Diet-Router: Network Configuration

<< back to Diet-Router

1. Network device configuration

Since version 0.3 of Diet-Router the configure script supports up to four network interfaces. One must be used for the pppoe connection to your ADSL modem, while the others can be used for different network zones (e.g. dmz, lan).

It is of course possible to have more than four nics. Note, that you must ensure that all driver you need are included in your kernel. I can't help you at this point. Then, you have to create one file for each network card to activate while booting. These files are under the directory of your Diet-Router base 

    system/etc/sysconfig/network/<if>

where <if> must be the name of the network interface to configure, e.g. eth8. The file will be read by the /etc/minit/network/run script. At least you must define the variables IP and NETMASK. Optionally, you may specify BROADCAST.

2. Static routes

Create a file under the base directory of your diet-router 

    system/etc/sysconfig/routes

with one route per line. Lines beginning with a '#' are comments. The format is as follows: 

  <destination>[[:space:]]<mask>[[:space:]]<gateway> or
  default[[:space:]]<gateway>

where

<destination>
is the destination ip- or networknumber
<mask>
the corresponding net mask (255.255.255.255 creates a host route)
<gateway>
is the ip-address of the gateway router

The second form is sets the default gateway. This is probably overwritten by the adsl-start script, which add a default route to the corresponding ppp interface.

The file will be read by the /etc/minit/route/run script. Warning: Do not use tabs to separate the fields in the routes file. The startup-script is quite stupid.

3. Remote administration

We use the dropbear ssh server. This server will be run with

From this it should be quit clear how to configure the ssh admin account.

  1. Create a new user on the your administrative workstation.
  2. Generate a dsa key-pair for this user.
  3. copy the public key of this user to system/home/<admin-user>/.ssh/authorized_keys.

Needless to say, you should choose a strong pass phrase for the private key.

You now can connect as the admin user on your workstation to the Diet-Router by ssh -2 admin@<diet-router-ip>. From this account you can use su - to become superuser on your Diet-Router.

Note: The ssh server will only< listen to your first lan interface.

4. DNS cache support

If you use the dnscache, wich comes with Diet-Router, you must ensure that your firewall allows all clients to access the dnscache on your first lan ethernet interface. The cache will only listen to this interface.

5. DHCP server support

The Diet-Router setup only installs a very simple udhcpd configuration file in system/etc/udhcpd.<interface>.conf. After an initial setup you may add more settings there. The Diet-Router setup does not change other than it's own settings.

$Id: network.html,v 1.13 2006-11-20 17:50:04 tmueller Exp $
Thomas Müller (tmueller@maxrelax.de)