Benutzer-Werkzeuge

Webseiten-Werkzeuge


anleitungen:gateway:gateway_einrichten

Dies ist eine alte Version des Dokuments!


Gateway einrichten

  • Debian minimal Installation auf den Server machen
  • authorized_keys aus git unter /root/.ssh ablegen ← auf dem Root Volumen
  • reboot
  • /etc/apt/preferences.d
    • batctl.pref
       
      Package: batctl
      Pin: origin repo.universe-factory.net
      Pin-Priority: 1000
  • /etc/apt/source.list.d
    • draic.list
      deb [arch=amd64] http://debian.draic.info/ wheezy main
      deb-src http://debian.draic.info/ wheezy main
    • fastd.list
      deb http://repo.universe-factory.net/debian/ sid main
  • apt-get install -y alfred alfred-json batadv-vis batctl batman-adv-dkms fastd
  •  dkms remove batman-adv/2013.4.0 --all
    dkms --force install batman-adv/2013.4.0
  • echo batman_adv >> /etc/modules
  • reboot
  • /etc/network/interfaces
    # Freifunk mesh interfaces
    auto br-ffharz
    iface br-ffharz inet6 static
     bridge-ports none
     address fd0e:8db3:d50a::2 #IPv6 IP des Gateways für das Bridge Device
     netmask 64
    
    iface br-ffharz inet static
     address 10.7.0.2 #IPv4 IP des Gateways für das Bridge Device
     netmask 255.255.0.0
    
    allow-hotplug bat0
    iface bat0 inet6 manual
     pre-up modprobe batman-adv
     pre-up batctl if add mesh-vpn
     pre-up batctl gw server
     up ip link set $IFACE up
     post-up brctl addif br-ffharz $IFACE
     post-up batctl it 10000
     post-up ip rule add from all fwmark 0x1 table freifunk
     pre-down brctl delif br-ffharz $IFACE || true
     down ip link set $IFACE down
  • fastd konfigurieren → /etc/fastd/freifunk kopieren
  • Job in crontab anlegen
    • 0 */2 * * * /root/scripte/fastd-update.sh
  • Script für das Update der Cronjobs anlegen
    • fastd-update.sh
      #!/bin/bash
      # Script für das Update der peers Konfigurationsdatein für fastd
      # Freifunk Harz e.V. - Steffen Taubenheim-Probst
      # Lizenz: GPL
      # Datum: 12.08.2015
      # Script als cronjob ausführen (zum Beispiel alle 2h)
      
      
      set -e
      
      FASTDDIR="/etc/fastd/freifunk"
      FASTDPEERS="$FASTDDIR/peers"
      GITREPO="https://gitlab.com/ff-harz/fastd-peers.git"
      
      if [ ! -d $FASTDDIR ]; then
      	echo "fastd bitte einrichten."
      	exit 0
      fi
      
      if [ ! -d $FASTDPEERS ]; then
              cd $FASTDDIR
              git clone $GITREPO
              ln -s $FASTDDIR/fastd-peers $FASTDPEERS
              pkill -HUP fastd
              exit 0
      fi
      
      if  [ -d $FASTDPEERS ]; then
              cd $FASTDPEERS
              git pull
              pkill -HUP fastd
      fi
      
      exit 0
  • VPN Dienst konfigurieren wie mullvad oder ipredator zum Beispiel
  • Routing Table einrichten
    • /etc/iproute2/rt_tables
      #
      # reserved values
      #
      255	local
      254	main
      253	default
      0	unspec
      #
      # local
      #
      #1	inr.ruhep
      42	freifunk
  • Prerouting konfigurieren
    • iptables -t mangle -A PREROUTING -i br-ffharz -j MARK --set-xmark 0x1/0xffffffff
      iptables -t nat -A POSTROUTING -s 10.7.0.0/16 -o tun0 -j MASQUERADE

dhcpd

  •  cat >> /etc/dhcp/dhcpd.conf
 ddns-update-style none;
 option domain-name ".ffharz";
 default-lease-time 600;
 max-lease-time 1600;
 log-facility local7;
 
 subnet 10.7.0.0 netmask 255.255.0.0 {
 	authoritative;
 	range 10.7.1.1 10.7.10.255;
	range 10.7.51.1 10.7.60.255;
 	option domain-name-servers 10.7.0.2, 10.7.0.10;
 	option routers 10.7.0.2;
 }

#subnet 10.7.0.0 netmask 255.255.0.0 {
#	authoritative;
#	range 10.7.3.1 10.7.4.254;
#	option domain-name-servers 10.7.0.2, 10.7.0.3, 10.7.0.10;
#	option routers 10.7.0.3;
#}

 include "/etc/dhcp/static.conf";
  • touch > /etc/dhcp/static.conf

sysctl

  • cd /etc
  • vi sysctl.conf
  • net.ipv4.ip_forward=1 und net.ipv6.conf.all.forwarding=1
  • vi sysctl.d\99-freifunk.conf
  • net.ipv4.conf.default.rp_filter = 0
    net.ipv4.conf.all.rp_filter = 0
    
    net.bridge.bridge-nf-call-arptables = 0
    net.bridge.bridge-nf-call-ip6tables = 0
    net.bridge.bridge-nf-call-iptables = 0
    
    net.ipv6.conf.all.autoconf = 0
    net.ipv6.conf.default.autoconf = 0
    net.ipv6.conf.eth0.autoconf = 0
    net.ipv6.conf.all.accept_ra = 0
    net.ipv6.conf.default.accept_ra = 0
    net.ipv6.conf.eth0.accept_ra = 0
    
    #/etc/sysctl.conf
    #https://kbu.freifunk.net/wiki/index.php?title=Supernode#UDP-Queue_Gr.C3.B6.C3.9Fe
    net.core.rmem_max=83886080
    net.core.wmem_max=83886080
    net.core.rmem_default=83886080
    net.core.wmem_default=83886080

DHCP Leases zählen

  • cd /var/lib/dhcp
  • cat dhcpd.leases | grep ether | cut -d ' ' -f 5 | sort -u | wc -l

Firewall Regel importieren

Das komplette Verzeichnis aus /root/scripte/ kopieren und anpassen:

iptables-restore < /root/scripte/ipv4.fw

anleitungen/gateway/gateway_einrichten.1556953881.txt.gz · Zuletzt geändert: 2019/05/04 09:11 von tomi-w80