Raspberry Route

Versão avaliada:  rpi3-20220121 +

• Baixar a versão Debian no link, tenha atenção ao modelo que possui para baixar a versão correta e após instalar no SD Card utilizando o Raspberry PI Imager.

• Ou use a versão Raspberry Pi OS baixando no link.

• O acesso inicial é utilizando o usuario root, portanto ajutes os parametros iniciais de seguração de acesso

# passwd root

New password: 

Retype new password: 

# adduser suporte

Configuração LAN Cabeada

# vi /etc/network/interfaces.d/eth0

auto eth0

iface eth0 inet static

address <IP>/<MASC>

gateway <IP_GATEWAY>

# ifdown eth0 && ifup eth0

• Configuração do serviço DNS

# vi /etc/systemd/resolved.conf

DNS=1.1.1.3 9.9.9.11d

# systemctl restart systemd-resolved.service

Atualização e pacotes/configurações adicionais

• Atualize a versão instalada

# apt update

# apt dist-ugrade

• Pacotes adicionais

# apt install vim ssh

• Configure o ambiente do prompt

# vi ~/.bashrc 

 export LS_OPTIONS='--color=auto'

 eval "$(dircolors)"

 alias ls='ls $LS_OPTIONS'

 alias ll='ls $LS_OPTIONS -l'

 alias l='ls $LS_OPTIONS -lA'

Configurar VLAN no Switch

• Configuar a porta de conexao com o raspberry como:

  • Untagged Vlan default

  • Tagged Vlan's 100,200,255,300

Configurar VLAN  no Raspberry

# apt install vlan isc-dhcp-server net-tools dnsutils psmisc netcat-traditional logrotate binutils nftables

•  Suba o módulo 802.1q

# modprobe 8021q

• Criar rotas de rede

# echo "500     firsttable" | tee -a /etc/iproute2/rt_tables

# echo "501     secondtable" | tee -a /etc/iproute2/rt_tables

• Configurar sysctl

# echo "net.ipv4.ip_forward = 1" | tee -a /etc/sysctl.d/local.conf

# echo "net.ipv4.conf.all.arp_filter = 0" | tee -a /etc/sysctl.d/local.conf

# echo "net.ipv4.conf.all.rp_filter = 2" | tee -a /etc/sysctl.d/local.conf

# sysctl -p /etc/sysctl.d/local.conf

# vi /etc/network/interfaces.d/eth0 

# VLAN Default

auto eth0

iface eth0 inet static

address 192.168.1.222/24

gateway 192.168.1.254

auto eth0.100

iface eth0.100 inet static

address 172.17.17.1/29

auto eth0.200

iface eth0.200 inet static

address 172.17.18.1/29

auto eth0.255

iface eth0.255 inet static

address 10.0.0.1/24

auto eth0.300

iface eth0.300 inet static

address 172.17.19.1/29

iface eth0 inet6 auto

Configurar DHCP

# vi /etc/default/isc-dhcp-server 

INTERFACESv4="eth0.100 eth0.200 eth0.255 eth0.300"

INTERFACESv6=""

# vi /etc/dhcp/dhcpd.conf 

### VLAN100

subnet 172.17.17.0 netmask 255.255.255.248{

   pool{

      range 172.17.17.3 172.17.17.6;

   }

   option subnet-mask 255.255.255.248;

   option broadcast-address 172.17.17.7;

   option routers 172.17.17.1;

   option domain-name-servers 1.1.1.3,9.9.9.11;

   default-lease-time 600;

   max-lease-time 7200;

}

### VLAN eth0.200

subnet 172.17.18.0 netmask 255.255.255.248{

   pool{

      range 172.17.18.3 172.17.18.6;

   }

   option subnet-mask 255.255.255.248;

   option broadcast-address 172.17.18.7;

   option routers 172.17.18.1;

   option domain-name-servers 1.1.1.3,9.9.9.11;

   default-lease-time 600;

   max-lease-time 7200;

}

### VLAN eth0.255

subnet 10.0.0.0 netmask 255.255.255.0{

   pool{

      range 10.0.0.70 10.0.0.254;

   }

   option subnet-mask 255.255.255.0;

   option broadcast-address 10.0.0.255;

   option routers 10.0.0.1;

   option domain-name-servers 1.1.1.3,9.9.9.11;

   default-lease-time 600;

   max-lease-time 7200;

}

### VLAN eth0.300

subnet 172.17.19.0 netmask 255.255.255.248{

   pool{

      range 172.17.19.3 172.17.19.6;

   }

   option subnet-mask 255.255.255.248;

   option broadcast-address 172.17.19.7;

   option routers 172.17.19.1;

   option domain-name-servers 1.1.1.3,9.9.9.11;

   default-lease-time 600;

   max-lease-time 7200;

}

Configurar NAT

# nft add table nat

# nft 'add chain nat postrouting { type nat hook postrouting priority 100 ; }'

# nft add rule nat postrouting oifname eth0 ip saddr 172.17.17.0/29 counter masquerade

# nft add rule nat postrouting oifname eth0 ip saddr 172.17.18.0/29 counter masquerade

# nft add rule nat postrouting oifname eth0 ip saddr 172.17.19.0/29 counter masquerade

# nft add rule nat postrouting oifname eth0 ip saddr 10.0.0.0/24 counter masquerade

Ou

# cat nftables.conf

#!/usr/sbin/nft -f

flush ruleset

table inet filter {

chain input {

type filter hook input priority filter; policy accept;

}

chain forward {

type filter hook forward priority filter; policy accept;

}

chain output {

type filter hook output priority filter; policy accept;

}

}

table ip nat {

chain postrouting {

type nat hook postrouting priority srcnat; policy accept;

oifname "eth0" ip saddr 172.17.17.0/29 counter packets 12 bytes 812 masquerade

oifname "eth0" ip saddr 172.17.18.0/29 counter packets 12 bytes 812 masquerade

oifname "eth0" ip saddr 172.17.19.0/29 counter packets 12 bytes 812 masquerade

oifname "eth0" ip saddr 10.0.0.0/24 counter packets 12 bytes 812 masquerade

}

}

• Testes

# ping -I eth0.255 8.8.8.8

# tail -f -n 40 /var/log/syslog

# dhcpd -t    <- testa

# cat /var/lib/dhcp/dhcpd.leases

# ip r