Glam
My server 'glam' is one of my computers in my lab.
This Raspberry Pi is a Raspberry Pi 4 Model B Rev 1.5, it used to be 'glimmer'. I use this system as my network router.
See MicroSD for notes about disk images.
This system is running Raspberry Pi OS (64-bit) which doesn't use grub as the bootloader.
To enable predictable network interface names (based on MAC address):
# sudo raspi-config
Then: Advanced Options -> Network Interface Names -> Enable predictable network interface names (yes)
and reboot.
$ cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8) # Include files from /etc/network/interfaces.d: source /etc/network/interfaces.d/* # 2023-11-06 jj5 - BLUE: # auto end0 iface end0 inet static address 10.0.0.5 netmask 255.255.0.0 gateway 10.0.0.1 dns-nameservers 10.0.0.1 # 2023-11-06 jj5 - RED: # auto enx00e099001bf7 iface enx00e099001bf7 inet static address 10.1.0.5 netmask 255.255.0.0 # 2023-11-06 jj5 - ORANGE: # auto enx00e099001bf6 iface enx00e099001bf6 inet static address 10.2.0.5 netmask 255.255.0.0 # 2023-11-06 jj5 - GREEN: # auto enx00e099001cc7 iface enx00e099001cc7 inet static address 10.3.0.5 netmask 255.255.0.0
$ tail -n 8 /etc/sysctl.conf
# 2023-11-06 jj5 - Disable IPv6 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 # 2023-11-06 jj5 - enable routing: net.ipv4.ip_forward=1
$ cat /etc/iptables/rules.v4
# 2023-11-06 jj5 - SEE: https://gridscale.io/en/community/tutorials/debian-router-gateway/ *nat -A POSTROUTING -o end0 -j MASQUERADE COMMIT *filter -A INPUT -i lo -j ACCEPT # allow ssh, so that we do not lock ourselves -A INPUT -i enx00e099001cc7 -p tcp -m tcp --dport 22 -j ACCEPT # allow incoming traffic to the outgoing connections, # et al for clients from the private network -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # 2023-11-06 jj5 - interfaces: ## BLUE....: end0 ## RED.....: enx00e099001bf7 ## ORANGE..: enx00e099001bf6 ## GREEN...: enx00e099001cc7 # 2023-11-06 jj5 - disable between interfaces... this isn't working as I expected so commented out for now... #-A FORWARD -i end0 -o enx00e099001bf7 -j DROP #-A FORWARD -i end0 -o enx00e099001bf6 -j DROP #-A FORWARD -i end0 -o enx00e099001cc7 -j DROP #-A FORWARD -i enx00e099001bf7 -o enx00e099001bf6 -j DROP #-A FORWARD -i enx00e099001bf7 -o enx00e099001cc7 -j DROP #-A FORWARD -i enx00e099001bf6 -o enx00e099001cc7 -j DROP # prohibit everything else incoming -A INPUT -i end0 -j DROP COMMIT
# apt install iptables
# cat /etc/iptables-rules.sh
#!/bin/bash iptables-restore < /etc/iptables/rules.v4
# chmod +x /etc/iptables-rules.sh
# cat /etc/systemd/system/iptables-rules.service
[Unit] Description=Apply custom iptables rules [Service] Type=oneshot ExecStart=/etc/iptables-rules.sh [Install] WantedBy=multi-user.target
# systemctl enable iptables-rules.service