OpenSuSE as a BASIC router

Ok… So I have a client that has an extended Ethernet connection from their ISP. They put in a WRT54G v5 which as you might guess losses its mind from time to time and you have to do a power on reset, in other words a consumer grade POS that will work if it is in your living room and you are the only one depending on it.

So what I want to do is just use a minimal OS install to simply be a router. I would imagine the only thing I would need other then the basic network management is sshd so I can get to it remotely if needed.

The routing is simple but but both interfaces are real world IP addressing. The device that extends the ethernet does no routing and there is nothing upstream of that device that does it either for the devices at the end of the ethernet extension.

The best illustration is:

Extended Ethernet → eth0 OpenSuSE router eth1 → L2 Switch → 1 to n consumer level routers which branch to 1 to n hosts.

A single string would look like:

Extended Ethernet → eth0 OpenSuSE router eth1 → L2 Switch → Consumer Grade Router w/nat ----> one Private ( 10.x, 192.168.x etc. ) host.

So the hosts next hop is the consumer grade who’s next hop is the OpenSuSE box eth1 who’s next hop is is the Ethernet Extension device connected to OpenSuSE eth1.

So I would guess, having never done this, that I would configure eth0 and eth1 with the respective addresses and then enable IP forwarding. eth0 would have the appropriate gateway and eth1 would simply route to eth1?

And no IPV6 is not supported by the ISP.

Any help is appreciated.

On 12/20/2011 04:06 PM, FlyingGuy wrote:
>
> Ok… So I have a client that has an extended Ethernet connection from
> their ISP. They put in a WRT54G v5 which as you might guess losses its
> mind from time to time and you have to do a power on reset, in other
> words a consumer grade POS that will work if it is in your living room
> and you are the only one depending on it.
>
> So what I want to do is just use a minimal OS install to simply be a
> router. I would imagine the only thing I would need other then the
> basic network management is sshd so I can get to it remotely if needed.
>
> The routing is simple but but both interfaces are real world IP
> addressing. The device that extends the ethernet does no routing and
> there is nothing upstream of that device that does it either for the
> devices at the end of the ethernet extension.
>
>
> The best illustration is:
>
> Extended Ethernet → eth0 OpenSuSE router eth1 → L2 Switch → 1 to
> n consumer level routers which branch to 1 to n hosts.
>
> A single string would look like:
>
> Extended Ethernet → eth0 OpenSuSE router eth1 → L2 Switch →
> Consumer Grade Router w/nat ----> one Private ( 10.x, 192.168.x etc. )
> host.
>
> So the hosts next hop is the consumer grade who’s next hop is the
> OpenSuSE box eth1 who’s next hop is is the Ethernet Extension device
> connected to OpenSuSE eth1.
>
> So I would guess, having never done this, that I would configure eth0
> and eth1 with the respective addresses and then enable IP forwarding.
> eth0 would have the appropriate gateway and eth1 would simply route to
> eth1?
>
> And no IPV6 is not supported by the ISP.

These commands will set up basic routing with NAT

NET_INT=eth1
NET_EXT=eth0
IPTABLES=/usr/sbin/iptables
$IPTABLES -t nat -A POSTROUTING -o $NET_EXT -j MASQUERADE
$IPTABLES -A FORWARD -i $NET_EXT -o $NET_INT -m state
–state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $NET_INT -o $NET_EXT -j ACCEPT

Enable packet forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

The only thing remaining is to set the IP Address on NET_INT, and start DHCPD to
dynamically supply addresses to the internal network. My snippit does not have
this part as I lifted it from my script to start an Access Point where NET_INT
is a wireless device.

The first IPTABLES FORWARD statement is a trivial firewall that will only allow
the outside to reach the inside only for established connections, i.e. no
servers inside. Make it look like the second with -i and -o reversed to get full
access to inside from outside.

You might like to look at some dedicated router/firewall distros like ipcop. They’re much easier to install and configure for this kind of job.

Great replies. This would ONLY need to route. No firewall, no VPN no NAT, NO DHCP no nothing, just route.

No DHCP or NAT needed as this beast just has to route. I figured it would be pretty trivial. No packets need to hit the machine with the exception of ssh since I will want to maintain it remotely, the trick would be with iptables to make the box ignore everything on itself with the exception of ssh and just pass everything else across the interfaces.

