date = 2022-01-15
tags = ["networking", "freebsd", "raspberrypi"]
title = "Home network v1"

Home network v1

Featured image

It was long overdue I learned the basics of IP networking, and there wouldn't be a better way than to learn it hands-on by setting up my own home network.

Before then, I'd been using the same WiFi hub installed by the ISP when I moved in. (By the way, if you are using the WiFi hub installed by

D'Live

, be aware that it exposes the configuration UI on port 8080 to the Internet. I recommend to throw it out.)

I decided to make it interesting by using

FreeBSD

for firewalling and routing. I've never used *BSD operating systems my whole life. I assumed it was a relic of an operating system and irrelevant, but apparently it is used in many network appliances and devices behind the scene.

Network diagram

Diagram

Notes on RPi serial connection

Image

In order to configure RPis, I need to serially connect to them. I don't have multiple monitor/keyboard/multiplexers to connect to individual RPis, nor `ssh` can be used while I am configuring the network itself. So I got myself a few USB-to-TTL adapters that support 3.3V level so that I can connect to RPis from my MacBook. If you installed FreeBSD or Ubuntu on RPi, connecting to the serial console through the UART pins is supported out of the box.

Refs:

https://www.decisivetactics.com/products/serial/

https://github.com/npat-efault/picocom

https://www.jeffgeerling.com/blog/2021/attaching-raspberry-pis-serial-console-uart-debugging

Setting up router

I installed FreeBSD on my Raspberry Pi 4.

RPi 4 has one gigabit ethernet port. In order for it to work as a router, it needs a separate LAN port in addition to a WAN port. So I got a cheap USB gigabit ethernet NIC and plugged it into one of the USB 3.0 ports in order to make it a LAN port. It works without issues, I am taken how well FreeBSD works on Raspberry Pi.

(Builtin WiFi module is not supported.)

Check the names of the network interfaces with `ifconfig`. Mine are 'genet0' for WAN and 'ue0' for LAN.

Firewalling

All firewall configuration I need can be done with

PF on FreeBSD

. Configuring NAT and whitelisting ports is a breeze.

/etc/pf.conf

ext_if="genet0"
int_if="ue0"

set skip on lo0

scrub in

nat on $ext_if inet from ! ($ext_if) to any -> ($ext_if)

block all

tcp_services = "{ ssh, smtp, domain, www, pop3, auth, https, pop3s, openvpn, bootps, 8080 }"
udp_services = "{ domain, openvpn, bootps }"
pass out on $ext_if proto tcp to port $tcp_services
# This works even though UDP is a stateless protocol thanks to the PF stateful magic.
pass out on $ext_if proto udp to port $udp_services

pass on $int_if proto { tcp, udp }

icmp_types = "{ echoreq, unreach }"
icmp6_types = "{ echoreq, unreach, timex, paramprob }"
pass inet proto icmp icmp-type $icmp_types
pass inet6 proto icmp6 icmp6-type $icmp6_types

Routing

Once firewall is in place, I can configure routing.

Enable gateway:

$ doas sysrc gateway_enable="YES"
$ doas sysctl net.inet.ip.forwarding=1

$ doas sysrc ipv6_gateway_enable="YES"
$ doas sysctl net.inet6.ip6.forwarding=1

Configure the LAN (192.168.1.1/24):

$ doas sysrc ifconfig_ue0="inet 192.168.1.1/24"
$ doas route add -net 192.168.1.0/24 192.168.1.1

Install and configure

dhcpd

on the LAN interface.

$ doas sysrc dhcpd_flags="ue0"
$ doas sysrc dhcpd_enable="YES"

/usr/local/etc/dhcpd.conf to give out the IP address range 192.168.1.10 ~ 192.168.1.20.

option domain-name-servers 8.8.8.8;

option subnet-mask 255.255.255.0;
default-lease-time 600;
max-lease-time 7200;

subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.10 192.168.1.20;
  option broadcast-address 192.168.1.255;
  option routers 192.168.1.1;
}

Now I have a RPi gigabit router. I can see the network stats with `systat -ifstat 1`.

                    /0   /1   /2   /3   /4   /5   /6   /7   /8   /9   /10
     Load Average   |||

      Interface           Traffic               Peak                Total
            ue0  in      1.954 KB/s          2.460 KB/s          662.076 MB
                 out     2.983 KB/s          3.425 KB/s            2.180 GB

         genet0  in      3.899 KB/s          3.899 KB/s            2.208 GB
                 out     1.832 KB/s          2.019 KB/s          657.620 MB

Performance

I tested and compared the internet speeds between the Gigabit router and the RPi4 router, using

the Google internet speed test

. The download/upload speeds of the the RPi router are about 10% slower. For my use, it is not significant.

Conclusion

With RPis, I can play with multiple devices easily without having to procure a rack of servers and setting up a KVM switch. In the future, I want to create a

k3s

cluster using RPis and try running real workloads.

Comments

Leave a comment