Ubuntu Linux Gateway Example: Difference between revisions

From 44Net Wiki
Jump to navigation Jump to search
Njohnson (talk | contribs)
Njohnson (talk | contribs)
Line 54: Line 54:
<code><pre>sudo apt-get install isc-dhcp-server iptables iptables-persistent</pre></code>
<code><pre>sudo apt-get install isc-dhcp-server iptables iptables-persistent</pre></code>


===IP Addresses you will need===
===Obtain the IPv4 Addresses you will need===
====What is an IPv4 Address ?====
====What is an IPv4 Address ?====
An IPv4 address is a unique 32-bit binary number that is assigned to every publicly connected Internet device.
An IPv4 address is a unique 32-bit binary number that is assigned to every publicly connected Internet device.

Revision as of 03:05, 30 March 2014

The following are the steps necessary to create a general purpose gateway to AMPRNet using an Ubuntu Linux Server.

Not everyone needs a gateway!

You only need to setup a gateway if:

  • You want to access AMPRNet resources that are not accessible from the global Internet.
  • You want to provide access to AMPRNet over RF (via packet or using WiFi) and there doesn't exist such a service in your area.

Design

The basic design consists of a standard PC running Ubuntu 12.04 (LTS) and three network connections:

  1. The first connection is to your ISP so you can reach the Internet.
  2. The second connection is used to connect your normal "non-ham" devices to the Internet.
  3. The third connection is used to connect your "ham" devices so they can see and be seen by other devices on AMPRNet.

The following diagram illustrates are gateway design. (Click on the image to enlarge).

Error creating thumbnail: File missing

Prerequisites (What do I need to get started?)

Hardware you will need

I'm running my gateway on an old Dell Optiplex GX260 (a Pentium 4 with 512 MB of RAM and a 20 GB Hard drive). You don't need much of a system if your Internet Service Provider's (ISP) bandwidth is 100Mb/s or less.

Along with the built in Ethernet network interface, I've installed two additional 10/100 Ethernet network cards I purchased from Amazon.

Software you will need

On the Dell I've installed Ubuntu 12.04 LTS (the 32-bit server version). With one exception all of the software you will need for the gateway you can get with the server.

Installing Required Linux Software

Install the Ubuntu Linux Distribution on your gateway hardware following the instructions on Ubuntu's web site.

After you have installed Ubuntu, you will need to upgrade it with the latest fixes and patches. To do this, you will need to login with the username and password you setup when installing Ubuntu and type the following commands:

sudo apt-get update

You will be prompted for your password and then the your gateway will update its database of software to the latest version.

To actually update the sotfware, type the following command:

sudo apt-get upgrade

Enter yes when prompted to install the updates.\

You will probably need to restart your gateway after installing your updates. To do this type:

sudo shutdown -r now

Your gateway should shutdown and restart. Log back in.

After you have completed upgrading your operating system, you will need to install the following software packages:

isc-dhcp-server
This software will be used to assign IP addresses dynamically to your "non-ham" and "ham" devices.
iptables
This software will help protect your gateway, "non-ham" devices, and AMPRNet devices from hackers.
iptables-persistent
You will need this make sure your iptables settings are remembered when you restart your gateway

To install the software packages type the following at the command line on your gateway hardware:

sudo apt-get install isc-dhcp-server iptables iptables-persistent

Obtain the IPv4 Addresses you will need

What is an IPv4 Address ?

An IPv4 address is a unique 32-bit binary number that is assigned to every publicly connected Internet device.

To make the address easy for humans to read, it is usually represented as a four decimal numbers separated by periods (example - 192.0.0.2).

More information on IPv4 addresses can be found in this Wikipedia article. Take some time to read it over, it will help make it easier to understand the following steps.

Obtain a "Static" IPv4 from your ISP

What is a "Static" IP ?

Normally your ISP assigns your router a public IPv4 address dynamically from a pool of IPv4 addresses shared by many customers. This means that your Public IPv4 address can change periodically and without notice. Usually this isn't a big issue for most normal users, however it can cause problems when trying implement an AMPRNet gateway. While it is possible to make AMPRNet gateways work with a dynamically assigned address, there could be a significant time lag between the time your Public IPv4 address changes and when others on AMPRNet learn about the new gateway address. During this time your AMPRNet subnet may be unreachable.

Therefore, I recommend asking your ISP for a "static" IPv4 address. A "static" IPv4 address is one that doesn't change. Usually your ISP will set you up with one for a small setup fee and small monthly recurring fee. It is well worth the extra cost to insure a stable gateway.

