Bureaucrats, Check users, Interface administrators, Push subscription managers, Suppressors, Administrators
478
edits
No edit summary |
No edit summary |
||
TODO
== Setting up the router ==
Now for the """fun""" part. We're going to set up a router VM, responsible for routing all traffic from the VMs. You'll want to give it '''two''' network adapters, one for the WAN (the internet) and another LAN (your VMs, the collabnet bridge).
The router will be running Debian. You can either netboot it from within QEMU (Press Ctrl+B when prompted on boot, enter <code>dhcp && boot http://boot.netboot.xyz</code>) or download an ISO and mount it. Your choice.
Here is an example QEMU start command for the router VM. You'll need to create the disk image and adjust paths.
{{code|<nowiki>
sudo -u collabvm qemu-system-x86_64 \
-accel kvm \
-cpu host \
-m 2G \
-hda /srv/collabvm/router/router.qcow2 \
-netdev user,id=wan -device virtio-net,netdev=wan \
-netdev tap,id=lan,ifname=ktrouter,script=no,downscript=no -device virtio-net,netdev=lan \
-vnc 127.0.0.1:10
</nowiki>}}
With this command, you can SSH forward and VNC to port 5910. When installing Debian, you can accept defaults, although I recommend not using a desktop environment on your router.
=== Initial configuration ===
Once you boot to a command line, the first thing we'll do is remove the builtin ifupdown network daemon and use systemd-networkd, as it's much easier to manage.
{{code|
sudo apt-get purge -y ifupdown
sudo ip addr flush
sudo systemctl enable --now systemd-networkd
}}
We'll then disable systemd-resolved and set up a static DNS config
{{code|
sudo systemctl disable --now systemd-resolved
sudo systemctl mask systemd-resolved
sudo rm /etc/resolv.conf # remove the symlink
sudo tee /etc/resolv.conf <<EOF
nameserver 1.1.1.1
nameserver 1.0.0.1
EOF
}}
Note that the internet will die on the router. This is because systemd-networkd is not configured by default. First, let's figure out our interface names using the command <code>ip a</code>. For me, the WAN interface was <code>ens3</code> and the LAN was <code>ens4</code>. This may vary however if you're using the QEMU command above the WAN interface will appear first in the list. For the rest of the guide I will be assuming the above interface names. Make sure to change them if yours are different.
Let's first configure the WAN interface to use DHCP.
'''/etc/systemd/network/wan.network'''
{{code|<nowiki>
[Match]
Name=ens3
[Network]
DHCP=ipv4
</nowiki>}}
Then, we'll assign the LAN interface the static ip of <code>192.168.1.1</code>
'''/etc/systemd/network/lan.network'''
{{code|<nowiki>
[Match]
Name=ens4
[Network]
Address=192.168.1.1/24
</nowiki>}}
You can then reload the network configuration:
{{code|
sudo systemctl restart systemd-networkd
}}
If all went well, you should be able to access the internet (test with <code>ping google.com</code>)
Now, we can set up basic routing. First, install some required packages
{{code|
sudo apt-get install -y nftables dnsmasq curl
}}
Now, download our nftables config template. This sets up a simple router. We'll expand on it later.
{{code|
sudo curl 'https://computernewb.com/~elijah/nftables.conf' -o /etc/nftables.conf
}}
If your WAN and LAN IPs differ from the examples above, edit nftables.conf and change them at the top.
|