Skip to Main Content
Forums

Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Linux Homer Server setup

Wolfgang_RDec 14 2022

Many years that I don't have a server anymore, but I just got my new HW and this weekeend I will start setting it up. Now since my time iptables and network-script were deprecated. Lot's of new things to learn.
The high level network config looks like this:
Network.pngI plan to configure the server in two steps, (1) configure it as modem/router, and (2) configure all services like LAMP stack, DDNS, chrony, dnsmasq, etc...
I am creating a kind of a cooknook with the different steps. I'd appreciate if I could get some insights whether it will work. Thanks in advance,
Host configuration
Command

vi /etc/hosts, and add
127.0.0.1 <hostname> localhost.localdomain localhost

Gateway configuration
Command:

vi /etc/sysconfig/network, add
NETWORKING=yes
HOSTNAME=<hostname>
GATEWAY=192.168.1.1

NIC configuration
Still not certain what is better; using nmcli or edit directly files in /etc/sysconfig/network-scripts
I cannot find ipv4.method (=BOOTPROTO?) dialup anymore. What is the right value for the pppoe interface?
LAN NIC file /etc/sysconfig/network-scripts/ifcfg-enp3s0

DEVICE=enp3s0
TYPE=Ethernet
NAME=LAN
IPADDR=192.168.1.1
NETMASK=255.255.255.0
ONBOOT=yes
USERCTL=no
BOOTPROTO=static
PEERDNS=no
HWADDR=aa:bb:cc:dd:ee:ff.
IPV6INIT=no

Command:

nmcli con mod enp3s0 type ethernet ifname LAN ipv4.method static ipv4.addr 192.168.1.1 \
ignore-auto-dns yes connection.autoconnection yes userctl no

WAN NIC configuration file /etc/sysconfig/network-scripts/ifcfg-enp5s0

DEVICE=enp5s0
TYPE=Ethernet
NAME=WAN
IPADDR=
NETMASK=
ONBOOT=yes
USERCTL=no
BOOTPROTO=none
PEERDNS=no
HWADDR=aa:bb:cc:dd:ee:ff.
IPV6INIT=no

Command:

nmcli con mod enp5s0 type ethernet ifname WAN ipv4.method manual \
ignore-auto-dns yes connection.autoconnection yes userctl no

PPPOE configuration
Command:

dnf install ppp NetworkManager-ppp

Check that plugin rp-pppoe.so is set in /etc/ppp/options
PPPOE configuration file /etc/sysconfig/network-scripts/ifcfg-ppp0

DEVICE=ppp0
USER=ISP username
TYPE=pppoe
NAME=pppoe
DEMAND=no
USERCTL=no
PEERDNS=no
DEFROUTE=yes
PARENT=enp5s0
BOOTPROTO=dialup (value still exist?) FIREWALL=NONE
PING=.
PPPOE_TIMEOUT=80
LCP_INTERVAL=20
LCP_FAILURE=3
CONNECT_TIMEOUT=60
CONNECT_POLL=6
CLAMPMSS=1412
SYNCHRONOUS=no
IPV6INIT=no

Command:

nmcli con add type pppoe ifname ppp0 con-name ppp0 autoconnect yes save yes \ username <username> password <password> parent enp5s0 mtu 1492

nmcli connection reload

Set authentication details for the ISP account
Command:

vi /etc/ppp/pap-secrets, add
"adslppp@telefonicapa.com" "ppp0" " adslppp"

chmod 600 /etc/ppp/pap-secrets

vi /etc/ppp/pppoe-server-options, add
require-pap
login
lcp-echo-interval 10
lcp-echo-failure 2

Dynamic DNS
My ISP uses dynamic account addresses that change every time my server reconnects to the internet. DDNS service updates my home servers IP address and communicate it through the DNS world. As a result, the fully qualified domain name points to my home server.
Setup DDNS service provider
TBD
ISP modem
Set modem in bridge mode > virtual tunnel to ISP. Homer server dials ppp over that virtual link
Firewall
Packet forwarding
Allow data packets to pass from LAN to WAN and vice versa
Command:

sysctl -w net.ipv4.ip_forward=1

Define firewall
Users on LAN need to access internet.
Network Address Translation (NAT) changes a packets destination or source IP address. The packets look like if they came from a different address than the original. Packets from LAN get routed to internet and vice versa and keeps the LAN “hidden” from the internet (security details, workstations etc…)
Postrouting is a technique for changing packets as they are leave the LAN to the internet
Commands:
Do I need to set a default zone?

firewall-cmd --zone=internal --change-interface=enp3s0 --permanent
firewall-cmd --zone=external --change-interface=enp5s0 --permanent
firewall-cmd --zone=external –change-interface=ppp0 --permanent
firewall-cmd --permanent --zone=internal --add-source=[192.168.1.0/24](http://10.5.2.0/24)
firewall-cmd --zone=external --add-masquerade --permanent
firewall-cmd --zone=internal --add-service dns –permanent (required?)
firewall-cmd --permanent --direct --passthrough ipv4 -t nat -I POSTROUTING -o ppp0 -j MASQUERADE -s [192.169.1.0/24](http://10.5.2.0/24)
firewall-cmd --zone=external --add-service ssh –permanent
firewall-cmd --zone=external --add-service https --permanent
firewall-cmd reload

Thanks in advance for your help

Wolfgang
Comments
Post Details
Added on Dec 14 2022
#linux, #oracle-linux, #server
0 comments
604 views