When you ask for a "static" IPv4 address, your ISP will provide you with the following information that you will need to configure your server.

Caution!!!: Once you request a "static" IPv4 address from your ISP, you will need to complete the rest of this setup before you will be able to connect your "non-ham" devices to the Internet!!!

IP Address (example - 192.0.2.2)
The "static" IP Address itself.
Netmask (example - 255.255.255.0)
The netmask is used to determine what part of the IPv4 address is the "network" portion and what portion is the "host" (a good analogy is a Postal Code (network) vs. a House Number (host)).
Default Gateway (example - 192.0.2.1)
The default gateway is an IP address that you send traffic to to reach the rest of the Internet.
DNS Server Addresses (exampe - 192.0.2.23,192.0.2.24
DNS server addresses are the IP addresses of systems that look up the IP address of a device you specify by name. (When you type "google.com" into your browser, the DNS Servers look up the IP address for "google.com" to know where to send your search request.

Please make sure you copy this information down carefully and verify it with your ISP. Your gateway will not work correctly without it!

Decide on Private IPv4 Addresses for "Non-Ham" Devices

Your "non-ham" devices will need their own IP Addresses, separate from AMPRNet. Normally these addresses are assigned from what is known as private address space. Your gateway will take care of routing traffic to and from this private address space to the public Internet.

For this example, let's use the private network 192.168.11.0. The relevant information would be:

  • IP Address for our gateway: 192.168.11.1
  • Netmask 255.255.255.0
  • Default Gateway: 192.168.11.1 (Our gateway will be the default gateway for devices on the "non-ham" network).
  • DNS Name Servers: Use the same DNS Name server IP Addresses given to you by your ISP.

Obtain an AMPRNet IPv4 Address Allocation and Register Your Gateway

Once you have your "static" IPv4 address from your ISP; you will need to go the AMPRNet Portal, request an AMPRNet subnet from a regional coordinator, and register your gateway.

For this example we will use a range of AMPRNet addresses that is reserved for testing and documentation.

Caution!!!: In order to make sure your AMPRNet gateway and subnet is reachable by others, you MUST obtain and use a production AMPRNet subnet!!!

  • IP Address : 44.128.128.1
  • Netmask : 255.255.255.0
  • Default Gateway : 44.128.128.1
  • DNS Name Servers : Use the same as assigned by your ISP.

Setting up the ISP (Internet) Interface

Configuring the interface

To configure the ISP Interface, type the following command to edit the file /etc/networking/interfaces:

sudo nano /etc/network/interfaces

Find the section that looks like this:

auto eth0
iface eth0 inet dhcp

Change it to look like the following (Remember to substitute the information you received from your ISP!!!):

auto eth0
#iface eth0 inet dhcp
iface eth0 inet static
   address 192.0.2.2
   netmask 255.255.255.0
   gateway 192.0.2.1
   dns-nameservers 192.0.2.23 192.0.2.24

Double check that the information is correct then save the file by pressing CTRL-X and then Y to save the file.

To make the changes take effect, type the following commands:

sudo ifdown eth0
sudo ifup eth0

Testing

At this point you should be able to reach the Internet from the gateway (but not from "non-ham" or "ham" devices yet). To test type the following command:

ping 8.8.8.8

You should see something like:

njohnsn@srv01:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_req=1 ttl=46 time=127 ms
64 bytes from 8.8.8.8: icmp_req=2 ttl=46 time=128 ms
64 bytes from 8.8.8.8: icmp_req=3 ttl=46 time=130 ms

Press CTRL-C to stop the program.

If you see something different, please check the following:

  1. That the correct network interface on the gateway system is connected to your ISP (cable or DSL modem).
  2. Double check the settings in the /etc/network/interfaces file.

Don't continue to the next steps until you are successfully able to get the gateway connected to the Internet.

Setting up the "Non-Ham" Network Interface

Configuring the Interface

Setting up Routing (Part 1)

Setting up DNS

Setting up DHCP

Testing

Setting up the Firewall (Part 1)

Setting up NAT

Protecting the Gateway

Protecting the "Non-Ham" Network

Saving the firewall rules

Setting up the Local "Ham" Network (AMPRNet) Interface

Configuring the Interface

More DHCP

Setting up the Tunnel to AMPRNet

Setting up Routing (Part 2)

Setting up Policy Based Routing

Automating Routing Updates with rip44d

Getting rip44d

Compiling and installing rip44d

Running rip44d

Setting up the Firewall (Part 2)

Projecting the Local "Ham" Network

Testing

Saving your work

Next Steps