Nftables Router Tutorial and Configuring D-Link Switches: Difference between pages

From Alteeve Wiki
(Difference between pages)
Jump to navigation Jump to search
No edit summary
 
(Created page with "{{howto_header}} = Validated Switches = The following switches (and firmwares) have been validates to work with the Anvil!: * DGS-3130-series Other models will be similar, but this is the tested model. = Serial Connection = {{note|1=Depending on your terminal emulator, the <span class="code"><Backspace></span> key may not work. If it doesn't, try pressing <span class="code">ctrl + h</span> to delete the character to the left of your cursor.}} You can use <span cl...")
 
Line 1: Line 1:
{{howto_header}}
{{howto_header}}


{{warning|1=This is incomplete and untrustworthy! Do not expect anything to be useful or accurate before this warning is removed.}}


This tutorial is meant to show how to use <span class="code">nftables</span> to build a router suitable for a home or boat.


= Setup =  
= Validated Switches =


Make sure that <span class="code">ip_forward</span> is enabled in the kernel.
The following switches (and firmwares) have been validates to work with the Anvil!:
* DGS-3130-series


<syntaxhighlight lang="bash">
Other models will be similar, but this is the tested model.
sysctl net.ipv4.conf.all.forwarding
 
= Serial Connection =
 
{{note|1=Depending on your terminal emulator, the <span class="code"><Backspace></span> key may not work. If it doesn't, try pressing <span class="code">ctrl + h</span> to delete the character to the left of your cursor.}}
 
You can use <span class="code">screen</span> to connect to the switch. The example below is what you would use on most servers with an on-board serial port. If you have two, then port two would be <span class="code">/dev/ttyS1</span>. If you are using a USB to serial adaptor, then you will use <span class="code">/dev/ttyUSB0</span> (or if it is a multi-port adapter, <span class="code">/dev/ttyUSB1</span>, etc). If none of these work, you will need to consult your operating system documentation and/or serial port adapter to determine the proper <span class="code">/dev/ttyX</span> device to use.
 
<syntaxhighlight lang="text">
screen /dev/ttyUSBO 115200
</syntaxhighlight>
</syntaxhighlight>
The screen will be blank until you press <span class="code"><enter></span>.
<syntaxhighlight lang="text">
<syntaxhighlight lang="text">
net.ipv4.conf.all.forwarding = 0
</syntaxhighlight>


This shows that it's disabled. To enable it, and make sure it's set when the system reboots, edit (or create) the file "<span class="code">/etc/sysctl.d/99-custom.conf</span>" and add (or update) the lines;
                DGS-3130-30TS Gigabit Ethernet Switch
 
                          Command Line Interface
                            Firmware: 2.00.011
          Copyright(C) 2018 D-Link Corporation. All rights reserved.
 


<syntaxhighlight lang="bash">
Switch>
# Added for router function support
net.ipv4.conf.all.forwarding = 1
</syntaxhighlight>
</syntaxhighlight>


Now reload the config;
To log in;


<syntaxhighlight lang="bash">
<syntaxhighlight lang="text">
sysctl --system
Switch>enable
</syntaxhighlight>
</syntaxhighlight>
<syntaxhighlight lang="text">
<syntaxhighlight lang="text">
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
Switch#
* Applying /usr/lib/sysctl.d/50-coredump.conf ...
* Applying /usr/lib/sysctl.d/50-default.conf ...
* Applying /usr/lib/sysctl.d/50-libkcapi-optmem_max.conf ...
* Applying /usr/lib/sysctl.d/50-pid-max.conf ...
* Applying /usr/lib/sysctl.d/50-redhat.conf ...
* Applying /etc/sysctl.d/99-custom.conf ...
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.conf ...
kernel.yama.ptrace_scope = 0
kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h
...<snip>...
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.wlp58s0.rp_filter = 1
net.ipv4.conf.all.forwarding = 1
</syntaxhighlight>
</syntaxhighlight>


Now we can verify that forwarding is enabled;
There is no default user name and password.


<syntaxhighlight lang="bash">
== Exiting screen ==
sysctl net.ipv4.conf.all.forwarding
 
To end your <span class="code">screen</span> session, press <span class="code">ctrl + a</span> together, release and then press <span class="code">k</span>.
 
You will be asked if you want to kill the session, press <span class="code">y</span> to confirm.
 
<syntaxhighlight lang="text">
Really kill this window [y/n]
</syntaxhighlight>
</syntaxhighlight>
<syntaxhighlight lang="text">
<syntaxhighlight lang="text">
net.ipv4.conf.all.forwarding = 1
[screen is terminating]
</syntaxhighlight>
</syntaxhighlight>


Now <span class="code">ip_forward</span> is enabled!
== Configure a Password ==
 
= Configuring nftables =


To use the web interface later, a user and password needs to be set.


{{note|1=Super User level password can be an alphanumeric string, but cannot begin with a number.}}


= References =
* [https://wiki.nftables.org/wiki-nftables/index.php/Simple_ruleset_for_a_home_router Simple ruleset for a home router] - nftables Wiki
* [https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_firewalls_and_packet_filters/getting-started-with-nftables_firewall-packet-filters Getting started with nftables] - (*May required a Red Hat account).
<span class="code"></span>
<syntaxhighlight lang="bash">
</syntaxhighlight>
<syntaxhighlight lang="text">
<syntaxhighlight lang="text">
</syntaxhighlight>
</syntaxhighlight>


{{footer}}
{{footer}}

Revision as of 21:53, 29 March 2024

 AN!Wiki :: How To :: Configuring D-Link Switches


Validated Switches

The following switches (and firmwares) have been validates to work with the Anvil!:

  • DGS-3130-series

Other models will be similar, but this is the tested model.

Serial Connection

 Note: Depending on your terminal emulator, the <Backspace> key may not work. If it doesn't, try pressing ctrl + h to delete the character to the left of your cursor.

You can use screen to connect to the switch. The example below is what you would use on most servers with an on-board serial port. If you have two, then port two would be /dev/ttyS1. If you are using a USB to serial adaptor, then you will use /dev/ttyUSB0 (or if it is a multi-port adapter, /dev/ttyUSB1, etc). If none of these work, you will need to consult your operating system documentation and/or serial port adapter to determine the proper /dev/ttyX device to use. 

screen /dev/ttyUSBO 115200

The screen will be blank until you press <enter>. 

                 DGS-3130-30TS Gigabit Ethernet Switch

                          Command Line Interface
                            Firmware: 2.00.011
           Copyright(C) 2018 D-Link Corporation. All rights reserved.


Switch>

To log in; 

Switch>enable

Switch#

There is no default user name and password.

Exiting screen

To end your screen session, press ctrl + a together, release and then press k.

You will be asked if you want to kill the session, press y to confirm. 

Really kill this window [y/n]

[screen is terminating]

Configure a Password

To use the web interface later, a user and password needs to be set.

Note: Super User level password can be an alphanumeric string, but cannot begin with a number.


 

Any questions, feedback, advice, complaints or meanderings are welcome.
Alteeve's Niche! Enterprise Support:
Alteeve Support 		Community Support
© Alteeve's Niche! Inc. 1997-2024   Anvil! "Intelligent Availability®" Platform
legal stuff: All info is provided "As-Is". Do not use anything here unless you are willing and able to take responsibility for your own actions.
Retrieved from ‘https://alteeve.com/w/index.php?title=Nftables_Router_Tutorial&oldid=7579