im currently try to use an pi as monitoring system which requires a connection to the local ethernet. Now i also want to use the same pi as wifi ap. But all configuration examples i've found for pi bridging ethernet and wifi so the pi itself cannot access the ethernet anymore.
Currently the configuration looks like this
auto lo
iface lo inet loopback
auto eth0
allow-hotplug eth0
iface eth0 inet dhcp
auto wlan0
allow-hotplug wlan0
iface wlan0 inet manual
wireless-power off
If i bridge the networks (and rpi works as intended as a wifi ap) the configuration looks like this
auto lo
iface lo inet loopback
auto eth0
allow-hotplug eth0
iface eth0 inet manual
auto wlan0
allow-hotplug wlan0
iface wlan0 inet manual
wireless-power off
auto br0
iface br0 inet static
address 192.168.1.11
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
bridge-ports eth0 wlan0
bridge-waitport 5
bridge-stp off
bridge-fd 0
So the question is how to combine both configurations so that the pi has also access to the same (bridged) network?
For topology something like this, the configuration is this.
________________________________________
| RPi |
Internet --- WLAN(WiFi) (Ethernet Ports)LAN ----- Devices
|________________________________________|
Based on Milinds comment i reversed a solution from the post:
First, install the following packages:
apt-get update && apt-get -y install hostapd hostap-utils iw bridge-utils dnsmasq
add to /boot/cmdline.txt:
[...] net.ifnames=0 [...]
replace /etc/network/interfaces:
auto lo
iface lo inet loopback
auto eth0
allow-hotplug eth0
iface eth0 inet dhcp
auto wlan0
allow-hotplug wlan0
iface wlan0 inet static
wireless-power off
address 192.168.2.1
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
create /etc/hostapd/hostapd.conf:
ctrl_interface=/var/run/hostapd
macaddr_acl=0 auth_algs=1
driver=nl80211
interface=wlan0
hw_mode=g
ieee80211n=1
channel=1
ssid=REPLACE_WITH_YOUR_SSID
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=1
wpa=3
wpa_passphrase=REPLACE_WITH_YOUR_PASSPHRASE
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
replace /etc/dnsmasq.conf:
interface=wlan0
listen-address=192.168.2.1
bind-interfaces
server=8.8.8.8
domain-needed
bogus-priv
dhcp-range=192.168.2.2,192.168.2.100,12h
uncomment in /etc/sysctl.conf:
[...]
net.ipv4.ip_forward=1
[...]
Run now the following commands for iptable routing:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
Enable ip table routing on startup
add to /etc/rc.local before exit 0:
[...]
iptables-restore < /etc/iptables.ipv4.nat
[...]
Finally reboot and the pi should works as intended as wifi ap sharing internet from ethernet port.
Related
I installed Ubuntu 16.04 Server on a machine with 4 network cards. I have interfaces eth0 and eth1 connected to the same switch. The interface eth0 is meant for the remote SSH connection to manage the server. I want to use eth1 to be bridged by br0. This bridge I want to use for LXC containers. This setup in a DHCP environment did not cause me any problems. The challenge is that the network this server is installed in is fully static. I received an IP range for this server with same subnet mask and gateway.
Setting up eth0 was no problem:
auto eth0
iface eth0 inet static
address 195.x.x.2
network 195.x.x.0
netmask 255.255.255.0
gateway 195.x.x.1
broadcast 195.x.x.255
dns-nameservers 150.x.x.105 150.x.x.106
The problem comes with the second interface eth1, because it has the same gateway as eth0 Ubuntu warns that only one default gateway can be set (which is logical). Therefor I had set eth1 as follows:
auto eth1
iface eth1 net static
address 195.x.x.3
network 195.x.x.0
netmask 255.255.255.0
broadcast 195.x.x.255
Problem with this setup is that I can externally ping eth0 at IP 195.x.x.2 but eth1 cannot be pinged or accessed via SSH. I managed to make it work with a lot of routing trickery but as many articles write on this that this way is a hole which gets deeper if you have static bridge and containers for this.
My question is: Does anyone has a straight forward approach for my issue? How should I configure eth0 and eth1 to normally bridge the containers to eth1 with static IP numbers?
Ok I solved it in the following manner, by still proceeding with the gateway routing solution as described in the question. Maybe people with the same issue could use this approach as well or if somebody knows a better solution feel free to comment.
