) long line starting like this:
subnet 192.168.101.0 ...
add similar line below but with all mentions of network changed to "192.168.222"
and router changed to the address of this system,
like this (adapt address to match this system):
subnet 192.168.222.0 netmask 255.255.255.0 { range 192.168.222.50 192.168.222.250; option routers 192.168.222.2; }


Edit file /etc/default/isc-dhcp-server;
locate this (likely almost last) line:
INTERFACESv4=""
add builtin network interface like this:
INTERFACESv4="eth0"


Install and setup firewall service


Install package firewalld:


apt install firewalld



Adapt firewalld to match our network topology
(press the actual [TAB] key where mentioned, to autocomplete):


firewall-cmd --set-default-zone=external
firewall-cmd --add-interface=en[TAB]
firewall-cmd --add-service=dhcpv6-client
firewall-cmd --add-service=mosh
firewall-cmd --zone=internal --remove-service=samba-client
firewall-cmd --zone=internal --remove-service=dhcpv6-client
firewall-cmd --zone=internal --add-interface=eth0
firewall-cmd --zone=internal --add-service=dhcp
firewall-cmd --zone=internal --add-service=dhcpv6
firewall-cmd --zone=internal --add-service=dns
firewall-cmd --add-forward-port=proto=tcp:toaddr=192.168.222.250:port=80
firewall-cmd --add-forward-port=proto=tcp:toaddr=192.168.222.250:port=443
firewall-cmd --runtime-to-permanent



Edit file /etc/firewalld/firewalld.conf;
locate this (likely almost last) line:
FirewallBackend=iptables
changing the line to use backend "nftables", like this:
FirewallBackend=nftables


Edit file /etc/systemd/network/10-eth0.network;
locate in section [Network] these options
IPMasquerade=yes
IPForward=yes
Remove both options if they exist (handled by firewalld now).


reboot the system.
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-20 06:11:29 +0000