yakking/ posts/ Routing, and network services on Linux by Daniel Silverstone
Setting the Bash shell prompt | posts | The importance of using Library code
Apr 2024
S M T W T F S
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30        

Blog

Contributors

Recent Comments

Archives

Suggestion box

Tags

Blogtrottr

Non-article content is copyrighted to the regular contributors. Articles are copyright to their authors. Comments on articles are copyright the comment's author.

By contributing a comment to the site you implicitly grant the same licence to your comment as is shared by the rest of the site.

Creative Commons Licence
Yakking Blog by Yakking Team is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Many F/LOSS hackers, as they reach a certain level of hackerdom (I think it's usually level 14 or 15) typically reach the point of desiring services on their local network which are either poorly served by traditional "routers" or are simply beyond their usual functionality set. If you're that kind of hacker then bear with me while I go over a few common network services and how you can set up a Linux box to do them for you, giving you control and diagnostics beyond that which a trad. router would do.

For those of you who are perhaps level 26 or above, you might be annoyed that I don't do much in terms of treatment of IPv6 here, but I promise I'll do something on IPv6 services another time.

Rather than linking things all over the place, I'll give you one top level link here, to the Linux Home Networking website and hope you are capable of finding suitable tutorials for the parts of this article which interest you. If you're not a Linux person then I'm sure your chosen platform will have similar resources for you to exploit. Apart from the firewalling/routing, this should all be applicable no matter your chosen platform.

DHCP

The most basic service you need on a network is the service which lets a computer which joins the network get an address (and possibly name). The dynamic host configuration protocol, or DHCP, is the protocol for that. DHCP allows new hosts to query the network for what IP range it is in, what IP address the new machine should use, where the router is, what the naming scheme is inside the network and where other services such as DNS (see later) can be found.

You might use server software such as the ISC DHCP Daemon or perhaps something smaller such as DNSMasq, but whatever you use, you will need to decide on an IP address range for your network, and allocate at least one address statically to your new router. Normally home networks will use RFC1918 address ranges such as 192.168.x.y/24 or 10.x.y.z/8-31 and what you select will typically be a combination of the size of your home network, any other networks you might want to route or bridge to in the future, and also how lazy you're feeling. It's common practice to allocate either the bottom (e.g. 192.168.100.1) or the top (e.g. 192.168.77.254) address to the router. I tend to prefer the bottom address.

DNS

Once you have selected and configured the IP address range for your network, you will typically need to set up a DNS resolver. You can get away with getting your DHCP server to tell your devices to use a public DNS server, or that of your ISP, but in general it's good to have a local DNS server. It can both cache query results to reduce your bandwidth consumption, and also serve a DNS zone for your local network, so that you can refer to your devices by their names rather than trying to remember IP addresses for everything.

You might choose to use the full-power ISC BIND or you can opt to use DNSMasq as before. Wherever you choose to run the DNS server, remember to configure your DHCP server to hand out the right address. I tend to run the DHCP and DNS on the same system.

Routing

Of course, a network router is pointless without some kind of routing support. Commonly Linux-based routers combine the routing and firewalling into one service. Linux (currently) does all of this via a combination of a few simple sysctls and a tool called iptables.

There are any number of ways to configure the sysctls and iptables involved in setting up a basic router/firewall, but I shall name a few simple options for you. I personally use a tool called firehol which I find pretty easy to set up, but I have also used ufw in the past (UFW does need some extra help to be a router though). If you're interested in more complex and interesting routing setups then Shorewall is very competent and capable.

File server

In the bad old days, the only network filesystem supported by *NIX which was widely compatible and well implemented tended to be NFS. Unfortunately most random consumer devices don't tend to speak NFS, preferring instead of be compatible with Windows and similar devices by using CIFS. There is a competent free software implementation of a CIFS server called Samba and there's plenty of CIFS clients, in both userland and kernelspace.

These days if you have a heterogenous network (and really, who among us doesn't) you are better off going with CIFS/Samba for sharing your file server storage space.

Printing

As anyone in a household with more than one user and only one printer will tell you, managing access to the printer can be a pain. These days, many printers can be networked and yet all this does is shift the contention point from the computer the printer is plugged into, to the printer itself. Many printers get mightily confused if more than one person connects and sends a document to it at the same time.

Print servers exist, but as is the way of the world, printing is possibly the hardest thing to make work reliably and stably in a network. Most people these days use CUPS and if installed properly you can administer it from your web browser by pointing it at https://ROUTER_IP:631/.