On the host:
I enabled ARP filtering:
sysctl -w net.ip4.conf.all.arp_filter=1
echo "net.ipv4.conf.all.arp_filter = 1" >> /etc/sysctl.conf
Configured the /etc/network/interfaces:
auto lo
iface lo net loopback
# The primary network interface
auto etc0
iface eth0 inet static
address 195.x.x.2
network 195.x.x.0
netmask 255.255.255.0
gateway 195.x.x.1
broadcast 195.x.x.255
up ip route add 195.x.x.0/24 dev eth0 src 195.x.x.2 table eth0table
up ip route add default via 195.x.x.1 dev eth0 table eth0table
up ip rule add from 195.x.x.2 table eth0table
up ip route add 195.x.x.0/24 dev eth0 src 195.0.0.2
dns-nameservers 150.x.x.105 150.x.x.106
# The secondary network interface
auto eth1
iface eth1 net manual
# LXC bridge interface
auto br0
iface br0 inet static
address 195.x.x.3
network 195.x.x.0
netmask 255.255.255.0
bridge_ifaces eth1
bridge_ports eth1
bridge_stp off
bridge_fd 0
bridge_maxwait 0
up ip route add 195.x.x.0/24 dev br0 src 195.x.x.3 table br0table
up ip route add default via 195.x.x.1 dev br0 table br0table
up ip rule add from 195.x.x.3 table br0table
up ip route add 195.x.x.0/24 dev br0 src 195.0.0.3
Added the following lines to /etc/iproute2/rt_tables:
...
10 et0table
20 br0table
At the container config file (/var/lib/lxc/[container name]/config):
...
lxc.network.type = vets
lxc.network.link = br0
lxc.network.flags = up
lxc.network.hwadr = [auto create when bringing up container]
lxc.network.ipv4 = 195.x.x.4/24
lxc.network.ipv4.gateway = 195.x.x.1
lxc.network.veth.pair = [readable server name] (when using ifconfig)
lxc.start.auto = 0 (1 if you want the server to autostart)
lxc.start.delay = 0 (fill in seconds you want the container to wait before start)
I tested it by enabling apache2 on the container and accessed the webpage from outside the network. Hope it helps anybody who bumps into the same challenge I did.
PS: Do not forget if you choose to have the container's config file to assign the IP, that you disable it in the interface file of the container itself.
auto lo
iface lo inet loopback
auto eth0
iface eth0 net manual
I need some help to configure the network for my KVM. My Hostingprovider is OVH, and since they are a bit different, I'm in need of help.
My old Network-Interfaces File:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 94.23.209.170
netmask 255.255.255.0
network 94.23.209.0
broadcast 94.23.209.255
gateway 94.23.209.254
auto br0
iface br0 inet static
address 91.134.173.185
netmask 255.255.255.0
broadcast 91.134.173.185
bridge_ports eth0
bridge_stp off
bridge_fd 0
bridge_maxwait 0
dns-nameservers 8.8.8.8
iface eth0 inet6 static
address 2001:41d0:0002:54aa::
netmask 64
dns-nameservers 2001:41d0:3:163::1
post-up /sbin/ip -family inet6 route add 2001:41d0:0002:54ff:ff:ff:ff:ff dev eth0
post-up /sbin/ip -family inet6 route add default via 2001:41d0:0002:54ff:ff:ff:ff:ff
pre-down /sbin/ip -family inet6 route del default via 2001:41d0:0002:54ff:ff:ff:ff:ff
pre-down /sbin/ip -family inet6 route del 2001:41d0:0002:54ff:ff:ff:ff:ff dev eth0
I had to go into the resecue mode and remove the bridge, otherwise my machine wouldn't come up again. Can someone help me maybe, and tell me what I did wrong?
Thanks, and have a good day/night! :)
I had a similar problem. I just moved to OVH from Phoenix nap. I like the control panel better but their networking is a little weird. I have an IP on a /24 and I ordered a /29 for whm/cpanel and some other virtual machines.
My config to get the host functional:
auto eth0
iface eth0 inet manual
address 111.222.333.145
netmask 255.255.255.0
network 111.222.333.0
broadcast 111.222.333.255
gateway 111.222.333.254
auto br0
iface br0 inet static
address 111.222.333.145
netmask 255.255.255.0
network 111.222.333.0
broadcast 111.222.333.255
gateway 111.222.333.254
bridge_ports eth0
bridge_stp off
bridge_fd 0
bridge_maxwait 0
dns-nameservers 213.186.33.99
NOTE: 111.222.333 is your first 3 octets. Obviously change them. the .145 was arbitrary to illustrate a host assigned to you.
Then restart the networking service.
service networking restart
Now I had to get a CentOS container for WHM/cPanel going and a few debian containers.