On Tue, 20 Dec 2011 22:06:02 +0000, FlyingGuy wrote:

> Ok… So I have a client that has an extended Ethernet connection from
> their ISP. They put in a WRT54G v5 which as you might guess losses its
> mind from time to time and you have to do a power on reset, in other
> words a consumer grade POS that will work if it is in your living room
> and you are the only one depending on it.

Actually, I wouldn’t have guessted the WRT54G would lose its mind and
need to be reset, but that’s actually a router that has alternative
firmware for it that you might find works better. Either DD-WRT or
OpenWRT (I use the latter myself on a D-Link router).

The WRT54G, though, was the first router these both were developed to run
on. You might check that out as an option. :slight_smile:

Jim

Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

On 12/20/2011 08:35 PM, Jim Henderson wrote:
>
> Actually, I wouldn’t have guessted the WRT54G would lose its mind and
> need to be reset, but that’s actually a router that has alternative
> firmware for it that you might find works better. Either DD-WRT or
> OpenWRT (I use the latter myself on a D-Link router).
>
> The WRT54G, though, was the first router these both were developed to run
> on. You might check that out as an option. :slight_smile:

The V5 WRT54G does not run Linux. Linksys reduced the memory so much that
openWRT will not work with it. The same is true for V6. The others are OK.

On Wed, 21 Dec 2011 03:19:46 +0000, Larry Finger wrote:

> On 12/20/2011 08:35 PM, Jim Henderson wrote:
>>
>> Actually, I wouldn’t have guessted the WRT54G would lose its mind and
>> need to be reset, but that’s actually a router that has alternative
>> firmware for it that you might find works better. Either DD-WRT or
>> OpenWRT (I use the latter myself on a D-Link router).
>>
>> The WRT54G, though, was the first router these both were developed to
>> run on. You might check that out as an option. :slight_smile:
>
> The V5 WRT54G does not run Linux. Linksys reduced the memory so much
> that openWRT will not work with it. The same is true for V6. The others
> are OK.

Ah, good to know - I wasn’t aware of that change in the hardware.

Shame on Cisco for breaking that functionality. :confused:

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

On Wed, 21 Dec 2011 23:27:42 +0000, Jim Henderson wrote:

> Shame on Cisco for breaking that functionality. :confused:

That said, maybe an openWRT x86 install on the PC (or in a VM for that
matter) would help the OP out.

Jim

Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

On 12/21/2011 05:28 PM, Jim Henderson wrote:
> On Wed, 21 Dec 2011 23:27:42 +0000, Jim Henderson wrote:
>
>> Shame on Cisco for breaking that functionality. :confused:
>
> That said, maybe an openWRT x86 install on the PC (or in a VM for that
> matter) would help the OP out.

That change happened quite a while before Cisco bought Linksys, and they likely
saved a dollar or two.

Yes, installing the x86 version of openWRT would handle what the OP wants.

I’m concerned about the OP implementing a simple router. Whether he knows it or
not, the WRT54G does implement a firewall, but it sounds as if is not going to
have anything afterward.

On Wed, 21 Dec 2011 23:50:20 +0000, Larry Finger wrote:

> On 12/21/2011 05:28 PM, Jim Henderson wrote:
>> On Wed, 21 Dec 2011 23:27:42 +0000, Jim Henderson wrote:
>>
>>> Shame on Cisco for breaking that functionality. :confused:
>>
>> That said, maybe an openWRT x86 install on the PC (or in a VM for that
>> matter) would help the OP out.
>
> That change happened quite a while before Cisco bought Linksys, and they
> likely saved a dollar or two.

Hrm. That’s what I get for not keeping up with Linksys after I ditched
the router I had from them (not the 54G, goes back further than that).

> Yes, installing the x86 version of openWRT would handle what the OP
> wants.
>
> I’m concerned about the OP implementing a simple router. Whether he
> knows it or not, the WRT54G does implement a firewall, but it sounds as
> if is not going to have anything afterward.

Very true - chances are if he was using the 54G, he was also using NAT
since that’d be part of the default config.

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C