GNOME.org
 

Re: Can Network Manager be used for router-type configurations?

Hi Thomas

On 31/03/2018 19:14, Thomas Haller wrote:

On Sat, 2018-03-31 at 08:38 +0100, Nick Howitt wrote:

On 31/03/2018 02:52, A. F. Cano wrote:

On Mon, Mar 19, 2018 at 10:55:07AM +0000, Nick Howitt wrote:

Hi,
I currently use ClearOS which is a CentOS derivative which can
run
as a full internet gateway and does not use Network Manager. I've
been trying to evaluate Network Manager in Centos 7.4 to see if
it
can be used in ClearOS to manage the interfaces and so far I've
struggled.

Since no one has replied...  I'm running a Freedombox on an apu1d4
(a small low power single board computer with 3 ethernet
interfaces)
and it uses Network Manager.  The FreedomBox software

https://www.freedombox.org/

makes it easy to set up a gateway/firewall system that is secure
and offers many other services so it's also a home server.

The FreedomBox software handles a lot of the details you ask about,
but you might also have to customize depending on your specific
requirements if they differ from what the FreedomBox is designed
to do in its default mode.

Maybe not what you want but it's an option.


Thanks for the reply. I am currently using ClearOS 7.4 on a homebrew
box
and it can do it as well but it does not use Network Manager. I hear
that they would like to use network manager when v8 is released as
upstream (Centos/RHEL) do, so I thought I'd investigate and I could
not
find out how to do various things in nm:

Hi,


In NetworkManager, this is all enabled by ipv4.method=shared and
ipv6.method=shared.

For IPv4, it means to run a DHCP server. For IPv6, it means to do
prefix delegation.

But note that this is meant as something that works nicely, out of the
box, without many knobs. It is not the most flexible way to configure a
router, but rather to quickly share your internet with another machine.
Maybe that is suitable for you, maybe not. If not, we'd like to hear
what you'd suggest to improve.
ClearOS is aimed at being a gateway/router device, but I believe they would like to head towards the upstream NM rather than older configuration methods 


1 - change the DHCP server range of addresses for a Wireless Hotspot

You can do that by configuring a static/manual IP address. That address
is assigned to the router, and the same subnet is shared. Explained in
`man nm-settings`.
If I set the interface with an address and /24 subnet I see the DHCP server using that subnet, but it always seems to use .10-.254 for its available address range. From your link in 3 below, can I pass the parameters "first" and "last" to the script or are they hard coded? 


2 - get WPA/PSK to work on the hotspot (it would configure bit not
allow
connections)

Not sure what you are doing. WPA/PSK hotspot works for me with NM.
I'll have to try again. Configuring as WEP worked. Changing to WPA and changing the PSK never allowed a connection from Android. I also tried a simplistic configuration at the command line: nmcli c add type wifi ifname wlp0s18f2u2 con-name nick autoconnect no ssid TEST nmcli connection modify nick 802-11-wireless.mode ap 802-11-wireless.band bg ipv4.method shared 
nmcli connection modify nick wifi-sec.key-mgmt wpa-psk
nmcli connection modify nick wifi-sec.psk "12345678"
nmcli connection up nick

but no dice.



3 - add other DHCP options to the Hotspot DHCP server

That is not really possible. Note that ipv4.dns (for nameservers) and
ipv4.searches (for DNS searches) is honored. NM spawns a dnsmasq
instance as DHCP server. See
https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/dnsmasq/nm-dnsmasq-manager.c?id=56e79a4e07e70f7786aa5bcfb6d2aedf082c1cd6#n210
for the option that it passes. Also not, it passes
   --conf-dir=/etc/NetworkManager/dnsmasq-shared.d
to dnsmasq, so you might put there additional configurations.

That could be a good solution.



4 - Configure a wired LAN interface (as opposed to WAN interface)
with a
fixed IP and a DHCP server

Works exactly the same as for Wi-Fi. Confiugre the ethernet profile
with ipv4.method=shared and ipv6.method=shared respectively.
I had not spotted that and I'll give that a go. At a guess it has the same limitations as 1 above but let's see. 


best,
Thomas
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]