I'm assuming you bought a block of IPs and need to get that IP into a VM. Log into the OVH control panel, Select IP. Expand the IP block. to right you will see a gear you can click on. Create an OVH Virtual MAC. Take note of that MAC!
For CentOS the guide is correct.
In Debian it was a missing little something.
You want to edit the /etc/libvirt/qemu/autostart/YOU_VM_NAME.xml
...
<interface type='bridge'>
<mac address='YO:UR:VI:RT:MA:CA'/>
...
After saving restart the libvirtd service. Restart your debian container to pick up the new MAC and you should be good.
When installing I could not set an IP out side the range of my network. After getting virt-manager up, I logged in blew out the GW and modified the interfaces file according to the guide:
Don't need to change your host network config.
You need a Failover IP (create in OVH Panel). Then, assign a Virtual MAC for it.
In your dedicated server:
virsh net-edit default
Change this way:
<network>
<name>default</name>
<uuid>...</uuid>
<bridge name='virbr0' stp='off' delay='0'/>
<mac address='...'/>
</network>
Now edit the VM:
virsh edit myvmname
and set (change "eno1" to your network card name, like "eth0" or "ens0p0" etc):
<interface type='direct'>
<mac address='--VIRTUAL MAC CREATED IN OVH PANEL--'/>
<source dev='eno1' mode='bridge'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
Now edit your VM network (in my example, a Debian /etc/network/interfaces and change the network name as well):
auto eno1
iface eno1 inet static
address -FAILOVER IP-
netmask 255.255.255.255
gateway -HOST GATEWAY-
broadcast -FAILOVER IP-
So, the VM will have the failover IP and use the same gateway than the host. In OVH the gateway is final .254 (or use ip r in the host).
I configured a Linux Mint 17 host O/S to install Xen as per the following guide
Xen Project Beginner's Guide
Now, after configuring the network interfaces as instructed, I rebooted the machine. I can see that the bridge has an IP assigned to it via DHCP, but I cannot connect to the internet.
I can even successfully ping to the gateway, but not any other address.
What am I doing wrong?
This is my /etc/network/interfaces file
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet manual
auto xenbr0
iface xenbr0 inet dhcp
bridge_ports eth0
In my case, I only added eth0 and eth1 interfaces into the bridge
bridge name bridge id STP enabled interfaces
br0 8000.00259e1c426c no eth0
eth1
But there was an interface called vif3.0 which has to be included into the bridge interface. So, i did this
brctl addif br0 vif3.0
Everything works fine.
I have a dedicated server that I'd like to run some VMs on using KVM.
I'm trying to set up bridge networking so the VMs can be accessed from the outside with dedicated IPs.
I tried doing this using this article, but once I bring up br0 I lose connectivity to my server over ssh (and anything else for that matter).
Here is my /etc/network/interfaces:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address 66.147.230.23
netmask 255.255.255.0
network 66.147.230.0
broadcast 66.147.230.255
gateway 66.147.230.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 208.67.222.222 208.67.220.220
dns-search samgwydir.com
# bridge
auto br0
iface br0 inet static
# address 216.120.250.44
# netmask 255.255.255.0
# network 216.120.250.0
# broadcast 216.120.250.255
# gateway 216.120.250.1
address 192.168.1.1
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.254
bridge_ports eth0
bridge_stp off
bridge_fd 0
I have commented out a failed setup that had br0 use a dedicated IP and instead tried a local IP to no avail.
don't configure the eth0, as eth0 is the bridge device (with the IP 192.168.1.1):
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet manual
# bridge
auto br0
iface br0 inet static
address 192.168.1.1
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.254
bridge_ports eth0
bridge_stp off
bridge_fd 0
you might be able to assign multiple IP addresses to br0, if you want your host to be multihomed
ISP gave me two IP configs:
10.0.1.5 / 255.255.255.0 / gw 10.0.1.1
10.0.9.8 / 255.255.255.0 / gw 10.0.9.1
I've set up Dom0 is 10.0.1.5 with bridge.
There is the config:
auto lo
iface lo inet loopback
auto eth0
auto br0
iface br0 inet static
address 10.0.1.5
netmask 255.255.255.0
gateway 10.0.1.1
bridge_ports eth0
bridge_stp no
VM config:
...
vif = [ 'type=ioemu, bridge=br0' ]
...
So, when I launch and configure my VM to 10.0.9.8 - the network is unreachable from the VM.
I know that 10.0.9.1 is connected directly via switch with my 10.0.1.5.
Any ideas?
would the following work:
ip route add default via 10.0.1.5
like was done in: https://github.com/mcclurmc/devstack/blob/xcp-toolstack/tools/xcp-toolstack/build_domU.sh